The Do Nothing Presidency

Smoke Stack

Yesterday, the Bush Administration released a long awaited report by the Environmental Protection Agency, that says that Carbon Dioxide can and should be regulated. One would think this a remarkable departure for an administration that has done everything within its power to destroy the environment, through drilling in fragile environmental areas, unmitigated logging, and the failure to protect endangered species. There’s a catch: the Supreme Court ordered the EPA to develop the report, and in releasing it, in the same breath, the administration argued that regulation by the EPA to protect our children will hurt business and industrial growth.

Let’s review our tally for this administration:

Housing — Failure to properly regulate the housing market has led to a massive series of bank failures.
The Energy Market — we are suffering from inflation due to a massive increase in oil prices, which itself is in part due to an inability of Americans to conserve. The administration has done absolutely nothing to reduce consumption, or for that matter offer fuel alternatives. Instead, they’ve argued that drilling in wilderness refuges will offer some form of relief, a claim that is disputed by every expert in the field, because it will offer no short term relief, while medium and long term relief are by no means at all assured.
Security— having gone to war twice and wasted billions of dollars on meaningless programs, the administration has managed to alienate America from the rest of the world, reducing people’s desires to visit, impacting tourism, and reducing our national credibility. At the same time the Taliban has rebuilt itself, and we’ve lost our allies in Pakistan and now, seemingly Iraq (not that Prime Minister Maliki was every clearly an ally).
Education— No Child Left Behind has meant that our children haven’t gone forward as a group. Our public education system remains in a shambles due to lack of incentives for good teachers, buildings that are falling apart, and a general willingness by this administration to divert funds to religious programs.
Public Transportation— our skies are more dangerous than they have been since the creation of the FAA. More runway incursions, more close calls in the air, disgruntled workforces, and disgruntled passengers have left our air transportation system in a mess, while we’ve invested nearly nothing in ground public transport.
Public Welfare— with a remarkably lame response to Hurricane Katrina, the administration demonstrated that they could not be trusted with emergency crisis management.

In short, they did nothing except collect pay checks. Perhaps Americans will pay more attention to our civic responsibilities the next time we hand someone the keys.

For the Umpteenth Time, IPv6 doesn’t do much for Security

If you read the wrong books or the wrong articles, some will claim that IPv6 has improved security over IPv4. While this may be true in an extremely limited sense, for practical purposes there is no difference. The only way in which IPv6 is really more secure that IPv4 is that one cannot easily port scan a subnet. In some other ways, IPv4 might be more secure than certain implementations of IPv6, where the EUI-64 address is used as the lower 64 bits of the IP address, and thus enabling violation of privacy (e.g., tracking). The most absurd statement I just recently read was that NAT causes Spam. Where do these people get this stuff???

Voting Machines: Thank Heavens for Academia

vote button Often times it is said that the purpose of academic research is to seek the truth, no matter where it leads. The purpose of industry representatives is often to obscure the truths they do not like. Such apparently was the case at a recent hearing of the Texas House of Representatives’ Committee on Elections. These are the guys who are nominally supposed to ensure that each citizen of Texas gets an opportunity to vote, and that his or her vote is counted. The committee provides oversight and legislation for electronic voting.

How secure is your electronic vote, compared to a paper ballet? Can you have an electronic hanging chad? A group of researchers have spent a fair amount of time answering that very question. Drs Ed Felton & Dan Wallach, as well as others, have looked at numerous different voting systems, and found all sorts of little problems. For instance, some voting machines are susceptible to virii, and if they get it they can give it to their peers. That’s not a problem, according to the manufacturers’ spokesmen. But who are we to believe? An academician whose purpose is to advance the state of the art and find truths, or a spokesman, whose purpose is to obscure them?

There are mistakes made in many, if not all elections and surveys. Here are just a few questions:

What is an acceptable rate of error? As 2000 demonstrated, even a hand count of paper ballots can have problem.
Rather than prevaricate, why shouldn’t the vendors of these voting machines fix the problems that have been reported?
What sort of regulations are appropriate? The spokesmen all but demanded a common standard in as much as they complained that there was none.

Conveniently Dr. Wallach has an answer to that last question. His testimony recommends just that.

For what it’s worth, as an expatriate I do not expect to use a voting machine for quite some time, but rather a paper ballot.

