Re:Software is under the eyes of regulators
on
Geekonomics
·
· Score: 3, Interesting
I've yet to see a flaw in a book steal my, or anyone elses, credit card number, or delete all my other books, have you? I mentioned 'books' as an example real-world object with errors, not a one-to-one mapping to software. (I'm always reticent to use analogies, since they inevitably break down so quickly.)
There are of course meat-space analogies for identity theft and data loss arising from faulty products (locks, paper shredders, photocopiers) or services (shipping errors, clerical errors, corruption). The point is not the analogy per se... the point is that faulty products and services in the real world lead to losses (of time, money, data, personal information, etc.) and to crime. We could reduce these losses by spending more money and effort on higher quality products and services, but there reaches a point where people just don't care anymore (either because they are ignoring the risk, or because the risk is low enough that it isn't worth the additional cost).
The same applies to software: we could make it much more robust, but is the added security worth the burden of more regulation, more overhead, and more money? In some cases, it is... but in many cases it really isn't. Software related to health, personal safety, and financial information should be regulated (in the same way that medicine and financial institutions are regulated). But over-riding laws mandating software security and software liability are not necessary. End-user education is overall more important (both to prevent real-world losses, and computer losses).
Re:Software is under the eyes of regulators
on
Geekonomics
·
· Score: 3, Insightful
Indeed. Analogies to bridges and cars only make sense for software that can endanger lives: medical systems, bridge-designing systems, vehicle-control systems, etc. As you point out, in all those cases, the software (as well as any designs the software spits out) will be verified in detail and validated. The software vendor will usually be bound by stringent contracts and will indeed be contractually and legally responsible for defects.
The rest of software, like word processors, and spreadsheets, and music apps, doesn't need that kind of stringent oversight. A better analogy in such cases is to other mundane things: books, binders, pencils. Poorly designed binders and pencils can lead to lost productivity in the same way that poorly designed software can. Those who care will go for the higher-quality product (which may require more money, either in initial expenditure or in staff expertise). Again, errors in books can certainly lead to lost productivity, but is there really any need for more "book security" and "book oversight" and "book regulations" to make sure that the contents of books are robust and error-free?
I submit that such oversight is not really necessary (again, except in issues of health and physical safety). Most people can tolerate the occasional annoyances of breaking pencils, typos in books, and crashes in software. Ideally people should be educated about risk (e.g. don't put important documents in a flimsy box, put them in a safe; similarly, don't put important data in a low-security computer, get a properly administered server), so they can make informed choices. But more laws and regulation? Not necessary.
I was confused, too. Here's the reference to the actual paper:
Karin Kiontke, Antoine Barrière, Irina Kolotuev, Benjamin Podbilewicz, Ralf Sommer, David H.A. Fitch, and Marie-Anne Félix Trends, Stasis, and Drift in the Evolution of Nematode Vulva Development Current Biology (November 2007), 17, p. 1925-1937.
TFA seems to be misrepresenting the research somewhat. They claim that there is a divide in evolutionary theory between "random inheritance" and "deterministic inheritance." However, the actual article is describing the difference between unbiased (stochastic) and biased (selected or constrained) evolution of variation. In both cases the usual random genetic variation with fitness selection would occur.
The scientists are not claiming that evolution is deterministic or guided, but rather that there are strong selections and constraints that bias some variations to be more likely to appear than others. In their words:
We propose that developmental evolution is primarily governed by selection and/or selection-independent constraints, not stochastic processes such as drift in unconstrained phenotypic space.
As an example of a constraint, they mention "generative constraints" (i.e. fitness is selecting for a certain feature, and there are multiple ways of achieving that feature, but one's genetic heritage will bias one implementation over another). Their evidence for the drift in variations being generally "biased" is based on the occurrence (over generations) of various traits: for instance they observe fewer "reversals" (reappearance of traits that were previously common) than would be expected if the variability were entirely stochastic/random.
This is, in any case, my understanding of the paper... but I'm a chemist/physicist, not a biologist! (So hopefully a biologist in the crowd will further explain this paper.) Overall, however, I think the article doesn't summarize the work properly, since they are suggesting that evolution is highly directed and deterministic, whereas the paper is instead analyzing the "degree of bias" that is inherent to the selection effects of evolution. For instance, the scientific paper doesn't claim that evolution can't produce non-advantageous mutations.
I'm not sure I understand. "Our product X is designed to work with and has been confirmed to work with everything approved by universally-accepted standards body Y." This is an absolute defense, is it not? Whether X has been approved by the standards body seems irrelevant to me -- non-complying product Z is out of spec, and must accept the slings and arrows of uncaring vendors as part of the bargain. Let me ask you this: is the "X" in your hypothetical Apple's drive or the bendable CD? See the problem? When two "X" (non-complying products) interact, it doesn't always work. They can both claim "X" (we work with everything approved), but they are both really Z (out of spec).
That's the point of adhering to a standard: everything works because each half of the interface is complying with the same pre-arranged rules. One product can deviate from the spec, and maybe it's no big deal... but only so long as everyone else follows the spec.
So it is not an absolute defense to say "we are compatible with everything that follows the spec." Only following the spec itself is actually a defense, and this case shows exactly why. In short, both Apple's drive and the bendable CD ignore the spec. They are both at fault.
Your post outlines a possible means by which AT&T will stop bit-torrent traffic. It seems workable and realistic, and AT&T may very implement it (despite the obvious ramifications: e.g. if they block everything listed on PirateBay they will block many sanctioned/legal file transfers).
But the P2P community will fight back. It will become an arms race. For example: -Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads. -ISPs adjust their software to differentiate "real torrents" from "fake torrents." -Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data. -ISPs use their control of IP blocks to fake requests from different IPs. -P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions. -ISPs give up sending RST-floods, and instead drop all packets. -Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting. -ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site. -Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.
And so on...
My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
If AT&T actually goes so far as to automate man-in-the-middle and spoof all cryptographic key exchanges so that they can decrypt and analyze encrypted content... things are going to get interesting.
For one thing, I imagine financial institutions are not going to take kindly to that kind of action, and could probably mount a very successful class-action lawsuit.
The thing about encrypted traffic is that it could be anything, from confidential business data, to financial transactions, to launch-codes, to a screener of a new movie. As crazy as they are, AT&T will not start playing that game.
The blocking of IP addresses is a more likely counter-attack to widespread encryption, but even then solutions exist (e.g. the TOR network allows routing to servers that have no "non-tor" domain name, so the real IP address is never exposed). It will quickly become a ridiculous arms race...
