Wednesday, May 30, 2007

expect sporadic to nonexistent posting

Wildly busy studying for the bar. Expect sporadic to nonexistent posts till some time in August unless I can figure out a way to reign in this schedule.

Wednesday, May 16, 2007

three days into the PMBR six day

When I was young, we had a German Shepard who loved tennis balls. She was a champion tennis ball catcher and could carry two or three at a time. One day, my parents came home with a whole shopping bag full of dead tennis balls. We dumped them out on the living room floor. There were so many tennis balls bouncing everywhere that she couldn't catch any of them because everywhere she looked there was another tennis ball!

That's roughly what this bar review process feels like.

I'm in the midst of the PMBR 6-day. In the morning, we take a two hour practice exam from 9-11, one subject per day. In the afternoon, from 12-3:30, we go over the fifty multiple choice questions on the practice exam, which essentially amounts to a capsule review of the subject in 3.5 hours. The review goes quickly enough that I've abandoned trying to take notes using pen and paper and have switched to the laptop. After 3:30 and my head's cleared a bit, I start reading the outline and reviewing the next day's subject.

The process seems effective, at least in teaching test taking skills for the MBE: I've gotten better at sniffing out answers that look right but feel wrong, and the class covers techniques to boost your performance on each subject. As for the substantive law, well, it's giving me a new appreciation for how much of it we didn't cover in class. The PMBR folks do give you a huge pile of flash cards when you sign up, but I haven't cracked them yet. The next couple months are going to see a serious attempt to soak up a lot of law.

Monday, May 14, 2007

checking out new news sources

I've been a bit frustrated with the mainstream U.S. news sources since so few of them carried the allegations about serious construction defects in the rebuilt New Orleans levees. So I've been looking for alternate news sources.

So far, I've come across one very interesting possibility: the Jurist: Paper Chase. A group of students at the University of Pittsburgh School of Law put it together. They have a wonderful blog-like tendency to link back to primary sources and contextual information. It hasn't made my "recommended reading" list--I want to read it for a while longer to see how consistently they deliver quality--but it's definitely worth checking out.

If you have any suggestions for good, high-quality news sources, please leave them in the comments.

Wednesday, May 09, 2007

is altering a DOI scientific finding fraud?

Several news outlets, including NPR, the San Diego Union-Tribune, and the Houston Chronicle are carrying articles on activities by Julie MacDonald, former deputy assistant secretary at the Department of Interior. The reports allege she altered scientific reports:
Rep. George Miller, D-Calif., said MacDonald's resignation was “no gift to the country. She wandered around the department for three years changing documents and ... making determinations based on her beliefs.”
(from the Union-Trib, emphasis added). That got me thinking: would willfully altering scientific reports for endangered species determination constitute fraud?

Here's the federal definition of fraud, or at least one of them, 18 U.S.C. § 1001:
(a) Except as otherwise provided in this section, whoever, in any matter within the jurisdiction of the executive, legislative, or judicial branch of the Government of the United States, knowingly and willfully—
(1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact;
(2) makes any materially false, fictitious, or fraudulent statement or representation; or
(3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry;
shall be fined under this title, imprisoned not more than 5 years . . .
So you'd need to (1) be in the context of a "matter" that is within the jurisdiction of the executive branch, and (2) knowingly or willfully, (3) falsify a material fact or make a materially false representation. I'm not entirely sure what a "matter" is, and don't have time to research it right now, but let's assume it's at least something fairly serious.

Here's a portion of the Endangered Species Act, 16 U.S.C. § 1533(b):
(b) Basis for determinations
(A) The Secretary shall make determinations [of whether a species is endagered] solely on the basis of the best scientific and commercial data available to him after conducting a review of the status of the species and after taking into account those efforts, if any, being made by any State or foreign nation, or any political subdivision of a State or foreign nation, to protect such species, whether by predator control, protection of habitat and food supply, or other conservation practices, within any area under its jurisdiction; or on the high seas.
. . .
(2) The Secretary shall designate critical habitat, and make revisions thereto, . . . on the basis of the best scientific data available and after taking into consideration the economic impact, the impact on national security, and any other relevant impact, of specifying any particular area as critical habitat. The Secretary may exclude any area from critical habitat if he determines that the benefits of such exclusion outweigh the benefits of specifying such area as part of the critical habitat, unless he determines, based on the best scientific and commercial data available, that the failure to designate such area as critical habitat will result in the extinction of the species concerned.
(emphasis added). It looks to me like this law requires that the secretary have "the best scientific data available" when making decisions under the endangered species act. The secretary doesn't have to follow the scientific data--economic impact can come into play--but the scientific data must be the best available. Which, in turn, suggests it's "material" to the decision, as the fraud statute requires.

And that makes me wonder: if someone "willfully" or "knowingly" alters that scientific data, something a jury would have to decide, has that person run afoul of § 1001? Note that I'm not saying Ms. MacDonald has. In fact, the news reports are vague enough that I can't even tell exactly what she was altering. But it does raise an interesting question.

