Automatic CS Paper Generation and Bogus Conferences

The title above links to a web page about SCIgen - An Automatic CS Paper Generator: a program that generates fake computer science research papers. This came to my attention via an email about a boing boing article about it. The reason I'm blogging about this is that reminded me about my own first encounter with the World Multi-Conference on Systemics, Cybernetics and Informatics, back in 2002. This conference poses as a serious interdisciplinary conference, but actually only seems to serve to make money for the organizers. At the time, I found information about the conference at this web page and this web page (courtesy of the internet wayback machine), the latter which presents a company with the same name as the conference's seemingly permanent General Chair, Nagib Callaos, that has a seminar speaker (follow the "management seminars" link) who seems to be the conference's permanent Program Committee Chair, William Lesso.

As Big Brother goes digital

Amplifying on a previous post of mine, the title links to an article from EE Times about RFID chips in passports. Briefly, the Administration saw that they couldn't get this past Congress, so instead they got the International Civil Aviation Organization to agree to it and used that agreement to get Congress to approve making US passports adhere to the new "international standard". The problem with these chips is twofold:

1. The data is stored unencrypted, so anyone (not just governments) can read it.
2. Because RFID is used (rather than a method requiring physical contact), the data can be retrieved remotely, without knowledge of the passport carrier.

This raises the possibility of such passports being a "dream" for identity thieves and terrorists: the ability to read large amounts of identity information (including nationality) remotely and discreetly. If such technology gets incorporated into daily-use IDs (such as driver's licenses, implicit in the "Real ID Act"), then it becomes feasible for governments and corporations to track the movements of individuals as they pass by RFID readers embedded in doorways, elevators, buses, light poles, whatever.

The story of a plagiarist

Well, it seems I'm late to a party that everyone else has already blogged about and left, but what the hell. The title above links to the start of a story by Nate Kushner about his being contacted by a stranger to write a paper for her to hand in for an assignment in a college course. To make a long story short, idle hands are the Devil's workshop, and Nate writes her a bogus paper, gets her name and college information, and then rats her out.

I, unfortunately, have experience with plagiarism from the receiving end. The method used by this student may have been unusual -- it's an unfortunate fact that there exist web sites that cater to matching plagiarists with people to do their work for hire. (Note to my students: I know about these sites, and troll them for solicitations for my own class assignments.) While I sympathize with the stress that a student may feel (though, in the case here, it seems more likely that this was S.O.P. for the student in question), there is no getting around the fact that plagiarism is as much theft as robbing a convenience store.

Remote device fingerprinting -- a new privacy concern

The linked paper describes a method for uniquely identifying computers from remote locations. This device "fingerprinting" relies on identification of clock skews -- the difference in the rate of "ticking" of a computer's internal clock versus some reference clock -- based on time stamps incorporated into the low-level packets of information that make up internet communications. It turns out that this skew is, to a great extent, unique to each combination of machine and operating system and is reasonably constant despite geographic location and network connectivity. This approach would allow a web site, for instance, to identify client computers without the use of cookies. It would also allow anyone who can attach a computer to a network backbone to scan for a set of computers that are under surveillance. Shades of Carnivore.

The article ends with the following: "Our results compellingly illustrate a fundamental reason why securing real-world systems is so genuinely difficult: it is possible to extract security-relevant signals from data canonically considered to be noise. This aspect renders perfect security elusive, and even more ominously suggests that there remain fundamental properties of networks that we have yet to integrate into our security models." Those of us concerned with our privacy take great care to ensure, for example, that we only allow certain sites to store cookies in our web browsers and that each cookie can only be retrieved by the storing site. In that respect, cookies are fairly privacy/security benign. Methods like those in this paper will require explicit counter-measures. For this particular approach, it appears (judging from the results in Table 5 of the paper) that software can be used to alter the skew, randomizing it to foil fingerprinting. But I wonder about other measurable patterns of computer network activity. It might even be possible to use network activity patterns to identify users, even if they switch computers.

The end of my portable computing problems?

I'm in a bit of a bind regarding portable computing devices. My Powerbook is too big to lug around everywhere. I have a Sharp Zaurus, which is pretty much a full-featured Linux machine in a PDA package. It's still a bit big; I have to carry it around in a belt holster. I have a Sony Ericsson T637 cell phone. It's very small; fits in my pocket. It has alarms and a phone book, but is only about 75% of the way there as far as PDA functions. Part of the reason the cell phone isn't a sufficient PDA platform is software, but part is hardware: a tiny display and painful input method. given the hardware limitations, I don't blame Sony for not including more robust software.

