The Do Nothing Presidency

Smoke Stack

Yesterday, the Bush Administration released a long awaited report by the Environmental Protection Agency, that says that Carbon Dioxide can and should be regulated.  One would think this a remarkable departure for an administration that has done everything within its power to destroy the environment, through drilling in fragile environmental areas, unmitigated logging, and the failure to protect endangered species.  There’s a catch: the Supreme Court ordered the EPA to develop the report, and in releasing it, in the same breath, the administration argued that regulation by the EPA to protect our children will hurt business and industrial growth.

Let’s review our tally for this administration:

  • Housing —  Failure to properly regulate the housing market has led to a massive series of bank failures.
  • The Energy Market — we are suffering from inflation due to a massive increase in oil prices, which itself is in part due to an inability of Americans to conserve.   The administration has done absolutely nothing to reduce consumption, or for that matter offer fuel alternatives.  Instead, they’ve argued that drilling in wilderness refuges will offer some form of relief, a claim that is disputed by every expert in the field, because it will offer no short term relief, while medium and long term relief are by no means at all assured.
  • Security— having gone to war twice and wasted billions of dollars on meaningless programs, the administration has managed to alienate America from the rest of the world, reducing people’s desires to visit, impacting tourism, and reducing our national credibility.  At the same time the Taliban has rebuilt itself, and we’ve lost our allies in Pakistan and now, seemingly Iraq (not that Prime Minister Maliki was every clearly an ally).
  • Education— No Child Left Behind has meant that our children haven’t gone forward as a group.  Our public education system remains in a shambles due to lack of incentives for good teachers, buildings that are falling apart, and a general willingness by this administration to divert funds to religious programs.
  • Public Transportation— our skies are more dangerous than they have been since the creation of the FAA.  More runway incursions, more close calls in the air, disgruntled workforces, and disgruntled passengers have left our air transportation system in a mess, while we’ve invested nearly nothing in ground public transport.
  • Public Welfare— with a remarkably lame response to Hurricane Katrina, the administration demonstrated that they could not be trusted with emergency crisis management.

In short, they did nothing except collect pay checks.  Perhaps Americans will pay more attention to our civic responsibilities the next time we hand someone the keys.

iPhone Day: Observe the Tortured Believers

iPhoneWell, today is the day the iPhone goes on sale.  The 2nd generation sleek phone from Apple looks to be quite a bit nicer than the first, starting with improved Internet performance, and considerably better 3G battery lifetime than on any other telephone yet produced, and an open application interface for more applications.  Combined with a great user interface, a friendliness toward the enterprise, and a nice feature set, it will probably make a really good PDA.

If you want to be the first on your block with one of these gadgets, you’re going to have to get up early and wait in a long line.  Otherwise, stores will run out.  In some cases, stores have been allocated less than 20 phones.  Why is that?  It’s not that this device is a surprise, or anything.  And surely Apple could manufacture enough so that people needn’t have to bother with all of that hassle.

But for those few who buy hook line and sinker into the Steve Jobs Reality Distortion Field, it’s a ritual, and they love it.  Surely Steve Jobs wouldn’t want to deprive his followers of that “Joy”.  The Believers get to brag to the rest of us for a few days or weeks about their new gadget, and how everyone is going to copy them.  They are the trend setters for the day.  Of course they spent that day waiting in line.  They’ll spend the next few days figuring out all of the little bugs that Apple has assuredly left lying around.  And then they’ll realize, “Oh dear.  GPS doesn’t work in my home,” as if they didn’t know where home was.  And they’ll read their mail at the restaurant, and even off of their new toys right next to their old Apple monitors that are connected to a recent Apple of some variety.

What’s more, this phone isn’t really cheaper than the previous version.  According to the Wall Street Journal, AT&T in particular has jacked up rates in order to recoup their costs (and, they hope, more).

Still the iPhone is an important innovation, if for no other reason that they have brought to the cellphone market a refreshing jolt of competition that seemed absent.  Sure, LG was interesting, but aside from a few geeks, the rest of us bought Sony Ericsson and Nokia phones, both of which have had the same capabilities for what seem like eons.

So it’s iPhone Day.  Perhaps celebrate by watching your Believer friends suffer.  Don’t worry, Google Believers: you’re next.

For the Umpteenth Time, IPv6 doesn’t do much for Security

If you read the wrong books or the wrong articles, some will claim that IPv6 has improved security over IPv4.  While this may be true in an extremely limited sense, for practical purposes there is no difference.  The only way in which IPv6 is really more secure that IPv4 is that one cannot easily port scan a subnet.  In some other ways, IPv4 might be more secure than certain implementations of IPv6, where the EUI-64 address is used as the lower 64 bits of the IP address, and thus enabling violation of privacy (e.g., tracking).  The most absurd statement I just recently read was that NAT causes Spam.  Where do these people get this stuff???