Tuesday, May 08, 2007

where I disagree with Joel Spolsky

Joel Spolsky is a very bright guy who has some strong views on how to design forum software to build communities. Scientific American's Blog has been revamping its comment system. I don't know whether they're consciously trying to follow the Spolsky design or if the current setup is just a temporary stop on the way to something else, but the current system incorporates enough Spolsky-esque features that it's become an interesting place to observe how the design works. And I think I've seen a few problems.

The first issue is not having a preview button. Here's what Joel writes:

Q. Why don't you show people their posts to confirm them before you post them? Then people wouldn't make mistakes and typos.

A. Empirically, that is not true. Not only is it not true, it's the opposite of true.

Part one: when you have a confirmation step, most people just click past it. Very few people reread their post carefully. . . .

Part two: the lack of the confirmation step actually makes people more cautious. It's like those studies they did that showed that it's safer, on twisty mountain roads, to remove the crash barrier . . . . You're better off, statistically, just scaring the bejesus out of drivers so they creep along at 2 miles per hour around the hairpins.

The first problem here is that it assumes that people use the confirmation feature (or an optional preview feature) to fix typos, but with the software that supports blog comments, that's often not the case. Different blogs support different feature sets. Some, like this one, will let you put hyperlinks in comments, add italics for emphasis, and properly support paragraph breaks. Some require you to manually insert paragraph breaks using the appropriate HTML tag. Some let you use block quotes, like the text above, while others don't. And most won't tell you what feature set they support. As a result, without at least the ability to preview your comment, you're writing blind: you take your best guess at what features that blog supports and hope it comes out OK.

The second problem is that some people misinterpret this comment to say you shouldn't have a "preview" button. Notice that Joe's writing about a "confirm" button, something everyone would have to click. A preview button's not the same: it's optional. Some people do proof their comments, and for them, being able to see the comment in preview form is useful because it rearranges the text. It's like printing out your document and proofing it with a red pen: because it's been rearranged, you'll see things you might not have seen the first time around. Not giving them a preview button makes it harder for them to write well even when they're willing to take the time to do it.

Another place where I'm not so sure the forum design translates well to blog comments, at least where the blog has a registration system, is in showing the existing comment:

Q. Why don't you show me the post I'm replying to, while I compose my reply?

A. Because that will tempt you to quote a part of it in your own reply. Anything I can do to reduce the amount of quoting will increase the fluidity of the conversation, making topics interesting to read. Whenever someone quotes something from above, the person who reads the topic has to read the same thing twice in a row, which is pointless and automatically guaranteed to be boring.

The problem here is that blogs generally sit on the open Internet, and text on the Internet is effectively permanent. How can something so ephemeral be permanent? Because disk drive inventors are busily doubling the size of storage every year and a half, so people archive everything. Some year in the near future, you'll be able to fit the entire contents of today's world wide web in a device the size of a USB flash drive. (Don't believe it? Doubling every 1.5 years means a 100x increase in storage capacity every ten years. So today's 2GB thumb drive may be a 200GB unit in ten years, and a 20,000GB unit ten years after that, and so on.) And, thanks to archiving, that copy of the web will contain each and every one of your blog comments from X years ago.

Archiving means conversations are not like that fluid conversation you have in the corner coffee shop where everything you say vanishes into the air. A better model might be a debate between two people writing letters to the editor in a national newspaper: that's the kind of potential those comments have to come back and haunt you, at least in today's society. Hopefully one day society will shift and people will lighten up about holding others to their written word, but it's not a sure thing. So if you're going to have a registration system that encourages people to use their real names, you should also give them the tools they need to write in a way that will withstand the test of time.

Now, I'm not saying Joel is wrong. Like I said, he's a smart guy and knows a lot about software design. But at least in these areas, I think programmers need to give some careful thought when they're putting together a blog's comment system.

but what about the science?

I wound up responding to a comment on another blog that asked about the science behind global warming. It's true: there's a lot of hype out there, making it hard to find the solid information. So, partly as a public service, partly so I can find these links more easily in the future, and maybe a teensy bit because finals are making me a touch grouchy, here are some useful starting points for solid information.
  • "I am totally convinced that there is something unusual happening with Global Climate. . . . What I am not convinced about is the science behind the 'causality'."
The IPCC's Working Group 1 reported on this issue. Their Summary for Policymakers (pdf) targets policymakers (as you might expect) rather than scientists. As a result, it has some technical jargon but not too much and is pretty clearly written.

If you want more details and really want to get in to the nitty-gritty, Working Group 1 has now released most of its full report. The summaries come out first, then the report rolls out, with revisions as they go. The report's pretty large, but it includes citations to the scientific literature. That means if you want the details, you can go through the report, find the citation, then go to the nearest university library and track down the papers in their journals and continue your research from there. In some cases, you can find the papers through Google Scholar, but getting the full text tends to be hit-or-miss. On the other hand, Google Scholar does a pretty good job of showing you which other papers cite the paper you're searching for, so you can see how others have commented on the paper.
  • What is that I can do personally that will at least stop the situation from becoming worse if not reverse it?
The IPCC's Working Group 3 is reporting on mitigating greenhouse gas effects. They have released a preliminary version of their Summary for Policymakers (pdf), but neither the final version nor the full report is out, yet. Keep an eye on the IPCC's main web page or the WG3's page to see the updates come out. Eventually, the full report will probably be available at the IPCC's publications page, where you can currently find the 2001 assessment. (Note to self: it might be very interesting to compare the 2001 assessment against the statements in the reports out of the White House Council on Environmental Quality.)

