Saturday, June 15, 2013

Flaws in the PRISM

The PRISM project is flawed.  This short thought experiment will highlight the flaws.
Let's say that "your guy" wins the next election and becomes president.  Your guy is wise beyond his years, cares for the people, and has all of the right policies to really fix up this country.  In four years your guy will be up for re-election against some "bad guy" from the other side.  This bad guy is particularly loathsome because he is both corrupt to the core and an idiot who can't tie his own shoes. 
Your guy has an ace up his sleeve for the re-election race, and he needs to decide whether or not to play it.  He could order someone in the NSA to use PRISM to spy on the bad guy's campaign--listen to their phone calls, read their emails, and intercept their plans.  This would allow your guy to always be one step ahead of the bad guy in the campaign.  Your guy would be prepared for everything that the bad guy could throw at him.  And your guy could know which questions the bad guy isn't prepared for.  It might not be decisive, but it would be a tremendous advantage. 
Your guy might not play that ace, because he holds to a moral code.  But the bad guy doesn't hold to a moral code.  If the bad guy wins, then he will have no restraint because he is already corrupt and immoral--and he might not even be smart enough to understand the moral arguments against this abuse of power.  The bad guy will certainly use the power of PRISM to keep himself and his cronies in power indefinitely. 
Your guy knows that if the bad guy ever gets a hold of PRISM the country will be lost.  There will be an unending chain of bad guys winning all of the major elections.  The irrational and corrupt policies of those bad guys will destroy this country.  So perhaps your guy will play that ace in order to keep PRISM out of the hands of those bad guys.
It might not be this election or the next election, but eventually someone will succumb to this argument and play that card.  It might not be the president.  It might be a worker bee who finds some plausible pretext to focus PRISM on their political adversaries--allegations of illegal campaign funding on the other side, allegations of vote tampering on the other side, etc.

Your guy doesn't necessarily have to PRISM the opposing candidate directly.  He could PRISM the press, the pollsters, the think-tanks and party stooges, or even campaign contributors.  A few well-placed FBI investigations could freeze soft-money contributions into the PACs, and dramatically shift the balance of war chests in an election.

This is the very definition of the phrase "power corrupts".

The fundamental flaws with PRISM are
  • It gives the incumbent party too much power over the next election
  • It has no transparency, so we cannot ever find out about the abuses of power
Nuclear weapons don't have this problem, because the incumbent cannot use nuclear weapons against his political opponent.  Politicians have used the FBI and IRS to attack their political opponents, but those abuses come to light and get tried in the court of public opinion (at minimum.)  After the Snowden betrayal you had better believe that there will be no whistle-blowers coming out of PRISM telling us about the abuses of PRISM power.

PRISM is too large of a threat to the democratic process to be allowed to exist in its current form.  It must be scaled down.  There must be checks and balances installed.  There must be external oversight and delayed transparency.

For instance:
  • There must be a court order for each investigation
  • The court(s) issuing these orders must be as independent as possible from the administration
  • Each court order can be sealed for a period of time, but must be unsealed after a period of months
  • There must be a data destruction policy built into PRISM to enforce a statute of limitations
  • There must be a secure process for whistle-blowers inside of PRISM to expose abuses
  • There must be a public ongoing vetting process for PRISM workers to keep political stooges out of the system
Those are just initial ideas.  We need to stop assuming that we can trust the politicians to operate this tool.  We have to get involved.  We have to demand to see the data on the successes and abuses, in order to find out if PRISM really is stopping terrorist attacks or if it is just a giant defense contractor boondoggle.

I propose that we need to insist an independent citizens' board conduct a thorough investigation of PRISM and publish findings and recommendations.  This board should have 5-7 people:
  • Technology people who will understand what they are seeing
  • An even number of Democrats and Republicans, with the odd seat filled by an Independent
  • No one who has ever run for election, worked in a political campaign, or worked for an elected politician or political party

Tuesday, May 24, 2011

The best news I've heard all day

California and New York Attorney Generals are going to start prosecuting loan origination fraud, including lenders who ignored borrower's ability to repay.  The laws have always been on the books, so they can go as far back as the statute of limitations will allow them.

If I were a lender who had done business in one of those two states I would be packing right now, headed for a non-extradition territory with as much of my loot as I could carry.

I don't think that is going to happen.  I think that the banks are going to stall the lawsuits and finance competitors to these AGs.  And I am afraid that the cost for all of this is going to be borne by the little people, as banks raise fees and/or lower interest rates.

But it is the right thing to do.  The past cannot be fixed, but the future can only be salvaged if we start enforcing the rule of law.