Well, one part of the hardware problem appears to be solved in the near future. The linked New York Times article describes flexible display technology that Philips Polymer Vision will be bringing to the market within a couple years (they apparently will be showing a prototype device in a couple months). Basically, these (initially 5" diagonal) displays can be rolled up inside the body of a device, where a small portion could be exposed to view. You can then pull the full display out when you need it. Finally, a decent-sized display that fits in a (normal) packet.

Maser developer has difficulty understanding conditional probability

I heard the interview linked from this post's title on Morning Edition on National Public Radio this morning, and for a bit, thought I was still semi-conscious. The story was about Dr. Charles Townes who, along with Dr. Arthur Schawlow, developed the maser (microwave amplification by stimulated emission) -- the longer-wavelength precursor to the laser. Dr. Townes shared the 1964 Nobel Prize in Physics for this work.

Now, what stood out as unusual was that the story was about his receiving the "Templeton Prize" for his work in the field of religion.

This prize is awarded by the John Templeton Foundation, an organization devoted to the intersection between science and religion. I've looked through their web site, and they don't seem on the surface to be religious right crazies (if someone ever reads this and knows more, please drop me a line or add a comment). According to this June 2004 article, Townes is on the Templeton Foundation Board of Advisors.

What stuck out in my mind was Townes' comments on what one might call "cosmological intelligent design" (see the last paragraph of this Cornell news story. Basically, like aficionados of "intelligent design" as a stealth way of inserting religion into the biology curriculum, he reasons that the universe must have been designed with life in mind, because it is so improbable that the universe's physical laws would turn out "just right" for life to arise. In fact, it is true that physicists don't currently know why various underlying physical constants have the values they do, thought only fairly narrow ranges would produce universes suitable for life.

This is an old argument against science in general and evolution in particular: that since we can't explain everything right now, that must mean that God set things up. Besides the logical fallacy, there is a fundamental probabilistic fallacy in this. Let's imagine that many, many universes could be created, and only a small fraction would have physical laws suitable for life. to make things concrete, I'll use 0.0001 as a small probability, but any number would work. So, the probability of a suitable universe is P(S) = 0.0001. Let's also assume that, even if the universe is suitable, the probability of life arising is small, too (again, the number actually doesn't matter). This is a conditional probability, the probability of life given we know the universe is suitable, P(L|S) = 0.0001. We also know that life cannot arise if the universe is not suitable, P(L|~S) = 0. So, the a priori probability of life occurring in a universe, before we checked to see if the universe is suitable, is P(L) = P(S) P(L|S) = 10^-8.

What we want to know is the probability that the universe is suitable, given that there is life in it. This is exactly what Townes is having a problem with -- we've already seen that P(S) and P(L) are very small, so there's no way that this suitable universe could have happened "by chance". (Of course, we don't know that it was by chance, but that's beside my point here.) Actually, however, that is not true -- given that we exist (otherwise, we wouldn't be around to be amazed by this improbable-seeming universe), the probability that the universe is suitable is 100%, P(S|L)=1. There are a variety of ways of arriving at this; I'll use Bayes' rule (not the simplest way to do it), but it's really a tautology of the math.

Bayes' rule allows us to reason from evidence back to cause, given that we understand ahead of time how the cause relates to the evidence. For our suitable universe, the rule is:
P(S|L) = P(L|S) P(S)/P(L) = (0.0001)(0.0001)/(10^-8) = 1

As we can see now, the numbers don't matter because P(L) = P(L|S) P(S), which is true because P(L|~S) = 0. In other words, of course we see that the universe is suitable for life; if it weren't suitable, we wouldn't be here! The same reasoning can be applied to evolution. It doesn't matter how improbable the evolution of intelligence is, the fact is that only intelligent life can ponder such matters, and so all such conditional probabilities are actually certainties.

Note added 3/11/2005: There's a great FAQ on the "Anthropic Principle" that you should read, if you're interested in this sort of thing.

