Rupert Goodwins' Diary

Monday 7/8/2006

AOL's having a hard knock life. The once great metropolis is emptying as its users stream through the gates in its once impregnable walls to the anarchistic freedoms outside. Mindful of history, it's announced that it'll be knocking down what's left of those walls to fully join the sprawl and relying much more on advertising. It's the equivalent of a city abandoning the poll tax and hoping the revenue from the billboards will cover council expenses — expenses it's reducing by sacking thousands of staff.

However, that was last week's news. This week, we learned that the company's made over half a million search terms public — those secret little strings its users have been typing in to get answers to those awkward little questions they might not feel safe asking at home or work. Although the terms were anonymised by replacing the user names with numbers, it was quickly pointed out by just about everyone that the search terms alone were enough to give a shrewd idea who'd typed them in. AOL apologised profusely and pulled the list, but not before copies had been mirrored and instant search sites set up to let everyone get a good long look at the minds of middle America.

A disastrous mistake of colossal magnitude, said just about everyone. What an enormous breach of people's privacy, they continued, while eagerly sifting through the results with prurient pleasure. It's been a bit like an inadvertent Big Brother bomb unleashed over thousands of users, X-raying their interests and motives and broadcasting them to the world. Guilty, guilty, guilty AOL.

Well, yes. But hold on. Any judgement can only be made after considering mitigating factors. AOL made that list available for research purposes, and that generosity has already had positive effects on online privacy. As researcher Serge Egelman told Dave Farber, it's been useful in implementing the Platform for Privacy Preferences (P3P) — an effort to give people much more awareness and control of their privacy.

"We (the CUPS lab) have greatly benefited from the AOL data. In fact, the data set comprising 20,000 search terms gathered over a week was created for a study we conducted last summer. The study examines P3P adoption across search results from three popular search engines (Google, Yahoo, and AOL). [...] AOL was instrumental in conducting this study."

There are other effects: one of the most important and difficult aspects of privacy is getting people to know and care. Do you ever pause to think that every search term you type in, from "How do I murder my boss?" to "What is Prince Charles' voicemail PIN?", is being recorded? If you do, then you might start to ask "Why?" or "What if I don't want it to be?". If you don't, then nothing will happen except things you don't like. This story should have done some good here.

Of course AOL should have been more careful, but it's a matter of degree of care, not of absolute sin. The event has been a rather graphic demonstration of what I think of as the Rule of Auto-Ironic Subversion — "Every time you collect a list for security or privacy reasons, you may enable the exact harm you feared. ID database, anyone? 

Tuesday 8/8/2006

Happy Winter Solstice! Dismiss any thoughts of skyclad prancing, though: the festival is only being celebrated in the south of Mars. Fourteen degrees South, 175 degrees East, to be exact, where Mars Rover Spirit is patiently sitting out its second winter parked on the Low Ridge Haven outcrop. Since landing on 4 January, 2004, the valiant vehicle has survived dust storms and broken motors, but it and its twin Opportunity continue to send back unparalleled data by the bucketload. Although Spirit hasn't moved since April, it's found meteorites and produced a high-resolution, 360-degree panorama of its surroundings — neither of which I've managed from my London flat, despite not moving for considerably longer. NASA has agreed to extend the Rover missions for another year from October, so it's Martian Martinis all round and on with the show.

The question I want answered above all others though, as I survey yet another utility bill that seems to bear little relation to the basic tenets of mathematics, is how NASA can keep such complicated systems alive and well on the surface of the Red Planet while my local telco can't accurately track my telephone usage in Holloway. It's true that the Rovers run a notably robust and mission-tested operating system, VxWorks from Wind River, that has had far more than the usual number of hideously bright people buff its shiny carapace. But then, my Linksys wireless router runs VxWorks too (yes, I like the idea that I've got code running in my living room that may also be running on Mars): if I can buy that level of reliability for 50 quid, it's not made of unobtainium.

Of course, it's not possible to directly compare a billing system with a real-time data acquisition and control project. It's also palpably untrue that to make a reliable application all you need is a reliable operating system. The Rovers and their forerunners have had software problems of their own: the difference is, they got fixed and stayed fixed, because there was no other option. You can't afford to have something turn itself into a brick a hundred million miles away from someone who can reflash the ROM.