Calling this "Instant-Boot" is a bit of a stretch. What they are describing is just a dual-boot bootloader that gives the option of booting into Windows or into Linux (Splashtop is a trimmed-down Linux distribution). The 20 second boot time for Splashtop is decently fast, but hardly "instant", especially when you compare it to how fast some computers can recover from sleep or hibernate modes.
It seems moderately interesting, in the sense that some users might suddenly realize that all their computing needs are met by a lightweight (and Free) operating system. They might rarely boot into Windows. On the other hand, for many people this "fast boot" will just make using the computer more frustrating, since they will boot into Splashtop to get something done quickly, but then suddenly realize that they need another application (that they only have on their Windows partition), and then have to endure another, longer, boot (and re-open whatever webpage they were just looking at, etc.).
In short, the interesting thing here is the idea of pushing a dual-boot computer to the masses, and not an "instant on" computer.
Ford's letter is quite well-written and even includes answers to genuine questions. However I think they are over-reaching beyond what the law allows. In particular, they claim:
"It is also not sufficient for a business to state that it is not affiliated with Ford but continue to use Ford trademarks without permission. The business is still misappropriating the goodwill and reputation developed by Ford, and attempting to capitalize on or profit from Ford's goodwill and reputation. Even with the best of intentions, unauthorized use of another company's trademark is against the law."
IANAL, but my understanding of trademarks was that "likelihood of confusion" really was the central criterion. That is, you can indeed captialize on someone's else's reputation (e.g. you can publicly say "Ford company purchased product XYZ!" if that happens to be true), as long as you do not claim official endorsement. If you make it sufficiently clear that you are not affiliated with Ford, then you are not infringing their trademark. I can use the word "Ford" and I can use the Ford logo, as long as it is for legitimate purposes and there is no consumer confusion (e.g. in commentary, parody, etc.).
The use of wording like "depictions or photographs of Ford's distinctively shaped vehicles" (emphasis added) is similarly over-reaching. By that rationale, every product is distinctive and thus cannot be used in a commercial image.
In any case, I don't think trademark law was intended to provide the blanket power that Ford is grasping for (where they inherently own all commercial endeavors that happen to include a Ford product somewhere).
It wouldn't take much for such a precedent to be extended into patently ridiculous territory.
For instance, if this were a valid case, a clothing manufacturer could scan through Flickr and sue hundreds of thousands of people overnight for "distributing images of our intellectual property." Or architects could sue someone trying to sell their house for similar reasons. (Yes, I know companies have tried to sue others for taking pictures of their "trademarked building"... but it's even more ridiculous for to sue the owner of the building!) Just think of the liability eBay would have!
I'm pretty sure Ford has no legal standing here, and that most judges would not accept these kinds of ridiculous arguments. As usual, the legal system is being used to intimidate rather than to solve legitimate grievances (see also SLAPP).
I can't imagine why I, a consumer, would support what I've heard about "net neutrality." It seems to be all about restricting my freedom to buy the service I want in the service of a dubious and cynical goal
Net neutrality wouldn't be needed if the consumer had the freedom to buy from a plurality of services in the first place. The fact is, for a variety of reasons (such as the limit on the number of cables you can bury, as well as the particular history of the industry), there are not very many choices available to consumers for data carriers. The usual rules for consumer decision and free-market optimization simply don't apply when you have monopolies controlling the market.
Net neutrality (if done properly) is about preventing monopolies from abusing their position and artificially limiting consumer freedom.
[It] boils down to making sure freeloaders don't have to pay any more per packet than the rest of us.
I can't parse this statement. How are they "freeloaders" if they are paying the same amount as "the rest of us"? It hardly seems unfair for everyone to pay the same amount for a given level of bandwidth usage. If the "freeloaders" you are referring to are companies that make money over the Internet (e.g. Google), then I remind you that they are paying for their net connection same as you or I. No one right now is freeloading, despite what the telcos would have us believe.
it sounds like if I happen to want a massive pipe to my door, and lightning service to various IP addresses of my choice, then... the government isn't going to allow me to cut a deal with my ISP for speedier treatment of my packets in exchange for more money. Likewise, if [someone] is perfectly willing to accept 4th class parcel-post service for her packets if the price is in the basement, then she, too, is up a creek, because it's a one-size-fits-all price and service level.
Net neutrality is not not "one-size-fits-all" mandate by the government. ISPs are free to offer varying levels of service at varying prices. Everyone is free to purchase the service level they want and need. No one is saying that gigantic corporations and grandmothers have the same Internet needs.
What neutrality is about is preventing the ISP from discriminating based on the source/destination of the data they transmit (and, according to some, should also include protocol neutrality). To use your mail example, no one is saying that we can't have Express vs. Regular vs. 4th-class. What we are saying is that the postal service cannot charge you to send a package, and then charge the receiver, again, to receive up the package (and moreover have variable charges depending not on distance or quality of service, but on whether they have "a deal" with the source or destination).
In physical distribution, this "common carrier" rule has done considerable good: it prevents a carrier (especially monopoly carriers like rail) from colluding or discriminating, thereby opening up the service for everyone to use freely and fairly.
checking out the record of innovation and efficiency growth in industries that have been heavily regulated in the past...-- such as airlines, telephone service, broadcast radio, power generation and distribution, public education, public health -- then alas any one with half a brain comes to the unpleasant conclusion that such interference always increases the price and decreases the efficiency of the service.
That's a rather bold statement to make without any specific explanation. Although I could formulate counter-examples, it's largely irrelevant to the debate at hand. I think most of us would agree that government regulation should be avoided where possible. However, there are cases where government intervention can be helpful and even necessary. In particular, since the telco industry is inherently a government-sanctioned monop
Rummaging through a computer's hard drive, the government says, is no different from looking through a suitcase. Wouldn't a more apt analogy be "can border security read all the paper documents a person is carrying?" Is it legal for border security to open every binder of notes, and open every letter on your person, including medical records, bank statements, things marked "private" or "confidential" or "top secret"?
I think the answer is: no, that's not allowed. They are allowed to search in order to satisfy themselves that it is a book/document and not something nefarious (bomb, contraband, etc.)... but beyond that they cannot go rummaging through any data you happen to be carrying on your person.
By analogy, I would expect that physically inspecting a laptop (to make sure it's not hiding anything nefarious) is okay, but I can't think of a legitimate reason to start scanning through the data on it.
Wait, so GPL 2 is "locking code up?" It's not that the GPLv2 is a bad license--it is a great license. The question is whether the GPLv3 is better (and if so, then why not use it?).