Let’s Get Simple

A picture of a mess of wiresIn the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled “How Do I Manage All Of This?”  It was a plea to the academics that they ease off of new features and figure out how to manage old ones.  Just about anything can be managed if you spend enough time.  But if you have enough of those things you won’t have enough time.  It’s a simple care and feeding argument.  When you have enough pets you need to be efficient about both.  Computers, applications, and people all require care and feeding.  The more care and feeding, the more chance for a mistake.  And that mistake can be costly.  According to one Yankee Group study in 2003, between thirty and fifty percent of all outages are due to configuration errors.  When asked by a reporter what I believed the answer was to dealing with complexity in the network, I replyed simply, “Don’t introduce complexity in the first place.”

It’s always fun to play with new toys.  New toys sometimes require new network features.  And sometimes those features are worth it.  For instance, the ability to consolidate voice over data has brought a reduction in the amount of required physical infrastructure.  The introduction of wireless has meant an even more drastic reduction.  In those two cases, additional configuration complexity was likely warranted.  In particular you’d want to have some limited amount of quality-of-service capability in your network.

Franciscan friar William of Ockham first articulated a principle in the 14th century that all other things being equal, the simplest solution is the best.  We balance that principle with a quote from Einstein who said, “Everything should be made as simple as possible, but not simpler.”  Over the next year I will attempt to highlight examples of where we have violated both of these statements, because they become visible in the public press.

Until then, ask yourself this: what functionality is running on your computer right now that you neither need nor want?  That very same functionality is a potential vulnerability.   And what tools reduce complexity?  For instance, here is some netstat output:

% netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:817           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:32768           0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:69              0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*
udp        0      0 127.0.0.1:123           0.0.0.0:*
udp        0      0 0.0.0.0:123             0.0.0.0:*
udp        0      0 :::32769                :::*
udp        0      0 fe80::219:dbff:fe31:123 :::*
udp        0      0 ::1:123                 :::*
udp        0      0 :::123                  :::*

It’s difficult for an expert all of this stuff.  Heaven help all of us who aren’t experts.  So what do we do?  We end up running more programs to identify what we were running.  In other words?  That’s right.  Additional complexity.  What would have happened if we simply had the name of the program output with that line?  This is what lsof does, and why it is an example of reducing complexity through innovation.  Here’s a sample:

COMMAND     PID    USER   FD   TYPE DEVICE SIZE NODE NAME
xinetd     3837    root    5u  IPv4  10622       TCP *:pop3 (LISTEN)
xinetd     3837    root    8u  IPv4  10623       TCP *:pop3s (LISTEN)
xinetd     3837    root    9u  IPv4  10624       UDP *:tftp
named      3943   named   20u  IPv4  10695       UDP localhost:domain
named      3943   named   21u  IPv4  10696       TCP localhost:domain (LISTEN)
named      3943   named   24u  IPv4  10699       UDP *:filenet-tms
named      3943   named   25u  IPv6  10700       UDP *:filenet-rpc
named      3943   named   26u  IPv4  10701       TCP localhost:953 (LISTEN)
named      3943   named   27u  IPv6  10702       TCP localhost:953 (LISTEN)
ntpd       4026     ntp   16u  IPv4  10928       UDP *:ntp
ntpd       4026     ntp   17u  IPv6  10929       UDP *:ntp
ntpd       4026     ntp   18u  IPv6  10930       UDP localhost:ntp

Voting Machines: Thank Heavens for Academia

vote buttonOften times it is said that the purpose of academic research is to seek the truth, no matter where it leads.  The purpose of industry representatives is often to obscure the truths they do not like.  Such apparently was the case at a recent hearing of the Texas House of Representatives’ Committee on Elections.  These are the guys who are nominally supposed to ensure that each citizen of Texas gets an opportunity to vote, and that his or her vote is counted.  The committee provides oversight and legislation for electronic voting.

How secure is your electronic vote, compared to a paper ballet?  Can you have an electronic hanging chad?  A group of researchers have spent a fair amount of time answering that very question.  Drs Ed Felton & Dan Wallach, as well as others, have looked at numerous different voting systems, and found all sorts of little problems.  For instance, some voting machines are susceptible to virii, and if they get it they can give it to their peers.  That’s not a problem, according to the manufacturers’ spokesmen.  But who are we to believe?  An academician whose purpose is to advance the state of the art and find truths, or a spokesman, whose purpose is to obscure them?

There are mistakes made in many, if not all elections and surveys.  Here are just a few questions:

  • What is an acceptable rate of error?  As 2000 demonstrated, even a hand count of paper ballots can have problem.
  • Rather than prevaricate, why shouldn’t the vendors of these voting machines fix the problems that have been reported?
  • What sort of regulations are appropriate?  The spokesmen all but demanded a common standard in as much as they complained that there was none.

Conveniently Dr. Wallach has an answer to that last question.  His testimony recommends just that.

For what it’s worth, as an expatriate I do not expect to use a voting machine for quite some time, but rather a paper ballot.