Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010

TSA Patdowns

Here's a short rant I thought I'd share. Every six months or so I visit out-of-state family, and of course I fly. Leaving from Seattle is fine: the security line forks very clearly into a set of paths leading to the naked body scanner, and a set of paths leading to the standard metal detector. You can choose what you like, no fuss. I always choose the metal detector, because it's more secure. I don't care about the radiation, I don't care about naked photos. I'm against those scanners on principle that they're insecure and waste time and money.

On the return trip, however, the Salt Lake City airport has the metal detector and the scanner right next to each other, with a dude blocking the path of the metal detector's exit. You can approach the metal detector, and he might let you through. For me, he has never let me through, and asks I use the scanner. I refuse, and demand a patdown instead. Okay, it's fine.

But here's the stupidity: there's a side-gate he opens and asks me to step through to go to the patdown area. This side gate has neither scanner nor metal detector, so I bypass both. The idea of "security layers" has never occurred to the TSA. Why not make me walk through the metal detector to get to the patdown area? Then you are layering your security and it's harder to get past it. Apart from the lack of layering, here's what really annoys me: the subsequent patdown is a joke. Yes, I'm complaining that their patdown is not invasive nor thorough enough. As has been shouted by nerds ever since 9/11: SECURITY THEATER OMYGAWD!

See Full Post and Comments

Why Maryland's new "ban employers from asking for Facebook user names and passwords" bill will fail

Before I explain, and my explanation will only take the next two paragraphs, I want to note that I find it incredibly difficult to feel any sort of sympathy for employees who are asked this question and comply. The proper response (even if you don't have a Facebook account) is "fuck you." The dumb response is "here you go, username is and password is password1." The cowardly response, if the company has heavily implied that you will not have your job much longer if you don't comply (or not be hired in the first place) is the same as the dumb response. You are working for an unethical company, leave. And look, I'm not insensitive to a pragmatist. If you keep the "fuck you" to yourself, but delay with either a "I don't have a Facebook account" lie (make sure you have good privacy settings and an ambiguous avatar to keep the lie going!) or a "I don't remember my password, my browser does at home so I'll give it to you tomorrow" excuse so that you can create a fake facebook account to give the info for instead, and you make use of your delay to search for another job without the hassle of being unemployed while searching, then I'm fine with you. I just don't sympathize with straight obedience to such requests.

Now here's why a law against this won't work. Companies that do ask for these details are unethical. There's nothing wrong with a company Googling employees or prospective employees to see what they can find, but they cross the line when they demand such people hand over that information to them or else. Having established that such companies are unethical, in the face of this law we can infer that they will simply no longer ask.

It is trivial for a company to set up a server that all network traffic in their building must pass through, and they can log it all. Are you never going to check Facebook at work? If you have that level of mental discipline, you wouldn't be working at an unethical company in the first place! Is Facebook using SSL to prevent logging servers from reading your traffic? That's okay, the company's logging server can issue its own SSL certificate instead of Facebook's so that it can read the traffic. The company can even install their certificate on all their company machines as a trusted certificate so that the browser gives no warning. (And even if they didn't, many people ignore such warnings.) Now that they're reading all the traffic you send, they can watch what you do on Facebook and everywhere else, and that's entirely legal. Many companies in their employee handbooks state that there is "no expectation of privacy". Many companies have security cameras monitoring everything, and at minimum content filters to keep employees from watching porn, but they can also set up the system I described of routing and logging all traffic. And since we're dealing with an unethical company, they might even cross the legal boundaries and sign into Facebook as you (having intercepted your username and password when you typed it in, or intercepting your session cookie). Hence whatever goals this legislation intended to achieve will not be achieved.

See Full Post and Comments

Theorems are more powerful than laws

Very quick thought/assertion I'm exploring. It came to me several months ago when I watched a Scott Aaronson talk about quantum physics and P vs. NP. He made a joke that "If P and NP were studied by physicists, they would have declared P != NP a physical law and moved on." But P vs. NP is a mathematical question, it's not something we can observe like mass and energy, it's a question of logic, and it seems there should be a mathematical answer (proof). I'm frustrated humanity doesn't have an answer to it, I can't even imagine the frustration people who spend their lives actually trying to answer it must feel.

Laws are easier and lazier and you can guess at them just by opening your eyes. Theorems take a lot of mental work. When we humans discover a new law, we gain power over the universe. But when we discover a new theorem, especially a new way of obtaining theorems as Wiles did for Fermat's Last Theorem, we humans gain power over logic itself. And power over logic is more powerful than power over the universe.

Or is it? I've reconsidered. There is the possibility that the universe, being the ultimate arbiter of experimental results, may provide us humans with a result that crushes the whole notion of logic and proof far more so than Godel's theorems ever did. I think it's highly unlikely, but if it happened, the physicists would declare this new experiment showing a fundamental problem with logic as a law and move on, while logicians and mathematicians would be dumbstruck about what to do next with their lives.

See Full Post and Comments

What's the problem?

There has to be a psychological term for this. There's the fallacy of imagination, which I thought might be suitable, but that means something quite different. What I want to talk about is this: there is a tendency among certain people to pause time and the laws of physics when talking about what will happen if you change just one thing in a system. I guess it's really a failure to notice complex systems with several causal inputs and several effect outputs, sometimes effects having feedback loops back into the system as inputs.

For a simple example, consider a house of cards. Now remove the bottom layer, but pause gravity so the house doesn't instantly come falling down. What happens? Well, it sits there, you can keep building it up in midair, or if you push just the top part only the top part will fall off, but the house will remain intact...

For another example: College costs a lot of money, and the federal government is deeply involved with the loan business that "makes college affordable." One thing the government does is enforce arbitrary interest rates that are "low" and all but guarantees any student who wants a loan can get one. Now remove all the government's tentacles from the system overnight. And pause the laws of physics. What will happen? Why yes, the liberal nightmare! With only private companies being able to give out student loans at their own discretion, they will do so at huge interest rates, and no one will be able to afford college. Especially not poor performing students.

See Full Post and Comments

Code Licenses Again, or The GPL is Like Communism

My views on code licensing have sort of flip-flopped over the years I've been programming, but for the past few I've still mostly settled on the GPL (or LGPL when warranted) for serious projects. But since I wrote that post, my viewpoint has become more nuanced. I still agree with the general point that the GPL shackles its users with freedom, and that this is sometimes desirable. But sometimes it's not, and a lot of people feel strongly on both sides. Let's look at the Spirit of the GPL, which is really the Spirit of Open and Free Software. (While open source and free software are different, their spirit is the same.)

The Free Software Song expresses the Spirit adequately. But notice the ending: "When we have enough Free Software/At our call, Hackers, at our call/We'll kick out those dirty licenses/Evermore, Hackers, evermore." Sound familiar? If you've ever read much of Marxist and Communist philosophy it should.

See Full Post and Comments