Where were all these people who had strong anti-GPL 2 sentiments before 3 was released? They were discussing the shortcomings of v2 prior to v3 being created (in fact, it was because of those discussions that v3 was born). One can be pro-GPLv2 but still think of ways to improve it, by the way. The complaints used examples like TiVo (extending code, but preventing end-users from exercising freedom to tinker), web-services (making derivative code, but not releasing changes since users didn't directly download copies of code), patent deals (breaking the spirit of the GPL by using out-of-band patent deals to prevent others from using derivative code), and so on.
Now, regardless of whether or not you agree with these particular points (I agree with some, not others), the fact is that the GPLv2 was good, but had identified weaknesses in the eyes of some people. The GPLv3 was thus created as an alternative for those who felt that GPLv2 didn't emphasize certain points strongly enough. It should also be noted that v3 cleans up some language in order to make it more modern and in light of experience in dealing with GPL licensing issues.
Was it not good enough then, or are we just angry because the FSF is telling us to be? Your question is a red herring: GPLv2 is good, but GPLv3 may be better (for some people/uses).
It's true that relicensing the entire kernel to GPLv3 would be impossible. But it could transition to GPLv3 in a "ship of Theseus" manner if all new code contributions were licensed as GPLv3 (or dual licensed v2/v3). As older code becomes replaced with newer code, a larger and larger fraction of the code-base would be covered by v3. In principle eventually the kernel would be completely available under GPLv3. (Does anyone know the average lifetime of code in the kernel? How long does it take for the entire codebase to be "refreshed"?) Alternately with sufficient migration to new code, eventually the list of "must get permissions" might be manageable.
Of course this isn't going to happen soon, since Linus, at least, will continue submitting GPLv2-only code, as will many others. What I don't know about Linus' stance is how extreme he will be. He clearly prefers v2 over v3, but will he reject code submissions that are v3? (or dual-licensed?)
Rejecting submissions based on license sound rather ideological (not typical for the self-proclaimed pragmatist that he is)... but if he allows a significant fraction of the code to be v3-compatible, then the kernel may become a de-facto GPLv3 codebase.
If it doesn't work, demonstrating it to the public is probably a Bad Idea(tm). Just ask Microsoft! There's a notable difference between trying to sell people an expensive piece of software that doesn't work, and making alpha code available free of charge for whoever wants to play with it.
Wikia is just following the OSS philosophy of releasing early so that they can get feedback and hopefully get other people interested in helping them make it work. They are not charging for anything and have made it clear that this is all "alpha quality" for the time being.
It's true that demonstrating something incomplete can often kill enthusiasm since it won't live up to expectations. But it can also be dangerous to keep something under wraps for too long: people will lose interest and call it "vaporware." Moreover, for something like Wikia search, which is intended to have a significant user-generated component, they critically need to start building up a community and get user feedback as soon as possible.
Having said all that, I agree that what they currently have is rather meager and unimpressive. There's currently no mechanism for even the enthusiastic users to really start contributing. But hopefully those things will appear as soon as they are coded--that's the whole point with releasing unpolished alpha software.
Agreed. This is a very early prototype, and should be treated as such. I think people's expectations are quite high because of how large and complex Wikipedia currently is. They forget what Wikipedia looked like when it first launched!
It's a project to *build* a search engine, not a search engine. We've been telling everyone that constantly. I'm sorry Michael's disappointed, but having said that, we didn't build it for him, but for people who think that openness, transparency, and participation are more important than slick releases.
When I launched Wikipedia, I wrote at the top of the first page "Wikipedia, the free encyclopedia". On that day, anyone reviewing it would have laughed. What's this? There's nothing here! This is not an encyclopedia, it is an empty website with some funny editing syntax!
So the comparison to Google on day one is just mistaken. Google didn't launch a project to build a human-powered search engine, they launched an algorithmic search engine with a clever new idea. So they didn't have to wait for the humans to come in and start building it.
We aren't even running with a real index yet, just a placeholder index. Yeah, the search sucks today. But that's not the point. The point is that we are building something different.
What's the benefit? Well, as usual it will depend on the implementation.
If it truly ends up being an open standard, then end-users will benefit. The two-way interaction will be used to select desired data, for video-on-demand, downloading TV-schedules to various devices, etc. With an open standard, the end-user will be able to select from a wide variety of devices or even "roll their own" (e.g. MythTV). An open standard also means that new kinds of two-way TV interactions may be invented that can't be imagined right now: "social TV" where you exchange recommendations with friends, mash-ups of contents, customized and personalized news feeds, etc.
But, as we all know, the above scenario is rather unlikely. What is likely to be the case is that this will be a closed, proprietary, guarded standard that requires money and NDAs to become involved in. It will thus benefit the networks and advertisers, since it will be used to accumulate data on viewing habits, and to restrict the ways in which you can watch content (DRM, authorization flags, restrictions on transferring content to other devices, etc.).
You're absolutely right: the "push" content distribution method is much better when you can't trust the distribution system (as you rarely can with closed systems), whereas the "two-way" method is usually better when you can understand/control/trust the distribution system (e.g. the Internet).
It's good the Facebook is blocking that app, but this points to a deeper problem with Facebook's implementation of third-party applications. This is just the beginning of Facebook being exploited by scammers.
Whoever injected that spyware application will no doubt create a new developer account, and upload some variant of "Secret Crush". Blocking a particular application or a particular developer account is a short-term solution. I can only guess that more and more people are going to exploit Facebook apps for adware, spyware, phishing, identity theft, etc. Facebook will then be playing yet another game of "Internet whack-a-mole" where they try to block applications based on signatures, block developers based on IP address, and so on (with usual countermeasures of automated code variation, proxies, etc.). As we've seen from spam, viruses, spyware, and phishing, such games reach a stalemate where a certain fraction of users are becoming victims at any given time (typically the less savvy users, I suppose).
Personally I think Facebook should do a better job making the risks of third-party applications clear. The little "confirm that you want this application" question has already become so routine for most users that it means nothing to them. Moreover, the tight integration of third-party apps into the Facebook environment, though visually pleasing, leads most users to believe that the applications are written by and endorsed by Facebook. In fact, the code runs on third-party servers and those third-parties have access to profile data once you accept the app. Most Facebook users are surprised when you tell them this. And it's not always easy to tell who actually wrote a given application.
I think we all saw this coming, and I'm surprised Facebook didn't put in more safeguards to curtail the use of the app framework for spamming, phishing, and social engineering.