That's what's missing — the idea that there is no other option. Telcos and the vast army of other concerns who think it's acceptable to be unreliable know that they can stagger from patch to patch: if they realised that they couldn't, then they wouldn't. The engineers behind the Rover missions are quite clear on how they did it: you make sure you know how your system works. It doesn't matter if you wrote it, if you farmed it out to a third party, or if you bought in a commercial off-the-shelf system, make sure you have the people with the knowledge to understand what on earth it's doing, at every level. Is there anyone on this or any other planet outside Microsoft who can say that about Windows?

Then you make sure you have diagnostics and back-up options plumbed into the system during testing, and then you make sure they stay in when you go live. Test what you ship and ship what you test. And during that testing, you'll have limited resources — of course. So prioritise. Categorise by seriousness, likelihood and difficulty. How will your teams' efforts best be spent?

And make darn sure none of this is lost as things go live and developers move on. Document.

None of this is, ahem, rocket science. All of it works. If you get it right, you will produce good results. Look up at the sky if you doubt it. So why is it so hard?

Anyway. VxWorks is also in use in the Stardust project — and if you fancy contributing a bit of your time to space science and perhaps getting your name immortalised as the discoverer of something small yet really important, take a look at Stardust@Home. It's a curiously relaxing pastime, and just the thing if you need to unwind after that last phone bill.

Wednesday 9/8/2006

Heard of cows? Of course you've heard of cows. You'll also know that cowpox was the first disease to be used in vaccination — vacca being Latin for cow — because injecting people with cowpox conferred immunity to smallpox. As cowpox gives you red blisters while smallpox kills you, this was considered worth knowing. From that, the entire science and practice of vaccination grew, removing untold suffering and misery from the planet.

Now we know a lot about all this. One of the key ideas is herd immunity, where you don't have to immunise everybody, just enough to prevent a particular disease from being able to spread. You do need to get a high percentage of a group, but when you're there the disease will die out. Providing the immunity is evenly distributed, there'll be no reservoir: get nine out of 10 people jabbed, and 10 out of 10 people will benefit. Conversely, if you don't hit herd immunity you'll never be rid of the problem.

That's one of the reasons why it's so teeth-grindingly frustrating when ill-informed parents refuse to get their kids immunised because of sensationalist, unscientific scares about side-effects. That raises the risk for everyone. And it's also the reason Microsoft is being so daft about some of the implications of Windows Genuine Advantage, or WGA.

WGA is designed — let's be charitable — to encourage people to buy legitimate copies of the operating system. You do that, you can register. You register, the Microsoft monolith will dispatch updates and extras to you by way of recognising your shining spotlessness. Another way of looking at that is that Microsoft is withholding important features from the sinful, putting them at a Genuine Disadvantage — but they're bad people. They deserve to be punished. It's up to Microsoft. That may be true for things such as upgrades to Media Player and Internet Explorer, both of which are going to be reserved as treats for the faithful. But when Microsoft decides to include anti-spyware software in the program, as it is with Windows Defender, it's punishing everybody.

Even if you don't agree that the existence of spyware is the mark of a poorly designed operating system — a stance that is at the least arguable, and in the historical case of Windows pretty undeniable — the removal of it from the world is something that aids the public good. Although spyware doesn't spread itself autonomously, unlike true viruses, it does depend on having a large susceptible market to be commercially viable. If it has that base, then more versions are going to be developed — and some of those will get past Windows Defender.

By denying security to the non-registered Windows user base, Microsoft is in the position of withholding clean water from the peasants on the grounds that only the knights deserve to be healthy. Guess what: the knights will die too.

I thoroughly approve. Windows Genuine Advantage is going to drive more people to open source than any initiative Novell or Mark Shuttleworth could think up. What's not to love?

Thursday 10/8/2006

It's national No Fly Day in the UK, as a (as yet curiously undefined) major terrorist bust throws the airports into a security spasm. No liquids, no books, no anything except the barest minimum can be brought on board: everything else has to go in the hold.

