Pitos Blog

You can’t have missed the whole General Stanley McChrystal affair, where a decorated general who has spent his career in special operations and has been running the war in Afganistan in a moment of spectacular bad judgement let’s a young Rolling Stone magazine reporter witness McChrystal and his team bad-mouthing their civilian leadership, which ends up in the magazine under the headline “The Runaway General“

Now from what I understand about special operations, these guys work behind enemy lines, operate in small super secretive groups, need to mingle in with the population, are always on the lookout for double agents, informants and other attempts by the enemy to infiltrate and kill them. It is beyond belief that McChrystal found himself ‘accidentally’ spilling what was obvious very bad beans. That he didn’t realize that (whether or not there was a misunderstanding regarding ground rules) talking trash about the President and the Vice President in front of an outsider would cause irreparable damage.

It couldn’t have been a slip of the tongue.

I am surprised that no one has considered the possibility that it wasn’t accidental. Either some deep psychological self-sabotage, or an orchestrated way to create a distraction, or a tactical maneuver to kick General Patraeus  downstairs, or some other scheme. I just have a hard time swallowing that McChrystal and his team didn’t know exactly what they were doing.

Popularity: 1% [?]

Very meta. Who rates the rating services?

I saw this in the Wall Street Journal, an article today called Stocks Wind Down a Brutal May:

“Trading was especially volatile in the afternoon after Fitch Ratings lowered its rating on Spain’s debt to AA+ from AAA, but said the country’s outlook is stable. The downgrade came despite this week’s passage of austerity measures by the Spanish government—a move that bulls had hoped would help the country avoid struggles similar to those of Greece.” (from The Wall Street Journal)

And I thought, who is this Fitch Ratings Service, and can we trust them? Hmm. Who can I ask? I need a Dept Rating Service Rating Service.

Popularity: 1% [?]

I saw this bit today: “Apple: Will Steve Balmer Show Up At The WWDC Keynote?”. Interesting… It leads me to speculate in a different direction.

What if Google is distancing itself from Apple over competition between Android and iPhone? And so, what if in anticipation of this, Apple, knowing that it couldn’t ALSO be in the business of creating a world class mapping service, decides to move native support of the iPhone mapping app from Google Maps to Microsoft Maps? Good theory?

Popularity: 1% [?]

If you’ve been in computing for any time you may have been hit over the head by the slogan “Security by Obscurity is No Security”. As I have understood the argument it has a few components:

1. If your security relies on secret tricks, trap doors, and a hope that no one will be able to find out or guess the work around, then you’re fooling yourself. Sooner or later someone will be able to guess the trick, see the code, quit your company and take the secret with them.
2. Allowing your code and methods to be inspected and analyzed by the public (bad guys included) is the only way to learn about weaknesses that you would be blind to and give you a chance to close them. The other slogan which I will tackle some other time is “All bugs are shallow to a thousand eyes” implying that no matter how subtle the weakness, if you allow lots and lots of people to look, they will find them all.

(Actually Wikipedia has a longer and probably more correct summary of the Security By Obscurity concept.)

In the past I was usually quickly persuaded or at least silenced when confronted with these arguments, although at a gut level it never really sat right with me. While the arguments are strong, I had an vague sense that obscurity in fact does help security and often is a useful part of the whole security story. But who was I to argue?

With that background I was interested to see an article in the New York Times the other day, “Cyberattack on Google Said to Hit Password System“:

“[snip...]But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications. The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.[snip...]” (from New York Times, “Cyberattack
on Google Said to Hit Password System“)

This got me thinking, where is the Security By Obscurity crowd now? If you read the whole article you see that there is considerable concern at Google about the fact that the operation of this single sign-on, security system has been revealed.

Not that passwords or digital certificates were compromised, but (apparently) just the operation or algorithm or code for it was compromised. Isn’t this just security by obscurity?

It makes perfect sense to me that these are state secrets for Google and that it’s considered a major breach.

Popularity: 1% [?]