According to this there 1.26 billion Internet users. According to Wikipedia there were 1.4 million iPhones sold by October 2007. Assuming every iPhone connects to the Net at some point, that means ~0.11% of the connected devices should be iPhones, which is remarkably close to the number the article quotes.
That having been said, I don't really trust the stats provided in the article. They claim 0.6% Linux usage, but most other estimates based on web traffic put Linux usage at 0.8% to 3% (and as we all know such techniques are inherently error-prone; e.g. Linux users may spoof their agent string).
As usual, estimating Linux market share is nearly impossible. It can be interesting to look at the numbers, but I wouldn't make any sweeping arguments based on such uncertain data.
A notable difference being that this scientist is proposing means by which one could potentially distinguish between a "simulation reality" and a "real reality". That is, he is presenting a theory that makes falsifiable predictions. In his abstract he puts it as:
It is suggested that whether the world is an objective reality or a virtual reality is a matter for science to resolve.
He also readily admits that the idea is "strange" but says that it is still worthy of investigation:
This article argues that the idea
that our physical world is a virtual reality, which is normally a topic of science fiction, religion or
philosophy, should be considered as a possible theory of physics. Whether this is true or not, the
reader is asked to keep an open mind, as one has to at least consider a theory to reject it.... The paper asks if a world that behaves just like the world we live in could arise from a VR simulation, and whether physical data from this world supports (or denies) this possibility. The first considers if VR theory is logically possible, and the second if it explains known facts better than other theories.
Now having said all that, I'm not convinced that his idea is really sound. Fundamentally he is arguing that if our reality is the result of information processing, then there will be effects that cannot be computed/simulated within our reality. He says:
a VR processor cannot logically exist within the virtual reality its
processing creates. It is logically impossible for a processor to create itself because the virtual
world creation could not start if a processor did not initially exist outside it.
I'm not sure I understand or agree with this. The reality we see appears to arise because of the 'laws of physics' acting on certain 'initial conditions.' Simulating the entire universe would require precise knowledge of those initial conditions (location of every particle at the big bang) but it is possible (but as yet unproven) that the laws of physics are quite simple and computable and could be simulated by a (quantum) computer within our universe. I think this would hold whether reality is real or virtual (you can simulate a universe inside reality; and a computer can simulate itself).
A much more lucid and convincing discussion of these ideas is presented by Max Tegmark in his paper "The Mathematical Universe" (preprint available here). In it, he discusses this idea of whether we could detect being inside a virtual reality and provides arguments for why there may be no meaningful difference between a "simulation of reality" and "reality itself". His overall argument, that the universe may be fundamentally mathematical, is quite interesting, and again he provides some means by which we could determine to what extent his arguments actually apply to our universe. Worth a read.
How many router models and hardware revisions would the worm need to support to make this effective? Since wireless routers are (usually) connected to the Internet, the worm could "phone home" to some central repository in order to get the code it needs to attack different models. What I mean is that the virus wouldn't need to carry code for all makes/models. Instead, an infected access point would scan nearby access points (or computers) for open or crackable connections, and then access a central store for the exact methodology/code/virus needed to spread to those new access points. This also means that the virus author could add new makes/models to the "central store" (which would probably be running in a botnet or compromised webserver somewhere) thereby augmenting the virus as it spreads, making it more virulent with time.
Of course you're right that this does indeed require the virus author to design code for a wide variety of routers and access points.
On another note, configuring the router for administrative access only via ethernet would completely stop the problem. That should really be the default. Routers are typically less secure from the wireless end than from the wired end (hacking someone's router from the internet is harder than just accessing it wirelessly, since many people don't even secure the wireless end with a password). So it may be viable to create a "bot-mesh" of wireless access points, which gives you all kinds of dangerous abilities (e.g. you can convincingly spoof websites for anyone on the affected LAN as part of a phishing attack).
This is a fantastic win for the EFF, and I hope they continue doing this good work.
However it points to a deeper problem in the patent system. It's bad enough that the current patent office allows awful patents to slip through--but it's worse still that it requires an external non-profit organization to "fight" in order to get ridiculous patents overturned. In principle it should require nothing more than a polite mail to the USPTO, pointing out a weak patent that was granted, and the patent office would do a review and overturn the patent immediately.
Instead, we have to organize ourselves, fund a non-profit, and get them to aggressively fight the issue, submitting detailed accounts of prior art, and hope the patent office responds properly. This also means that we are paying for these ridiculous patents twice: first to run the infrastructure of the patent office, and then again because we have to fund third parties to actually review patents (wasn't that supposed to be the job of the patent office?).
The whole system seems rather inefficient. Again I commend the EFF on its amazing work (and I will continue donating to them), but ultimately it would seem that a reform of the patent office itself is what's really required.
You're correct that the means by which such medical techniques are used is at least as important as the efficacy of the techniques themselves. At least the researchers involved are viewing this only as a means for addicts to voluntarily kick the habit. From TFA:
Baylor College of Medicine researchers in Houston are working on a cocaine vaccine they hope will become the first-ever medication to treat people hooked on the drug. "For people who have a desire to stop using, the vaccine should be very useful," said Dr. Tom Kosten, a psychiatry professor who is being assisted in the research by his wife, Therese, a psychologist and neuroscientist. "At some point, most users will give in to temptation and relapse, but those for whom the vaccine is effective won't get high and will lose interest."
I highly doubt that the FDA (for instance) would ever approve the use of such vaccines on the population at large, since the risk of unknown interactions is probably higher than any benefit of reducing future addiction (since most of the population doesn't end up being addicted...). I don't think we're ever going to see mandatory vaccination against illicit drugs (although it wouldn't be the first time that dystopian sci-fi ideas became reality).
In any case, the intended usage (as an aid to those who are voluntarily trying to break an addiction) is worth pursuing.
Re:well, not effortlessly
on
RTF Vs. OOXML
·
· Score: 4, Insightful
By owning the 'standard' and developing it in secret, in an Ecma rubber-stamp process, Microsoft rigs the system so they can author an ISO standard with which they are effortlessly compatible
I wouldn't say this is entirely true (effortless) on Microsoft's part. Any user of any Microsoft product is well aware of how difficult it is to work in and out of various new vs. old formats I think the "accusation" of it being effortless for Microsoft was not in relation to backwards-compatibility, but rather that Microsoft's new products are effortlessly compatible with Microsoft's new standards, for the simple reason that they become the definition of the standard.