Friday, May 20, 2011

The rule of law

I am very impressed by Barry Ritholtz.  His latest article is one of his best ever.

The rule of law must apply to the big banks.  The government should not be in the bail-out business because it undermines their willingness to apply the rule of law to those banks.  Barry has the details.  Go and read.

Tuesday, April 26, 2011

Killing in the name of

One of the things I love most about America is our ability to protest.  If someone says or does something I disagree with, then I have the right to call them down.  The closer that they are associated with me, the more my right becomes a responsibility.

The Catholic church can excommunicate people who stray from the faith.  The protestant church has no such tools.

I'm a believer.  The people of Westboro Baptist Church claim to be believers.  They are associated with me.  I would excommunicate them, if there were a way to do that.  But there isn't.  So I just have to protest as I can.

Westboro Baptist Church does not believe in the same Jesus I believe in.  They do not worship the same God I do.  They are not members of the family of faith that I am a member of.  They are heretics.  They embarrass God by spewing hate.

I denounce Westboro Baptist Church in the strongest possible terms.

I do not advocate violence.  I am not planning on doing any violence, and I do not want anyone else to do any violence.  Committing violence against Westboro Baptist Church would be worse than ignoring them.  If you are considering acts of violence, please do not do it.

However, I do hope and pray that the church would get destroyed by a tornado.  I don't want anyone to get hurt, but I would like to see that false community of believers face some of the so-called divine retribution the scream at everyone else who suffers.

As for the people themselves, I wish that there was some way that they could see the Truth.  I hope for a path to repentance for them.  I want to see them repent and apologize, rather than perish and suffer.  I wish there was a way that I could participate in God's work towards that end.

I'm convinced that God is working in that direction.  There is no one who is beyond His forgiveness.  No one, not even Westboro Baptist Church, has failed so badly that He cannot redeem.  But I wonder who God can call to reach them.  Who would they listen to?  I wish I were such a person.  But I am not.

I am happy that the world is finding ways to cope with the vile hatred that Westboro Baptist Church spews.  The good citizens of Brandon Mississippi have it right.  If I had been at that gas station ans seen that fight, I certainly would not have turned in the person/people who did it.  And I would gladly park my car behind theirs to keep them from being able to protest.

But the real trick here was what the cops did.  I believe that this will be the pattern that the authorities use from here on out.  The WBC members could learn to cope with having their cars blocked in the hotel parking lot.  They could work around that.  But they cannot work around being hauled down to the police station on investigation in regards to a crime.

Now, at every town where Westboro Baptist Church goes to protest, someone will call the police and report a robbery somewhere near the church members/protesters are staying.  The police will bring all of the WBC members in for questioning.  They will be questioned for a few hours, and then released.

This is not injustice.  This is not suppressing the freedom of speech.  This is a free people finding a way to work within the system to temporarily silence a voice that no one wants to hear.

Tuesday, April 12, 2011

The shadow government

If you care about government spending, debt, or the future of America, then go read this article.  Warning: It's Rolling Stone, so there's ample profanity.  If you understand how we're being stolen from then you'll be tempted to partake in the profanity.

Sunday, April 3, 2011

The thing that has always amused me about the robot apocalypse

Isn't it funny that we always seem to be happy to create the tools of our own destruction?

I wonder if this guy realizes the Pandora's Box he has opened?  Surely someone else would come along and open it later, if he didn't do it now.  But it's still very creepy how we pretend that all progress is good progress.

Clearly the world would be better off if no one ever solved this particular software puzzle.  But there is no way for us to all agree to not do it, so someone is bound to do it.  I think that this particular economic problem--the lack of a system for agreeing to not do something--will be the great Achilles heel of humanity.  The last words of our species will be, "I wish we could have come up with a way to agree to not do that."

Saturday, April 2, 2011

The next revolution will be televised

I've been writing about Democracy 2.0 / Evolving Democracy for a while now.  I've been treating it as a purely academic exercise, because I have assumed that there would be no chance for anything like it being adopted in my lifetime.  I just wanted to leave a challenging idea behind for future generations to chew on, in the hopes that a revolution would occur someday, and that my ideas would help form the next new best government.

I'm starting to believe that there will be revolution in America in my lifetime.  These two commentaries mirror my own thoughts on the subject:
Joseph Stiglitz details the extreme income imbalance.
Paul Farrell identifies the delusion of the Super-Rich.

Maybe I need to get more serious about getting my ideas down and explained.  I would be a sad man if I wasn't ready for the revolution when it came.

Friday, March 18, 2011

This is what YouTube is for

Problems with my tires forced me to replace my shocks and struts yesterday.