The second half of this question comes in two parts. First, the IPCC report shows most of the greenhouse gas emissions come from the energy sector, which suggests energy conservation is something someone can do personally. Transportation is another area to consider (in other words, think twice before buying the gas guzzler.) Second, the U.S. is entering a presidential election cycle, which means We the People might have a shot at steering the debate or changing policy.
  • What do scientists think the impact of global warming will be? What does it mean to me?
The IPCC's Working Group 2 is tackling this question. You can find their Summary for Policymakers here (pdf--everything's pdf, I guess because of the pretty color graphs). This one is probably also still early and will see some revisions. Watch the IPCC front page for the rest of their report to come out.

Monday, May 07, 2007

finals time again

Finals time again.
Flash cards stay the outdoors' call.
The world in 3x5.

Thursday, May 03, 2007

unsafe at any (clock) speed?

Bruce Schneier has posted an essay which he wrote for Wired in which he faults the IT industry for insecure products:
If the IT products we purchased were secure out of the box, we wouldn't have to spend billions every year making them secure.

Aftermarket security is actually a very inefficient way to spend our security dollars; it may compensate for insecure IT products, but doesn't help improve their security. Additionally, as long as IT security is a separate industry, there will be companies making money based on insecurity -- companies who will lose money if the internet becomes more secure.

Fold security into the underlying products, and the companies marketing those products will have an incentive to invest in security upfront, to avoid having to spend more cash obviating the problems later.
One of the comment writers points out the parallel to the automotive industry: several years ago, cars were unsafe because manufacturers didn't have an incentive to make them safe. Then came some government regulation and popular attention (including Ralph Nader's book, Unsafe at Any Speed) and one sea change later the manufacturers are now competing with each other on safety features.

The same seems likely to happen in the IT industry. Either the industry will fix the problem itself, or there's going to be a big enough security breach that there'll be government regulation and a lot of popular attention.

Could the industry fix the problem? Completely fixing it seems out of reach: a 100% provably secure computer would be somewhere up there in price with a 100% provably safe automobile. Improving the security seems doable, though.

It'd probably take a paradigm shift in the way we write software and build networks. Back in the old days, people wrote software as unstructured code (sometimes derisively called "spaghetti code" because if you tried to trace how the code worked, you wound up with paths that looked like a plate full of spaghetti.) Unstructured code is too complex for a programmer to grasp--it has too many interacting parts--so programmers would hit a "wall," a point where the program got too large and they couldn't keep it working. It might be at 30,000 lines or, in my case, a much smaller 5,000 lines, but everyone eventually hit it.

Software engineering solved that problem by developing structured programming, a way of programming that breaks the program into fairly neat bits. It's kind of like the difference between writing this blog post as one long run-on sentence, and writing it in individual paragraphs made of separate sentences: breaking it into coherent paragraphs and sentences makes it easier to understand because you don't have to try to absorb the whole thing at once.

But structured programming brought with it some major changes. People had to write new programming languages, and they had to think about programs in a whole new way in order to use this new technique. Also, programs got a bit bigger and a bit slower, because structured programming eliminates some of the shortcuts you can take with the unstructured stuff.

I think we need that same kind of shift in IT security. We need to go from unstructured security to structured security. There must be a new way, a set of patterns, to think about designing programs, operating systems, networks, and networking protocols that makes them inherently more secure. I don't know what it is, but it will probably require new programming languages, or at least libraries, new operating systems, and new patterns of building networks.

Hopefully, someone's working on it right now. And hopefully they'll finish it soon. Otherwise, there's likely to be some political scrutiny and a book on the way that'll lead to a sea change in the IT industry.

Tuesday, May 01, 2007

IPCC's models have underestimated the rate arctic sea ice is melting

Satellite photos show that arctic sea ice is melting faster than the IPCC's computer models predicted.

Arctic sea ice is melting at a significantly faster rate than projected by the most advanced computer models, a new study concludes.

Scientists at the National Snow and Ice Data Center (NSIDC) and the National Center for Atmospheric Research (NCAR) found that satellite and other observations show the Arctic ice cover is retreating more rapidly than estimated by any of the eighteen computer models used by the Intergovernmental Panel on Climate Change (IPCC) in preparing its 2007 assessments.

The IPCC's assessments are pretty scary. The front page of their web site links to the PDFs. The Summaries for Policymakers are probably the most readable unless you want to tackle the underlying science.

The article goes on to say that "experts" (it doesn't specify which ones) currently speculation that the models underestimate the effect of atmospheric greenhouse gases on the Arctic, leading to the rather large discrepancy. It does not discuss what effect revising this estimate would have on the models' overall predictions.