If, for instance, Office 2009 has several bugs with respect to how it renders OOXML, then these bugs will actually become part of the de facto OOXML standard. Anyone who wants to implement the "standard" will have to reproduce those bugs in order to appear to be "the same as MS Office." This is the same problem the Wine team has when re-implementing the Windows API: they actually have to deviate from the established API documentation and reproduce Windows bugs since Windows applications rely on these bugs.
If you let a "standard" (like OOXML) be tied to a specific implementation of the standard, then anyone who wants to re-implement the standard must make the tough choice between being true to the letter of the standard (as written) or the de facto standard as embodied in the dominant implementation. We saw with IE's buggy implementation of HTML the problems this can cause, and are only now pulling ourselves out of that particular mess.
The problem is that Microsoft can alter the OOXML "standard" to their heart's content simply by changing the way MS Office works in future versions. Documented or not, those changes will effortlessly become "the new standard" by virtue of their dominant market position.
It avoids racial profiling but creates a new form of profiling, which basically means some new class of legitimate travelers will suffer the pain of false positives. I really worry about this kind of "expression reading" because:
1. It targets members of society who have above-average social anxiety, or "deviate from the norm" in some other way. Geeks and Nerds could end up being "more suspicious" simply because they either have mild social anxiety, or because they are "aware" of the facial profiling, hence they appear nervous (because they're thinking "oh crap they're analyzing my face... try to look natural and calm... but don't look like you're trying too hard!" and thus appear to be hiding something).
2. Overall, as soon as you create rules for deciding who gets greater scrutiny, you create a weakness that the enemy can exploit. The enemy knows what they have to train to avoid/circumvent, thus enabling them to suffer detailed searches less often than average, instead of more often (which was the intention). It has been shown many times that the optimal security strategy is often the one that uses perfect randomness, since there is no defense against it (see Schneier's analysis and this paper).
So, really, coming up with new and fancy ways to profile people isn't all that helpful. (Of course, there's the dim possibility that they are publicly claiming to profile, but are secretly using a random strategy, hoping that the enemy wastes effort in trying to circumvent a non-existent analysis system, thereby making them easier to catch... but somehow I doubt it.)
I also have complaints about the present study, but I'd like to note some mistakes you made in your post:
your body is quite incabaple of being affected by light with a wavelength bigger than a volkswagen beetle. (devide the speed of light by the frequency to see how large these waves really are) c/(884 MHz) = 33 cm
which is smaller than a human body. But moreover your implication that objects smaller than the wavelength of EM-radiation cannot interact with that radiation is completely false: they do indeed interact with it (though the exact nature of the interaction does indeed depends on sizes and distances in relation to the wavelength, e.g. see near-field vs. far-field). For instance, light (wavelength of ~300 nm) can be scattered by individual atoms (~0.1 nm). Also, a cell-phone antenna can obviously measure and transmit waves that are much bigger than it.
There is a reason radio telescopes are frikin huge. Indeed. Collection area being one of the main reasons (to accumulate enough signal so that it can be measured above the ambient background). It is true that there are advantages to having antenna (and optics, etc.) be larger than the wavelength of the radiation, but it is still possible to interact with EM radiation at smaller size-scales, too.
As for a microwave effect... wrong frequency, buddy. no... just.. no. Microwave radiation is in the part of the EM-spectrum that happens to coincide with the energy-levels for molecular rotation (again, molecules interacting with much larger EM rays). Thus microwaves can be used to increase the rotational energy of materials, which very quickly dissipates into heat (this is how a microwave oven works: by increasing the rotational energy of molecules, thereby heating the material).
The rationale for microwave radiation having biological effects is thus based on either: (1) localized heating leading to tissue damage or slight change in biological functioning; (2) changes in rotational behavior of molecules biases other biological processes (e.g. the change in rotational behavior of some protein changes the expression of a gene, etc.). By all accounts, the low-levels of microwaves produced by cell phones are so small that the heating and other effects are very, very small. Whether or not they are too small to lead to biological effect is what is being studied, of course.
It's not as exposing you to radio frequency is actually "adding" anything to your environment. We are being constantly struck by radio waves of every frequency Yes, but what matters, as always, is: (1) exposure above background, (2) energy density. (We are constantly bombarded by all kinds of radiation, including gamma rays and x-rays, and our biology can handle those low-levels just fine. But above a certain threshold, the energy density is high enough to lead to very real health effects.)
A sufficiently concentrated pulse of microwave radiation could no doubt harm a person (at a minimum, a sufficiently intense pulse could heat them to death). So the question is really whether the additional exposure (above normal background) that cell-phones cause leads to any health effects, or whether it is indeed "lost in the noise" as you suggest.
Again, I agree with the sentiment of your post, inasmuch as I have seen no credible evidence that cell-phone radiation is harmful to human physiology in any real, measurably way. That having been said, we must be careful with how we describe these effects, and not allow spurious reasoning on either side of this debate.
Slashdot Mirror
There are of course meat-space analogies for identity theft and data loss arising from faulty products (locks, paper shredders, photocopiers) or services (shipping errors, clerical errors, corruption). The point is not the analogy per se... the point is that faulty products and services in the real world lead to losses (of time, money, data, personal information, etc.) and to crime. We could reduce these losses by spending more money and effort on higher quality products and services, but there reaches a point where people just don't care anymore (either because they are ignoring the risk, or because the risk is low enough that it isn't worth the additional cost).
The same applies to software: we could make it much more robust, but is the added security worth the burden of more regulation, more overhead, and more money? In some cases, it is... but in many cases it really isn't. Software related to health, personal safety, and financial information should be regulated (in the same way that medicine and financial institutions are regulated). But over-riding laws mandating software security and software liability are not necessary. End-user education is overall more important (both to prevent real-world losses, and computer losses).
Indeed. Analogies to bridges and cars only make sense for software that can endanger lives: medical systems, bridge-designing systems, vehicle-control systems, etc. As you point out, in all those cases, the software (as well as any designs the software spits out) will be verified in detail and validated. The software vendor will usually be bound by stringent contracts and will indeed be contractually and legally responsible for defects.
The rest of software, like word processors, and spreadsheets, and music apps, doesn't need that kind of stringent oversight. A better analogy in such cases is to other mundane things: books, binders, pencils. Poorly designed binders and pencils can lead to lost productivity in the same way that poorly designed software can. Those who care will go for the higher-quality product (which may require more money, either in initial expenditure or in staff expertise). Again, errors in books can certainly lead to lost productivity, but is there really any need for more "book security" and "book oversight" and "book regulations" to make sure that the contents of books are robust and error-free?