[+/-] show/hide the rest of this post

More cool software: Doxygen

Since I teach my students to document their code well, and since I've had long experience of not being able to make heads or tails of my own code after more than a couple days, I've been working on making my own code's documentation more useful. I had been using Apple's HeaderDoc software,

which converts JavaDoc-like comments in code to HTML. It's a bit clunky, but OK. Then, I tried Doxygen, a truly incredible package. First off, it will do almost everything without special markup: UML class diagrams, class hierarchies, call graphs, header include dependency graphs, cross references to called functions, etc. So you can use it to extract code structure to reverse engineer and reuse undocumented source files. Using the Graphviz package, it generates beautiful graphs. If you have comments before each class, method, and variable, all that will automatically get included in the generated documentation. If the comments were to include, for example, XML, it will detect that XML's structure and format it with appropriate indentation. You can also include a wide range of Doxygen-specific markup to create explicit links, file dates and versions, numbered or bulleted lists, mathematical formulas, etc. And, while I'm using it for C++, it works for many different input languages.

Note that I haven't mentioned output format. That's because Doxygen will output just about anything you'd want: HTML (with and without frames), LATEX, RTF (for MS Word), Postscript, PDF (with hyperlinks), compressed HTML (for Windows Help), and Unix man pages. The original source code can be included with the documentation, which means the HTML output is really an absolutely complete documentation web site for the project. The output can be completely customized to "brand" the documentation as you like. The only downside I see is that you must rebuild all of the documentation, rather than just the documentation for a changed file (probably unavoidable, given that the software automatically determines and documents interdependencies). If you write code, I think you'll agree that Doxygen will make your work look good.

[+/-] show/hide the rest of this post

Cool software: SnipSnap

I've been contemplating the use of blogs and their ilk for something other than feeding my egotism. More specifically, one of the weaknesses of the blog format is that it is only organized chronologically. Yes, you can create indices in some blog software, and since every post has a permanent link, you can freely interlink them. But, generally speaking, there's a fair amount of effort involved in maintaining those additional links, plus the time needed to administer your own blog software (which is why I'm using Blogger).

Well, I ran across some software this week that fixes most of these issues: SnipSnap.

SnipSnap is a combination of blog and wiki software. If you're not familiar with wiki software, you can think of it as very flexible, simple knowledge/content management software. Articles placed in the wiki can be interconnected based on their titles (more or less), hierarchically, and by assigned labels (at the least). Articles placed in the blog are organized chronologically and also by title and label. Wiki software emphasizes customizability, with users typically empowered to edit most any document and even changing the the site's organization. Everything can be stored in a backend database. Anyway, if you already knew about wikis then the foregoing sounded pretty lame; if you didn't, it may have piqued your interest.

The great things about SnipSnap are that it is cross platform (written in Java) and incredibly easy to install and get up and running. if you don't want to customize it much, it literally takes about five minutes (at most) from binary installation to up and running. I installed it on my home file server and spent more time playing with it to have it place its data where I wanted it, run under a non-privileged user, and set up an ssh tunnel through the firewall. As I evaluate how it fits into our workflow, my wife and I will use it to store recipes, notes about the kids' education (homeworks, tests, etc.), various records (for example, notes from doctors visits), software development notes (UML diagrams, debugging and design notes), research lab book entries (what was done, results), etc., etc. I'd eventually be interested in incorporating it into my research lab. There are only two things missing that I might want: real calendaring (schedule future events, set notifications, later edit them to note results -- all with the usual organization and linking ability) and more comprehensive security options (option to login before seeing anything, per-item or hierarchy level access control). Some aspects of these may already exist as contributed plugins; I haven't had time to look into everything about it yet (it's easy enough to get going that there has been no need to). And it's open source.

[+/-] show/hide the rest of this post

Doublespeak legislation

I'm linking to the text of HB 1991, proposed legislation introduced in Washington State that is similar to a number of others introduced in other states. Like the others, it's basically written by David Horowitz, a conservative activist, and "Students for Academic Freedom". There are a large number of blogs that comment on the politics of such things, so I'll just go over the content of the bill.