My car has 100k miles.  The fuel filter has never been changed.  It idles low and rough, and has been losing power.  So it was time to change it.  The shop where I had my oil changed wanted $30 for the filter and $50 for the labor.

I bought a new fuel filter for $8.  After I had the rear shocks replaced I tried to pull off the old filter.  I have the Haynes repair manual that has step-by-step for stuff like this, and I followed the steps.  I fought with it for half an hour and couldn't get it disconnected.

This morning I googled it and found this YouTube video:

The voice is monotone.  But the instructions are better than the stupid Haynes manual because this guy shows the critically important fuel line disconnect tool!?!?!?!?  I can't believe that the Haynes manual missed this.

That tool is $5 at the local part store, and they have it in stock.

The shop wanted $1300 to do the shocks and struts, and $80 to do the fuel filter.  I'm going to have both done for $300 and about 5-6 hours.

Tuesday, March 15, 2011

3d modeling in the near future

Microsoft provides an open interface for Kinect, which lets hackers use the Kinect camera for whatever crazy projects they can come up with.

This video is a little technical, but even non-technical folks should be able to follow the amazing new user interface.

I would expect to see more refined versions of this commercially available within the next two years.  3d CGI will faster, easier, better looking, and more accessible to amateurs.

Hopefully Microsoft will learn something from this project and open the interface for more projects.

Thursday, March 10, 2011

Bankers talking about moral hazard

Bankers talking about moral hazard is something like rapists talking about chastity.

The New York Times is reporting that Bank of America is refusing to write down mortgages, as they have been paid and ordered to do by the government.  Their main argument is moral hazard.  They believe it would be bad business to reward home owners who took out larger loans than they could actually afford.  Seriously.

Tar and feather is too good for these people.  I have a strict non-violence policy, but the gall of these people is pushing my limits.

They are busy paying billions in bonuses to themselves, the crooks who wrecked the economy, and they claim to worry about the moral hazard of rewarding someone else?

Their secondary argument holds a little water.  They claim to be unable to figure out who to give how much write-down to.  This boils down to claiming that they are incompetent.  "Oh, the figures are just too hard to compute."  I've worked with the mortgage modification program people at Wells Fargo, and I would accept the argument that they are incompetent to do the math.

Well, I'll help them out.  We'll make it simple for them.  Any mortgagee who wants it gets a free re-fi, on these specific terms--regardless of their credit rating, payment history, LTV, etc.  If they currently do not pay PMI then they do not have to pay PMI on the new mortgage, either.
* Take the current principle balance and refinance that amount for 30-years at a low fixed rate.
* The rate they get depends upon the amount of their current principle balance, according to this sliding scale:
- Less than or equal to $100k -> 3%.
- Between $100k and $150k -> 3.125%
- Between $150k and $200k -> 3.25%
- Between $200k and $250k -> 3.375%
- Between $250k and $300k -> 3.5%
- Between $300k and $350k -> 3.625%
- Between $350k and $400k -> 3.75%
- Between $400k and $450k -> 3.875%
- Between $450k and $500k -> 4%
- Between $500k and $600k -> 4.25%
- Between $600k and $700k -> 4.5%
- Between $700k and $800k -> 4.75%
- Between $800k and $900k -> 5%
- Between $900k and $1M -> 5.25%
- Between $1M and $1.5M -> 5.5%
- Between $1.5M and $2M -> 5.75%
- Between $2M and $5M -> 6%

Obviously the sliding scale will be endlessly debated and negotiated, but I think that the government could cram this down the mortgage companies' throats.  And I think it would do a tremendous amount of good for the economy.

I'll take myself as an example.  We're not in the moral hazard set.  We paid down 10% and took out an 80% and a 10%.  We owe less than the market value of the property.  We have never been late on a payment.  And our credit ratings are still excellent.  We've been in our house a few years.  We would take this deal.  Based upon that sliding scale we would save about $350 per month.

Wednesday, March 9, 2011

A day made of glass

It's a Corning commercial.  But it is an interesting view of what the near future might look like.

Unfortunately, I expect to see lots more advertisements.

Netflix feature requests and parental controls

We get Netflix now.  The kids are loving Netflix streaming on the Wii.  We haven't watched as many big people movies as I had expected.  But, overall, it is a neat service.  And the value per entertainment dollar spent is fantastic.

But I'm a software guy.  And Netflix is a software service.  So, of course, I have ideas on how to improve it.

I've scoured Netflix's website and I cannot find any way to submit a feature request or give unstructured feedback.  This is a mistake, both for their business model and the software itself.  Companies today have to engage clients and digest the feedback.  They have a blog, and comments are allowed.  But there is no way to contact anyone directly or engage with the company.