I submit that such oversight is not really necessary (again, except in issues of health and physical safety). Most people can tolerate the occasional annoyances of breaking pencils, typos in books, and crashes in software. Ideally people should be educated about risk (e.g. don't put important documents in a flimsy box, put them in a safe; similarly, don't put important data in a low-security computer, get a properly administered server), so they can make informed choices. But more laws and regulation? Not necessary.
Karin Kiontke, Antoine Barrière, Irina Kolotuev, Benjamin Podbilewicz, Ralf Sommer, David H.A. Fitch, and Marie-Anne Félix Trends, Stasis, and Drift in the Evolution of Nematode Vulva Development Current Biology (November 2007), 17, p. 1925-1937.
TFA seems to be misrepresenting the research somewhat. They claim that there is a divide in evolutionary theory between "random inheritance" and "deterministic inheritance." However, the actual article is describing the difference between unbiased (stochastic) and biased (selected or constrained) evolution of variation. In both cases the usual random genetic variation with fitness selection would occur.
The scientists are not claiming that evolution is deterministic or guided, but rather that there are strong selections and constraints that bias some variations to be more likely to appear than others. In their words: As an example of a constraint, they mention "generative constraints" (i.e. fitness is selecting for a certain feature, and there are multiple ways of achieving that feature, but one's genetic heritage will bias one implementation over another). Their evidence for the drift in variations being generally "biased" is based on the occurrence (over generations) of various traits: for instance they observe fewer "reversals" (reappearance of traits that were previously common) than would be expected if the variability were entirely stochastic/random.
This is, in any case, my understanding of the paper... but I'm a chemist/physicist, not a biologist! (So hopefully a biologist in the crowd will further explain this paper.) Overall, however, I think the article doesn't summarize the work properly, since they are suggesting that evolution is highly directed and deterministic, whereas the paper is instead analyzing the "degree of bias" that is inherent to the selection effects of evolution. For instance, the scientific paper doesn't claim that evolution can't produce non-advantageous mutations.
That's the point of adhering to a standard: everything works because each half of the interface is complying with the same pre-arranged rules. One product can deviate from the spec, and maybe it's no big deal... but only so long as everyone else follows the spec.
So it is not an absolute defense to say "we are compatible with everything that follows the spec." Only following the spec itself is actually a defense, and this case shows exactly why. In short, both Apple's drive and the bendable CD ignore the spec. They are both at fault.
Your post outlines a possible means by which AT&T will stop bit-torrent traffic. It seems workable and realistic, and AT&T may very implement it (despite the obvious ramifications: e.g. if they block everything listed on PirateBay they will block many sanctioned/legal file transfers).
But the P2P community will fight back. It will become an arms race. For example:
-Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads.
-ISPs adjust their software to differentiate "real torrents" from "fake torrents."
-Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data.
-ISPs use their control of IP blocks to fake requests from different IPs.
-P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions.
-ISPs give up sending RST-floods, and instead drop all packets.
-Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting.
-ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site.
-Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.
And so on...
My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
If AT&T actually goes so far as to automate man-in-the-middle and spoof all cryptographic key exchanges so that they can decrypt and analyze encrypted content... things are going to get interesting.
For one thing, I imagine financial institutions are not going to take kindly to that kind of action, and could probably mount a very successful class-action lawsuit.
The thing about encrypted traffic is that it could be anything, from confidential business data, to financial transactions, to launch-codes, to a screener of a new movie. As crazy as they are, AT&T will not start playing that game.
The blocking of IP addresses is a more likely counter-attack to widespread encryption, but even then solutions exist (e.g. the TOR network allows routing to servers that have no "non-tor" domain name, so the real IP address is never exposed). It will quickly become a ridiculous arms race...
Calling this "Instant-Boot" is a bit of a stretch. What they are describing is just a dual-boot bootloader that gives the option of booting into Windows or into Linux (Splashtop is a trimmed-down Linux distribution). The 20 second boot time for Splashtop is decently fast, but hardly "instant", especially when you compare it to how fast some computers can recover from sleep or hibernate modes.
It seems moderately interesting, in the sense that some users might suddenly realize that all their computing needs are met by a lightweight (and Free) operating system. They might rarely boot into Windows. On the other hand, for many people this "fast boot" will just make using the computer more frustrating, since they will boot into Splashtop to get something done quickly, but then suddenly realize that they need another application (that they only have on their Windows partition), and then have to endure another, longer, boot (and re-open whatever webpage they were just looking at, etc.).
In short, the interesting thing here is the idea of pushing a dual-boot computer to the masses, and not an "instant on" computer.
The use of wording like "depictions or photographs of Ford's distinctively shaped vehicles" (emphasis added) is similarly over-reaching. By that rationale, every product is distinctive and thus cannot be used in a commercial image.
In any case, I don't think trademark law was intended to provide the blanket power that Ford is grasping for (where they inherently own all commercial endeavors that happen to include a Ford product somewhere).
It wouldn't take much for such a precedent to be extended into patently ridiculous territory.
... but it's even more ridiculous for to sue the owner of the building!) Just think of the liability eBay would have!
For instance, if this were a valid case, a clothing manufacturer could scan through Flickr and sue hundreds of thousands of people overnight for "distributing images of our intellectual property." Or architects could sue someone trying to sell their house for similar reasons. (Yes, I know companies have tried to sue others for taking pictures of their "trademarked building"
I'm pretty sure Ford has no legal standing here, and that most judges would not accept these kinds of ridiculous arguments. As usual, the legal system is being used to intimidate rather than to solve legitimate grievances (see also SLAPP).
I can't imagine why I, a consumer, would support what I've heard about "net neutrality." It seems to be all about restricting my freedom to buy the service I want in the service of a dubious and cynical goal
Net neutrality wouldn't be needed if the consumer had the freedom to buy from a plurality of services in the first place. The fact is, for a variety of reasons (such as the limit on the number of cables you can bury, as well as the particular history of the industry), there are not very many choices available to consumers for data carriers. The usual rules for consumer decision and free-market optimization simply don't apply when you have monopolies controlling the market.
Net neutrality (if done properly) is about preventing monopolies from abusing their position and artificially limiting consumer freedom.
[It] boils down to making sure freeloaders don't have to pay any more per packet than the rest of us.