The bill has two sections; the first is for the most part a bunch of generalizations and "feel good" statements that I suppose is meant to predispose the reader to thinking that the whole is innocuous or high-minded. Lots of language like, "The central purposes of a university are the pursuit of truth, the discovery of new knowledge through scholarship and research, the study and reasoned criticism of intellectual and cultural traditions, the teaching and general development of students to help them become creative individuals and productive citizens of a pluralistic democracy, and the transmission of knowledge and learning to a society at large." However, even here, I believe there is an attempt to "bless" certain words and turns of phrase by close association with others. For example, the inclusion of "reasoned criticism" in the above quote is probably meant to associate with it concepts such as research, scholarship, and the search for truth. Like some other words and phrases, it will be used in section two in a manner that, taken in isolation, would mean something considerably different. A pretty neat technique, I must say. Other doublespeak phrases from section one include: "freedom to teach and to learn", "appropriate conditions and opportunities", "critical intelligence", "openness", "never-ending pursuit of the truth", "complete and unlimited freedom", and "orthodoxy". My doublespeak award goes to paragraph 4: "Academic freedom consists in protecting the intellectual independence of professors, researchers, and students in the pursuit of knowledge and the expression of ideas from interference by legislators or authorities within the institution itself. This means that no political, ideological, or religious orthodoxy will be imposed on professors and researchers through the hiring, tenure, or termination process, or through any other administrative means by the academic institution. Nor shall legislatures impose any such orthodoxy through their control of the university budget." Imagine, a piece of state legislation that dictates how hiring, etc. will be modified to accommodate people who agree with the legislature's political agenda (if it passed, that is) that appears to state, as a basic principle, that the legislature shouldn't interfere with academia. The beauty is that it appears to do this, but actually states that "orthodoxy" won't be imposed (as if anyone would ever need to impose an orthodox opinion on any organization).

Here's my annotated second section (my comments in italics):
Sec. 2   A new section is added to chapter 28B.10 RCW to read as follows:
     To secure the intellectual independence of faculty and students and to protect the principle of intellectual diversity, the following principles and procedures shall be observed. These principles apply only to public universities and to private universities that present themselves as bound by the canons of academic freedom. Private institutions choosing to restrict academic freedom on the basis of creed must explicitly disclose the scope and nature of these restrictions.

OK, so this is a definition of academic freedom for all universities in the state that observe such things.

     (1) All faculty shall be hired, fired, promoted, and granted tenure on the basis of their competence and appropriate knowledge in the field of their expertise

I know what competence is, but what is "appropriate knowledge"? Apparently, competence isn't enough, since this other qualification is also mentioned.

and, in the humanities, the social sciences, and the arts, with a view toward fostering a plurality of methodologies and perspectives.

Well, well, it seems that some conservatives support affirmative action. Just not for folks who've been discriminated against in the past -- they want it for themselves. I'm not in one of the fields mentioned (apparently, there's no need for "plurality" in the sciences, business, or engineering), but in most science and engineering departments, hiring tends to be concentrated in certain areas of inquiry so that faculty have colleagues to work with -- to provide "ciritical mass". No department can be strong in every area.

No faculty may be hired, fired, or denied promotion or tenure on the basis of his or her political or religious beliefs.
     (2) No faculty member may be excluded from tenure, search, and hiring committees on the basis of the member's political or religious beliefs.
     (3) Students will be graded solely on the basis of their reasoned answers and appropriate knowledge of the subjects and disciplines they study, not on the basis of their political or religious beliefs.

So now they want to legislate how I grade? It seems they're in favor of grading based on effort rather than results, at least, that's how I interpret "reasoned answers". As stated before, I have no idea what "appropriate knowledge" is, but I presume that the legislature will determine what knowledge is appropriate and what is not, and students could appeal grades based on me requiring them to exhibit knowledge that is not "appropriate".

     (4) Curricula and reading lists in the humanities and social sciences should reflect the uncertainty and unsettled character of all human knowledge in these areas by providing students with dissenting sources and viewpoints where appropriate.

Apparently, the humanities and social sciences are just a mess: there's no such thing as truth or even certainty. Any opinion could be valid, and so every opinion is equally valid. If you're in such a field, make sure your courses reflect the fact that it's all just a pile of crap baloney. Ignorance really is strength.

While teachers are and should be free to pursue their own findings and perspectives in presenting their views, they should consider and make their students aware of other viewpoints. Academic disciplines should welcome a diversity of approaches to unsettled questions.

Affirmative action: it's not just for people anymore. Who will decide what "other viewpoints" are "appropriate"? Will a history course need to incorporate Holocaust deniers' "viewpoints"? From a practical point of view, this is meant to give students the ability to appeal grades (or to allow punishment of professors) as long as someone in power believes that his or her pet "viewpoint" was omitted from a course.

     (5) Exposing students to the spectrum of significant scholarly viewpoints on the subjects examined in their courses is a major responsibility of faculty. Faculty will not use their courses for the purpose of political, ideological, religious, or antireligious indoctrination.