I stopped posting thoughts about the mess that all of congress has made of health care reform. There are daily articles in the news to confirm the dysfunction in government today. Here are key quotes two from today which again hit home. I recommend that you read both articles in full:Health Care Letdown in the New York Times and The Spirit of Sympathy in The New York Times

“Three in four Americans say the health care system needs to be overhauled, and many provisions in the pending legislation have strong support. What’s more, the core of the Senate’s legislation closely resembles the very bill the Republicans offered in 1993 as an alternative to the Clinton plan. This makes clear that bipartisan reform was achievable, and indicts Congress for its failure to realize that goal with broad public support.”(from Health Care Letdown in the New York Times)

and

“As a result of this sympathy and these sentiments, people are usually pretty decent to one another when they relate person to person. The odd thing is that when people relate group to group, none of this applies. When a group or a nation thinks about another group or nation, there doesn’t seem to be much natural sympathy, natural mimicry or a natural desire for attachment. It’s as if an entirely different part of the brain has been activated, utilizing a different mode of thinking.” (from The Spirit of Sympathy in The New York Times)

Popularity: 1% [?]

Ok, I am on a Frank Rich binge, but he does have one thought provoking article after another. In his column recently he wrote about The Other Plot to Wreck America:

“If they all skate away yet again by deflecting blame or mouthing pro forma mea culpas, it will be a sign that this inquiry, like so many other promises of reform since 9/15, is likely to leave Wall Street’s status quo largely intact. That’s the ticking-bomb scenario that truly imperils us all.” (from “The Other Plot to Wreck America”)

I just just finished reading the rare business/economics book (I usually skip them) called How Markets Fail. A highly readable and comprehensive review of economic theory as it evolved from Adam Smith to the present day. From the linked review in the Economist:

“For Mr Cassidy, the deeper roots of the crisis lie in the enduring appeal of an idea: that society is always best served when individuals are left to pursue their self-interest in free markets. He calls this “Utopian economics”. (from The Economist)

I suspect Mr. Cassidy would agree with Mr. Rich, above, and vice versa.

Popularity: 5% [?]

Thomas Geoghegan has a fantastic column in the New York Times explaining the mess we are in because of the perversion of the fillibuster rule. I don’t know how we are going to get out of it, but… come on! You should definitely read the whole thing. Here’s a key quote. Doesn’t it make your blood boil?

“But the Senate, as it now operates, really has become unconstitutional: as we saw during the recent health care debacle, a 60-vote majority is required to overcome a filibuster and pass any contested bill. The founders, though, were dead set against supermajorities as a general rule, and the ever-present filibuster threat has made the Senate a more extreme check on the popular will than they ever intended” (from New York Times, “Mr. Smith Rewrites the Constitution”)

Popularity: 6% [?]

I’ve been working quite a bit on the Open Source Digital Voting foundation project over the last 9 months or so. It’s really weird but I’ve turned myself into a mini-expert on how elections are organized and run here in the USA. It’s fascinating and way complicated.

OSDV is a non-profit organization dedicated to developing a suite of election (as in Democracy) hardware and software.

The umbrella name for that project is TrustTheVote: an open source project, which will work closely with election officials around the country to learn requirements and then develop software which in turn will be offered free of charge to those who want to deploy it. So we won’t be selling the technology, but we will be evangelizing it like crazy. Think Apache or Drupal.

Here are some links to satisfy your curiosity:

• OSDV
• TrustTheVote
• TrustTheVote Wiki
• Code, Code, Code

We are getting closer and closer to being properly funded with some major contributions so it is time for me to start finding people who might want to join the team. This being an open source project, the idea is of course that any interested person can look and work on the code.

But we also plan to hire 3 developers in the Boston area. Right now it looks like a good part of our code will be Ruby and Ruby on Rails. But that may change; it certainly will be broadened. Really more than anything I would ask if you consider yourself a really good software developer, who loves to design, write, debug and deploy code. And then secondly I would ask if working on a project that is mega ambitious and/but that has a chance to really have an impact on our society - whether that excites you.

Please contact me directly if you want to learn more or throw your virtual hat into the virtual ring.

Popularity: 10% [?]

I’ve been part of the core tech team of the TrustTheVote project and recently have been blogging over there too. You can find today’s post about Open Source e-Voting here.

Popularity: 6% [?]

An article from Canadian Healthcare Technology notes that US Healthcare wastes up to $800 billion a year. I don’t disbelieve this article but it doesn’t make me not want to start with healthreform now that it seems possible that it might happen this year, warts and all. One might even say that that it shows how from the perspective of the Canadian health system, the US system ‘has problems.’

The Massachusetts experience as covered in the press here is that the majority of the public like it; that it was consciously designed originally to try to tackle universal coverage and get to cost containment in future revs; oddly enough I have also heard some say that ER use has not gone down and some say because there are not enough doctors (or GP doctors or something.)

Here are some other articles that I thought were interesting:

Screening Debate Reveals Culture Clash in Medicine
The Wrong Side of History

Popularity: 10% [?]