Bon Voyage and Happy Hunting

eclipse There are those who think, “Oh cool, Eclipse. Let’s all party and watch the {sun|moon} disappear for a few minutes.” And then there are those who are serious about it. While we all were celebrating the 4th of July (wherever we were), several friends of mine were busy getting themselves and a lot of provisions onto a plane to China in order to observe the upcoming solar eclipse in the eastern part of that country. This is not the first eclipse for which they’ve traveled far and wide. Two years ago March there was another solar eclipse in Southern Libya. Do you what is in Southern Libya? Sand. Not much else. That wasn’t the craziest place to travel. In 2003, there was an eclipse over Antarctica. Now the thing about Antarctica is that it’s not an easy place to stay. And so what they did was charter a Boeing 747-400 from Quantas and flew it through the path of totality as fast as they could without the equipment being disturbed.

Why all the fuss? What is so special about a lack of sun for a few minutes? In the case of one of my friends, the answer lies in what’s near the sun. He has devoted considerable effort to attempting to prove that volcanoid asteroids exist. These little things come so close to the sun that on any normal day state of the art optics are unable to see them because of the sun’s rays. And so, with the light turned off for a few minutes, one can scan the surrounds.

But if you thought this would be a purely scientific or humorous article, tough. My friend brought with him a considerable amount of equipment with which to visualize the astroids, and some of it isn’t cheap, and some of it is custom made metal. Knowing this, he went to the Department of Homeland Security to find out how to go about getting the equipment from here to China. It took a Congresswoman to get DHS to meet with him in the first place, and then they provided him absolutely no guidance, saying that if the screener on duty (someone who is probably paid only a bit above minimum wage) decides an object doesn’t get on a plane, it doesn’t get on a plane. There is no way to pre-clear anything. And so he was told to ship the object through a known shipper.

The U.S. does recognize a distinction between known shippers and just the average Joe. This is one of many circumstances where a positive reputation is required to get something done. Now unless you’re going to buy your own airplane or cargo ship, you are going to use a shipper fo some sort, so why not use a known one? Well, the story doesn’t end there. In the passing the buck, each shipper is looking to limit their liability and hence want to know exactly who and what they are dealing with. If you are an published astronomer as my friend is, you must put an extraordinary amount of effort into seeing that your goods arrive intact.

Personally, as someone who has had belongings stolen due to DHS policies I find all of this a bit rich. If a baggage handler can rip off my stuff out of my bag and get it out of the airport, what’s to stop them from putting stuff in?

Think about it.

Anyway, I wish my friends on their trip happy hunting for objects that are extremely elusive, to the point where they might not actually exist.

Good Fences Make Good Neighbors

A Fence When I was about 13 years old, my neighbors put a pool in their back yard. However, they failed to put a fence around it. My sister at the time was only four years old, and there were many people her age in the neighborhood. In our community there was an ordinance that required such fences, but the neighbors ignored it, as they did my parents’ pleas.

While you can question the wisdom of letting a four year old walk around on his or her own, at the time it was the norm for our community, and one day little Donald was on his own, dangling his feet in the neighbor’s unsupervised pool. After running out of our house as fast as she could and pulling Donald away from the pool, my mother filed a complaint, causing the neighbors to have to pay a fine. Donald’s parents could have sued.

Our neighbors created an attractive nuisance and needed to be held accountable. While not exactly the same, regularly updating your software with the latest versions does reduce a computer’s exposure to vulnerabilities. What’s more, there is a well known network effect of doing so. When you patch your software, not only do you protect your computer against attack by others, but you also prevent your computer from being used as a vehicle to attack others. Put another way, not patching your software makes your system a nuisance to others. The bad guys know this. One study by Jianwei Zhuge, et al, shows that exploits often appear in the wild before or very shortly after a patch is released. A position paper written by Ross Anderson, et al., for ENISA will tell you which vendors are better and which are worse at patching.

A new study released this week by people at the ETH, Google, and IBM shows that in the best case with Firefox, no more than 83% of users patch their browsers. The worst case is Internet Explorer, where you are more than likely not to have the latest patch.

What does all this say? First of all it says that Firefox is probably doing a pretty good job. One wonders what is going on with the 17% of individuals who do not patch their browsers. Perhaps we have another case of rational ignorance, as I discussed previously. The study also says that Microsoft could do a better job. Part of Microsoft’s problem is that they have previously released “security” patches that do more than fix security problems. Distribution of Windows Genuine Advantage, which has been called a form of spyware, degraded peoples’ trust in Microsoft.

Apple isn’t all that much better than Microsoft. For one, their patch rates are actually slower than that of Microsoft. For another, Safari 3 broke stuff, which is precisely why many people do not upgrade. Sun and HP are even worse.

Much as we like to blame vendors, in some cases we have nobody to blame but ourselves. Here is something to do. Check that you are running the latest version of the software you use. If you use anything more than the standard application suite for your computer, there is a very good chance you are out of date.