Who will decide which scholarly viewpoints are "significant"? Not that faculty, that at least is clear. On the one hand, students should be "exposed" to a spectrum of ideas, but not to the extent that anyone has their own world view challenged.

     (6) Selection of speakers, allocation of funds for speakers' programs, and other student activities will observe the principles of academic freedom and promote intellectual pluralism.

Affirmative action for speakers, too.

     (7) An environment conducive to the civil exchange of ideas is an essential component of a free university; the obstruction of invited campus speakers, destruction of campus literature, or other effort to obstruct this exchange is prohibited.
     (8) Knowledge advances when individual scholars are left free to reach their own conclusions about which methods, facts, and theories have been validated by research. Academic institutions and

I'm sorry, but individuals don't get to decide "which methods, facts, and theories have been validated by research". This is only done by communities of scholars. I can believe anything I want, but validity must be earned by convincing other people in my field.

professional societies formed to advance knowledge within an area of research, maintain the integrity of the research process, and organize the professional lives of related researchers serve as indispensable venues within which scholars circulate research findings and debate their interpretation. To perform these functions adequately, academic institutions and professional societies should maintain a posture of organizational neutrality with respect to the substantive disagreements that divide researchers on questions within, or outside, their fields of inquiry.

So now they want to legislate how professional societies work? I guess there'll no longer be any IEEE standards issued, as that would violate neutrality. Professional societies, by their nature composed of scholars in their field, tend not to decide matters that are subject to true "substantive disagreements". On the other hand, they don't serve as venues for crackpot ideas -- if you want colleagues to read about your work, then you need to convince them: 1. that you are aware of what others have done and are doing in the field, 2. that your work is also in the same field, 3. that your work explains the world at least as well as existing work, 4. that your methods can actually address questions in the field, and 5. that your methods are capable of falsifying your hypothesis (that it was possible for you to be wrong).

Wow! Quite a long read, wasn't it? Reward yourself with a visit to Students for an Orwellian Society.

[+/-] show/hide the rest of this post

Software tools I'm using today

The title of this article is a bit misleading, as my primary intent is to document my current approach to producing numerical simulation code -- mostly the libraries/classes involved. However, I'll also cover my "workflow", which is laughably simple.

My research focuses on developing neural networks and neuron simulation software so that I might gain a bit of insight into how nervous systems perform computations. This tends to be computationally intensive work. The individual simulations aren't very huge, but I often need to run tens of thousands of them to systematically explore various combinations of parameters. The simulations themselves are also somewhat fluid, in that there's often a number of different structural variations in the models to explore, too. Once upon a time, I tried to write all my code with graphical user interfaces, first using custom libraries I wrote for Turbo C under DOS, then for X Windows, and most recently for MATLAB. The problem with GUIs is that virtually every change in the simulator produces changes that propagate through the GUI. This is incredibly time consuming. And, while MATLAB is a great environment for numerical analysis and visualization, interfacing it to C or C++ code involves too much glue code. Eventually the process of changing the glue and GUI dominates any simulation-oriented coding.

So, I've stopped integrating the simulators into a GUI, and now write stand-alone code, mostly in C++ using Emacs, the g++ compiler, and RCS (Revision Control System). I don't even use a debugger, just output to cerr, because the few bugs I produce are usually the type that a debugger isn't very helpful for (OK, I'm just too lazy to learn gdb). Here are some libraries/classes I've found useful lately:

• ParamContainer, a class that's basically a wrapper around a program's command line parameters. It makes it pretty simple to define, parse, and retrieve command line options, including short and long keywords, required and optional parameters, and parameters with and without arguments. All with just a few lines of code.
• TinyXml, a set of classes for parsing XML files. I've decided that XML is the best way to go for producing files to contain simulation parameters, outputs, etc. I can incorporate documentation into the XML files, both by the very nature of the XML and by adding comments. It's very easy to format output as simple XML. TinyXml makes it straightforward to pull even fairly complex structured data from XML (you may sense a common theme here).
• In a related note, I've hacked together a set of classes that "automatically" (with the addition of only two lines of code in each .cpp file) collect RCS version information (or any arbitrary information that can be written in a string) for each source file used to build a program and will format it as XML comments for output. I now write these comments into every simulation output file I produce, so I know exactly what code was used to produce the results (assuming I bother to check in the files after each change is debugged). This is a pale shadow of my Logos system (which doesn't exist right now). For example, the beginning of an output file might look like:

   
  <?xml version="1.0" standalone=no?> 
  <!-- State output file --> 
  <!-- This can be used as input; the "Statistics" element --> 
  <!-- is ignored when the state is read by the simulator (but --> 
  <!-- can be read by functions written for MATLAB) --> 
  <!-- $Id: SourceVersions.cpp,v 1.2 2005/02/18 13:41:04 stiber Exp stiber $ --> 
  <!-- $Id: KIIgrowth-prog.cpp,v 1.5 2005/02/18 20:45:20 stiber Exp stiber $ --> 
  <!-- $Id: KIIgrowth-simulator.cpp,v 1.7 2005/02/18 20:45:54 stiber Exp stiber $ --> 
  <!-- $Id: InputGenerator.cpp,v 1.1 2005/02/18 20:46:58 stiber Exp $ --> 
  <!-- $Id: Matrix.cpp,v 1.3 2005/02/18 13:40:02 stiber Exp stiber $ --> 
  <!-- $Id: VectorMatrix.cpp,v 1.4 2005/02/18 13:41:42 stiber Exp stiber $ --> 
  <!-- $Id: CompleteMatrix.cpp,v 1.3 2005/02/18 13:38:53 stiber Exp stiber $ --> 
  <!-- $Id: SparseMatrix.cpp,v 1.3 2005/02/18 13:41:35 stiber Exp stiber $ --> 
  <!-- $Id: MatrixFactory.cpp,v 1.3 2005/02/18 13:40:11 stiber Exp stiber $ --> 
  <!-- $Id: RNG.cpp,v 1.2 2005/02/18 13:40:44 stiber Exp stiber $ --> 
  <!-- $Id: norm.cpp,v 1.2 2005/02/18 13:41:51 stiber Exp stiber $ --> 
  <!-- $Id: DistanceList.cpp,v 1.4 2005/02/18 19:39:01 stiber Exp $ --> 
  <SimState> 
     <!-- Mitral unit states --> 
     <Layer name="mitral"> 
        <StateQueue name="x" stages="3"> 
           <Matrix type="complete" rows="1" columns="25" 
                    multiplier="1.0"> 
     0.968226 1.10523 1.28773 0.684952 0.401885 0.344824 -1.56298 0.989861 
  

  and so on.

[+/-] show/hide the rest of this post

Positive ID

The linked CNET article reports on the "Real ID Act" recently passed by the US House of Representatives. It would give the Dept. of Homeland Security authority to set standards for drivers licenses. As supporters say, it's not the same as a national ID, because compliance on the part of states is voluntary. Of course, if a state doesn't comply, residents won't be able to do things like fly.

I think a business opportunity stems from the following: " In the United States, the federal government is planning to embed RFID chips in all U.S. passports and some foreign visitor's documents." I can imagine people wanting passport covers that block the RFID chip from transmitting. Otherwise, anyone with relatively simple equipment will be able to scan tourists walking by to find out who the Americans are (even if they can't read the personal information stored on the chips -- a big if).

Cyberterrorism -- where have all the sysadmins gone?

Seems like security is the theme of the day. Considering that "cyberterrorism" has been in the news for what seems like decades, you'd think that government and commercial organizations that run computers would have gotten around to hiring competent sysadmins who can run things securely. But, if the linked MSNBC article is to be believed, critical infrastructure is still vulnerable to attack. Most of what the article talks about is web site defacing, but there is certainly the implication that more is doable, given the desire. However, some of the most concerted hacking attempts are directed at university and e-commerce computers, and it seems that, except in isolated instances, they are secure. My read is that "cyberterrorism" will mostly involve a constant probing for vulnerabilities with occasional successes. If critical systems are just not connected to the internet, then the successes can be kept at the level of annoyances. Yes, that's two ifs: constant grooming of competent sysadmins and sensible systems architecture. The cynic in me isn't hopeful.