I can't parse this statement. How are they "freeloaders" if they are paying the same amount as "the rest of us"? It hardly seems unfair for everyone to pay the same amount for a given level of bandwidth usage. If the "freeloaders" you are referring to are companies that make money over the Internet (e.g. Google), then I remind you that they are paying for their net connection same as you or I. No one right now is freeloading, despite what the telcos would have us believe.
it sounds like if I happen to want a massive pipe to my door, and lightning service to various IP addresses of my choice, then ... the government isn't going to allow me to cut a deal with my ISP for speedier treatment of my packets in exchange for more money. Likewise, if [someone] is perfectly willing to accept 4th class parcel-post service for her packets if the price is in the basement, then she, too, is up a creek, because it's a one-size-fits-all price and service level.
Net neutrality is not not "one-size-fits-all" mandate by the government. ISPs are free to offer varying levels of service at varying prices. Everyone is free to purchase the service level they want and need. No one is saying that gigantic corporations and grandmothers have the same Internet needs.
What neutrality is about is preventing the ISP from discriminating based on the source/destination of the data they transmit (and, according to some, should also include protocol neutrality). To use your mail example, no one is saying that we can't have Express vs. Regular vs. 4th-class. What we are saying is that the postal service cannot charge you to send a package, and then charge the receiver, again, to receive up the package (and moreover have variable charges depending not on distance or quality of service, but on whether they have "a deal" with the source or destination).
In physical distribution, this "common carrier" rule has done considerable good: it prevents a carrier (especially monopoly carriers like rail) from colluding or discriminating, thereby opening up the service for everyone to use freely and fairly.
checking out the record of innovation and efficiency growth in industries that have been heavily regulated in the past ...-- such as airlines, telephone service, broadcast radio, power generation and distribution, public education, public health -- then alas any one with half a brain comes to the unpleasant conclusion that such interference always increases the price and decreases the efficiency of the service.
That's a rather bold statement to make without any specific explanation. Although I could formulate counter-examples, it's largely irrelevant to the debate at hand. I think most of us would agree that government regulation should be avoided where possible. However, there are cases where government intervention can be helpful and even necessary. In particular, since the telco industry is inherently a government-sanctioned monop
I think the answer is: no, that's not allowed. They are allowed to search in order to satisfy themselves that it is a book/document and not something nefarious (bomb, contraband, etc.)... but beyond that they cannot go rummaging through any data you happen to be carrying on your person.
By analogy, I would expect that physically inspecting a laptop (to make sure it's not hiding anything nefarious) is okay, but I can't think of a legitimate reason to start scanning through the data on it.
Where were all these people who had strong anti-GPL 2 sentiments before 3 was released? They were discussing the shortcomings of v2 prior to v3 being created (in fact, it was because of those discussions that v3 was born). One can be pro-GPLv2 but still think of ways to improve it, by the way. The complaints used examples like TiVo (extending code, but preventing end-users from exercising freedom to tinker), web-services (making derivative code, but not releasing changes since users didn't directly download copies of code), patent deals (breaking the spirit of the GPL by using out-of-band patent deals to prevent others from using derivative code), and so on.
Now, regardless of whether or not you agree with these particular points (I agree with some, not others), the fact is that the GPLv2 was good, but had identified weaknesses in the eyes of some people. The GPLv3 was thus created as an alternative for those who felt that GPLv2 didn't emphasize certain points strongly enough. It should also be noted that v3 cleans up some language in order to make it more modern and in light of experience in dealing with GPL licensing issues.
Was it not good enough then, or are we just angry because the FSF is telling us to be? Your question is a red herring: GPLv2 is good, but GPLv3 may be better (for some people/uses).
It's true that relicensing the entire kernel to GPLv3 would be impossible. But it could transition to GPLv3 in a "ship of Theseus" manner if all new code contributions were licensed as GPLv3 (or dual licensed v2/v3). As older code becomes replaced with newer code, a larger and larger fraction of the code-base would be covered by v3. In principle eventually the kernel would be completely available under GPLv3. (Does anyone know the average lifetime of code in the kernel? How long does it take for the entire codebase to be "refreshed"?) Alternately with sufficient migration to new code, eventually the list of "must get permissions" might be manageable.
Of course this isn't going to happen soon, since Linus, at least, will continue submitting GPLv2-only code, as will many others. What I don't know about Linus' stance is how extreme he will be. He clearly prefers v2 over v3, but will he reject code submissions that are v3? (or dual-licensed?)
Rejecting submissions based on license sound rather ideological (not typical for the self-proclaimed pragmatist that he is)... but if he allows a significant fraction of the code to be v3-compatible, then the kernel may become a de-facto GPLv3 codebase.
Wikia is just following the OSS philosophy of releasing early so that they can get feedback and hopefully get other people interested in helping them make it work. They are not charging for anything and have made it clear that this is all "alpha quality" for the time being.
It's true that demonstrating something incomplete can often kill enthusiasm since it won't live up to expectations. But it can also be dangerous to keep something under wraps for too long: people will lose interest and call it "vaporware." Moreover, for something like Wikia search, which is intended to have a significant user-generated component, they critically need to start building up a community and get user feedback as soon as possible.
Having said all that, I agree that what they currently have is rather meager and unimpressive. There's currently no mechanism for even the enthusiastic users to really start contributing. But hopefully those things will appear as soon as they are coded--that's the whole point with releasing unpolished alpha software.
In the review entry, Jimmy Wales posted a comment that responds to these criticisms quite accurately:
What's the benefit? Well, as usual it will depend on the implementation.
If it truly ends up being an open standard, then end-users will benefit. The two-way interaction will be used to select desired data, for video-on-demand, downloading TV-schedules to various devices, etc. With an open standard, the end-user will be able to select from a wide variety of devices or even "roll their own" (e.g. MythTV). An open standard also means that new kinds of two-way TV interactions may be invented that can't be imagined right now: "social TV" where you exchange recommendations with friends, mash-ups of contents, customized and personalized news feeds, etc.
But, as we all know, the above scenario is rather unlikely. What is likely to be the case is that this will be a closed, proprietary, guarded standard that requires money and NDAs to become involved in. It will thus benefit the networks and advertisers, since it will be used to accumulate data on viewing habits, and to restrict the ways in which you can watch content (DRM, authorization flags, restrictions on transferring content to other devices, etc.).
You're absolutely right: the "push" content distribution method is much better when you can't trust the distribution system (as you rarely can with closed systems), whereas the "two-way" method is usually better when you can understand/control/trust the distribution system (e.g. the Internet).
It's good the Facebook is blocking that app, but this points to a deeper problem with Facebook's implementation of third-party applications. This is just the beginning of Facebook being exploited by scammers.