I'll link this blog post in the comments of their latest blog posts.  I'm also going to post it on their wall on Facebook.  But I doubt it will get noticed.

With that all said, I've got two feature requests/suggestions for Netflix.

1. A General Feedback Mechanism
Duh!  There are thousands of users out there who have ideas they would like to share.  Just listening to their ideas makes your brand more engaging and sticky.  Some percentage of those ideas are good or great.  Those ideas will genuinely make your service better.

As a baby-step you can just implement one of the general-purpose feedback websites, like  (Suggestionbox created that site for them as a teaser to try to engage Netflix.  Netflix isn't actively using it yet.  I have no affiliation with Suggestionbox.)

But you already have a platform where you are engaging with people.  So I would suggest that you build a 'Netflix feature queue' right into your service.  Give people the ability to write up feature requests (like this one) and place them in the queue.  Let others read and prioritize those features.  I'm sure that you have an agile development team (or three).  Put their scrum backlog in there and let clients interact with it.

You will have to moderate the content, obviously.  You will have tons of 'I got a DVD of Teen Wolf 2 that was scratched.'  Some of your customer service people will have to review every incoming post and filter out the stuff that doesn't fit.  And they will have to merge similar requests.

But when you build a feature that was customer-designed you should scream it from the rooftops.  Send someone out to get a picture of the person who wrote up the idea.  Give them a free month of service and a shirt.

2. Granular Parental Controls
I haven't seen anything from Netflix that suggests they want people to sign up for more than one account per household.  That means parents and children are sharing queues and streaming devices.  We have 4 kids--a large-ish family by modern American standards.  But I would suggest that our usage patterns are probably fairly typical.

In our house this means that the 'Suggested for Randy' queue is:
* Clifford
* Angelina Ballerina
* Se7en
* Salt
* Ben-10
* The Shawshank Redemption
* Blues Clues
* Dexter
* Cake Boss
* Shaun the Sheep
* The Blues Brothers
* Enter the Dragon
* Zombieland

This is disconcerting for me as a parent, because so many of my shows appear at the top of the queue when my kids are picking shows.  I don't need my kids watching even a few minutes of Se7en or Dexter while they know that I'm busy doing something else.

We have a Wii with Netflix streaming on our main TV.  We have Netflix streaming on the adult's computers, but we don't want to watch movies at our desks.  Everyone basically shares the main TV for Netflix.

We have 2 preschoolers (who can navigate the Netflix menu on the Wii and pick their shows.)  We have a 9 year old, a 13 year old, and two adults.  In a perfect world that's 5 separate instant queues on this device.  In reality, though, if each of the big kids got a personal queue then both of the little ones would demand their own queues, too.  So that's 6 separate instant queues on the Wii.

Each queue needs an optional password.

When I'm in a queue, I need to see the name of the queue at the top of the screen.  (On the Wii, the queues should each have a Mii.)

If I have several streaming devices (Wii, iPad, computer, streaming Blue-Ray player, etc.), then I should be able to pick which queues appear on which devices  The default should be for all queues to appear as options on all devices.  Some devices won't be able to handle multiple queues, especially at first, so they will have to default to just the first queue.

Each queue needs to have it's own settings for what's allowed.

There is a sticky problem on content that is not rated--old movies and TV shows.  So I would base the parental controls on a combination of Common Sense ratings and MPAA ratings.  And for the shows that are not rated by either service, I would control by genre.

So my parental control options would look like this:

Little Jenny's queue allows:
* All shows
* R and below
* PG-13 and below
* PG and below
* G and below
For shows that are not rated by the MPAA, allow:
* All shows
* Common Sense age 17 and below
* Common Sense age 14 and below
* Common Sense age 11 and below
* Common Sense age 8 and below
* Common Sense age 4 and below
* No shows not rated by the MPAA 
For shows that are not rated by the MPAA or Common Sense, allow:
# Action & Adventure
# Anime & Animation
# Children & Family
# Classics
# Comedy
# Documentary
# Drama
# Faith & Spirituality
# Foreign
# Gay & Lesbian
# Horror
# Independent
# Music & Musicals
# Romance
# Sci-Fi & Fantasy
# Special Interest
# Sports & Fitness
# Television
# Thrillers

For that last category the interface is checkboxes, not a single select.  A movie that is categorized as both 'Documentary' and 'Gay & Lesbian' would be blocked unless both categories are checked here.

Few parents are going to select 'Gay & Lesbian' or 'Horror', but the control settings should simply include all genres for simplicity's sake.  Any new genre that gets added to the system should show up here, and be unchecked for everyone who has already set up their parental controls.