Viruses gone wild

The CNET article I've linked to discusses the possibility of viruses infecting home appliances, cars, etc. as they gain more sophisticated computing capabilities and internet connectivity. Personally, I'm not really sure what the advantage would be of having a net-connected refrigerator or toaster, but then again I didn't think that anyone would want to buy books online --- and give up the enjoyment of browsing through the books at a bookstore. My take-home lessons:

• Until Microsoft gets its act together, avoid running Windows on appliances like media centers or cell phones. It's not just that Windows is the most common OS in the ecosystem (and thus most attractive to virus writers); its distribution philosophy (and, I would say, underlying architectural principles) facilitate infection.
• Think before you connect any computerized device to the internet. Tivos dialing in directly are secure. Though Tivos run Linux, the distribution seems pretty well secured; I'd make sure I had a home firewall before connecting it via the internet, anyway.
• Use a hardware firewall. Even if you will only be connecting one computer to a cable modem sitting right next to it, get a name-brand firewall box (should be less than $50) and connect it between your computer and the broadband hardware. Use the free ShieldsUp! service at Gibson Research to test your firewall. It's my understanding that a new Windows machine is likely to be infected with malware before it is able to finish downloading the latest OS patches from Microsoft, if connected to an unsecured network.
• In a ideal world, wifi access points would be sold with randomized network IDs and WEP passwords, printed on a slip of paper in each box, and with encryption on. Unfortunately, they're universally shipped wide open --- like selling door locks that all have the same keys. Either secure your wifi (and test it) or don't buy it.
• Secure your computer as though the other layers of security don't exist. Turn off services that aren't needed. I run both Mac OS X and Linux at home; OS X has pretty much everything nonessential turned off by default (and a software firewall turned on), but Linux usually has a bunch of daemons running and services enabled that I don't need.
• If you think of a good argument for getting a network-enabled toaster (other than stupid toaster tricks), please let me know.

[+/-] show/hide the rest of this post

Darwin Day Celebration

The anniversary of Charles Darwin's birth is approaching (February 12th). This article's title links to the Darwin Day web site, which includes a registry of events scheduled for the anniversary, building up to the 200th anniversary in 2009. In a related vein, if you want to get depressed about the sorry state of science education in this country, you might read this article at Space.com or this one at the Salt Lake City Weekly. Relevant web sites include Pharyngula and The Panda's Thumb.

How is this relevant to computing careers? Well, if your goal in life is to just be a "code monkey", hacking out this subroutine or that class as directed by your manager, then maybe not much. If you have more ambitious goals, then ask yourself this: how can you hope to imagine things that computers might do, but don't yet (you might call these "future products") if you can't appreciate how mechanical/algorithmic processes can produce complex, subtle behaviors?

How not to make your point, or the universality of Godwin's Law

I had the flu last week, and didn't think it terribly wise to blog with a fever, so let me post this rather belatedly (though the topic seems like it will stay in the news for a bit).

For those who haven't heard of this, Ward Churchill, Professor of Ethnic Studies at the University of Colorado, Boulder, has stirred up a bit of a fuss lately. There's probably a couple hundred real news stories out there on the web, in addition to the usual blog blatherings (like this one); you might as well start here. I gather that his fundamental point is that 9/11 is an outcome of US foreign policy that could have been predicted. I'm not so interested in his points, though, because there's something he has to say early on in his writing that I just can't get past, and that is the topic of this comment. In his writing, he compares the folks working in the World Trade Center to "little Eichmanns"; in his later "explanations", he makes Eichmann sound like a minor logistics officer. As you might guess, this has engendered some public comment, plus the usual speech cancellations and death threats.

I think this shows the applicability of Godwin's Law beyond usenet newsgroups. (For those who know only about the web and not usenet, I'll borrow a quote from "The Princess Bride": "When I was your age, the web was called usenet".) One of the "corollaries" of Godwin's Law is "if you mention Hitler or Nazis in a post, you've automatically ended whatever discussion you were taking part in". In this case, Churchill has pretty much guaranteed that nobody will pay attention to anything else he has to say, not only now, but quite likely ever. It doesn't matter how profound or worthy of discussion any of his other writings are; he has killed off any rational discussion of his views. This is probably not what he intended.

So, now people in Colorado (probably most) want to run him out of town on a rail. While I personally can't get past his invocation of Godwin's Law, I can quote Voltaire, "I disapprove of what you say, but will defend to the death your right to say it." One of the reasons university faculty are granted tenure is so that they can be free to pursue their interests and express their views without fear of retribution (well, that's overstating things a bit: the administration can always reassign you to an office that used to be a broom closet; they just can't fire you). And, lest we decide that Churchill has stepped over the bounds that must exist, keep in mind what Isaac Asimov said: "Politically popular speech has always been protected, even the Jews were free to say 'Heil Hitler'."

[+/-] show/hide the rest of this post