This is going to make the West Coast fun. I'm in the back of a 747 for 12 hours with no laptop, no iPod, possibly no books, and only an in-flight magazine for company. The in-flight entertainment's not working properly, and security has confiscated my Laphroaig. How do I avoid slipping into snarling, dehydrated insanity? The only solution I can see involves powerful drugs and a deep coma — emergency tactics I normally reserve for the press conference at the other end.

There are more intriguing and intractable problems than my mental health. Browsing the Pprune pilots' bulletin board to get a feel for how the industry sees events, I note first of all that the pilots are most concerned at being divested of their packed lunches. This is the mark of any true profession from medicine to law via finance and vicaring: get them in a group and they'll talk about anything other than actually doing their jobs. It's only the artisans, the engineers and the farmers who like to commit that sin.

More interesting is the business of legal compliance. One story on the board relates how a chap of Palestinian extraction and appearance ended up in an impasse with a policeman at a security checkpoint: the chap was also the country's leading expert on jet engines and as such had top-level security clearance. The policeman was just a policeman. The chap was carrying top secret documents, the contents of which could not be divulged to anyone without equivalent rating. The policeman demanded to inspect the folders. The chap would only show him the covers. (This could be another example of the Rule of Auto-Ironic Subversion, come to think of it).

Now, there are equivalent cases where people carry laptops containing information for which they are legally liable. They are not allowed to let those laptops out of their sight while in insecure environments. Few environments are as insecure as the baggage system at airports, to which all laptops must now be entrusted. Stuff gets stolen, lost, broken: it is inconceivable that the owners of the laptops could let them go through.

At a stroke, the top echelons of business and the security services have been effectively barred from flying — as the result of "defeating terrorism". I most definitely call ironic subversion here: by not blowing anything up, the terrorists have provoked a response that's crippled the normal running of the West.

I'm glad nobody died. But this may not be the best way to proceed.

Friday 11/8/2006

Talking about Western culture, we may now face a bigger threat from the East than ever before. We've survived Confucianism. We've survived Maoism. But can we survive Chinese consumerism?

Dell is in the curious case of being one of the first Western firms to be taken to court by Chinese citizens for selling goods not as advertised. At issue are some Inspirons equipped with Intel Core Duo T2300E processors — respectable chips with much to recommend them. They're dual-core. They use a bearable 31 watts. They have the security of the Execute Disable bit.

Nothing wrong with that. Except that Dell specified the T2300 chip when the Inspirons were ordered. The T2300 is identical in every way to the T2300E, except one — it has Intel Virtualisation Technology while the T2300E does not. Ooops.

Now, it is very unlikely that this will materially affect the operation of the laptops. Virtualisation is important, and it will become more so, but so far it's not really made an impact in the sort of things that laptops tend to do. And you can virtualise the non-virtualised chips, just not as efficiently. Dell may have thought that it could make the change and nobody would notice, and that may have been a reasonable assumption.

Except, of course, it was dead wrong. It only takes one person in the whole wide world to notice. They only have to post a "Hey! I was burned!" whinge in one of many hundreds of right places, and others will immediately check. And if they don't have what they thought they had, then by Jove you can expect that every last one of 'em suddenly NEEDS to run a fully virtualised high-performance system like YESTERDAY.

Dell was caught out. It has no recourse but a full apology and restitution. Which it has done.

And there the matter might rest. Except... what on earth is the T2300E? Why does it exist? If you look at the Intel cheat sheet for the Core Duo, you'll see that it's the only one that lacks virtualisation support. Higher-power chips — all VT. Lower — all VT. Only that one very specific combination of specifications features the missing capability.

It is absolutely impossible that there is a marketing reason for this. There can be no niche, no matter how microscopic, for which the absence of VT in that single tiny sliver of performance options is an advantage. The chip can cost no less to make. Dell's reasoning in its excuse is specious.

The only answer is that there is no T2300. Whatever production run was supposed to result in that part had a problem which zapped the VT part of the chip, but left the rest OK. There is no spare production capacity, there is no chance for Intel to rebrand a higher-performance chip as the T2300 because they've all been sold too. So Dell is given an incentive to take that chip instead, and it decides to quietly slip it in. The risk of embarrassment is passed on, and Intel looks the other way while whistling artlessly.

None of this matters much. This sort of thing happens all the time. But it took the Chinese to spot it. Quietly, and without much fuss, the world is changing.