Whoever injected that spyware application will no doubt create a new developer account, and upload some variant of "Secret Crush". Blocking a particular application or a particular developer account is a short-term solution. I can only guess that more and more people are going to exploit Facebook apps for adware, spyware, phishing, identity theft, etc. Facebook will then be playing yet another game of "Internet whack-a-mole" where they try to block applications based on signatures, block developers based on IP address, and so on (with usual countermeasures of automated code variation, proxies, etc.). As we've seen from spam, viruses, spyware, and phishing, such games reach a stalemate where a certain fraction of users are becoming victims at any given time (typically the less savvy users, I suppose).
Personally I think Facebook should do a better job making the risks of third-party applications clear. The little "confirm that you want this application" question has already become so routine for most users that it means nothing to them. Moreover, the tight integration of third-party apps into the Facebook environment, though visually pleasing, leads most users to believe that the applications are written by and endorsed by Facebook. In fact, the code runs on third-party servers and those third-parties have access to profile data once you accept the app. Most Facebook users are surprised when you tell them this. And it's not always easy to tell who actually wrote a given application.
I think we all saw this coming, and I'm surprised Facebook didn't put in more safeguards to curtail the use of the app framework for spamming, phishing, and social engineering.
According to this there 1.26 billion Internet users. According to Wikipedia there were 1.4 million iPhones sold by October 2007. Assuming every iPhone connects to the Net at some point, that means ~0.11% of the connected devices should be iPhones, which is remarkably close to the number the article quotes.
That having been said, I don't really trust the stats provided in the article. They claim 0.6% Linux usage, but most other estimates based on web traffic put Linux usage at 0.8% to 3% (and as we all know such techniques are inherently error-prone; e.g. Linux users may spoof their agent string).
As usual, estimating Linux market share is nearly impossible. It can be interesting to look at the numbers, but I wouldn't make any sweeping arguments based on such uncertain data.
A much more lucid and convincing discussion of these ideas is presented by Max Tegmark in his paper "The Mathematical Universe" (preprint available here). In it, he discusses this idea of whether we could detect being inside a virtual reality and provides arguments for why there may be no meaningful difference between a "simulation of reality" and "reality itself". His overall argument, that the universe may be fundamentally mathematical, is quite interesting, and again he provides some means by which we could determine to what extent his arguments actually apply to our universe. Worth a read.
Of course you're right that this does indeed require the virus author to design code for a wide variety of routers and access points. On another note, configuring the router for administrative access only via ethernet would completely stop the problem. That should really be the default. Routers are typically less secure from the wireless end than from the wired end (hacking someone's router from the internet is harder than just accessing it wirelessly, since many people don't even secure the wireless end with a password). So it may be viable to create a "bot-mesh" of wireless access points, which gives you all kinds of dangerous abilities (e.g. you can convincingly spoof websites for anyone on the affected LAN as part of a phishing attack).
This is a fantastic win for the EFF, and I hope they continue doing this good work.
However it points to a deeper problem in the patent system. It's bad enough that the current patent office allows awful patents to slip through--but it's worse still that it requires an external non-profit organization to "fight" in order to get ridiculous patents overturned. In principle it should require nothing more than a polite mail to the USPTO, pointing out a weak patent that was granted, and the patent office would do a review and overturn the patent immediately.
Instead, we have to organize ourselves, fund a non-profit, and get them to aggressively fight the issue, submitting detailed accounts of prior art, and hope the patent office responds properly. This also means that we are paying for these ridiculous patents twice: first to run the infrastructure of the patent office, and then again because we have to fund third parties to actually review patents (wasn't that supposed to be the job of the patent office?).
The whole system seems rather inefficient. Again I commend the EFF on its amazing work (and I will continue donating to them), but ultimately it would seem that a reform of the patent office itself is what's really required.
In any case, the intended usage (as an aid to those who are voluntarily trying to break an addiction) is worth pursuing.
If, for instance, Office 2009 has several bugs with respect to how it renders OOXML, then these bugs will actually become part of the de facto OOXML standard. Anyone who wants to implement the "standard" will have to reproduce those bugs in order to appear to be "the same as MS Office." This is the same problem the Wine team has when re-implementing the Windows API: they actually have to deviate from the established API documentation and reproduce Windows bugs since Windows applications rely on these bugs.
If you let a "standard" (like OOXML) be tied to a specific implementation of the standard, then anyone who wants to re-implement the standard must make the tough choice between being true to the letter of the standard (as written) or the de facto standard as embodied in the dominant implementation. We saw with IE's buggy implementation of HTML the problems this can cause, and are only now pulling ourselves out of that particular mess.
The problem is that Microsoft can alter the OOXML "standard" to their heart's content simply by changing the way MS Office works in future versions. Documented or not, those changes will effortlessly become "the new standard" by virtue of their dominant market position.
It avoids racial profiling but creates a new form of profiling, which basically means some new class of legitimate travelers will suffer the pain of false positives. I really worry about this kind of "expression reading" because:
1. It targets members of society who have above-average social anxiety, or "deviate from the norm" in some other way. Geeks and Nerds could end up being "more suspicious" simply because they either have mild social anxiety, or because they are "aware" of the facial profiling, hence they appear nervous (because they're thinking "oh crap they're analyzing my face... try to look natural and calm... but don't look like you're trying too hard!" and thus appear to be hiding something).
2. Overall, as soon as you create rules for deciding who gets greater scrutiny, you create a weakness that the enemy can exploit. The enemy knows what they have to train to avoid/circumvent, thus enabling them to suffer detailed searches less often than average, instead of more often (which was the intention). It has been shown many times that the optimal security strategy is often the one that uses perfect randomness, since there is no defense against it (see Schneier's analysis and this paper).
So, really, coming up with new and fancy ways to profile people isn't all that helpful. (Of course, there's the dim possibility that they are publicly claiming to profile, but are secretly using a random strategy, hoping that the enemy wastes effort in trying to circumvent a non-existent analysis system, thereby making them easier to catch... but somehow I doubt it.)
which is smaller than a human body. But moreover your implication that objects smaller than the wavelength of EM-radiation cannot interact with that radiation is completely false: they do indeed interact with it (though the exact nature of the interaction does indeed depends on sizes and distances in relation to the wavelength, e.g. see near-field vs. far-field). For instance, light (wavelength of ~300 nm) can be scattered by individual atoms (~0.1 nm). Also, a cell-phone antenna can obviously measure and transmit waves that are much bigger than it. There is a reason radio telescopes are frikin huge. Indeed. Collection area being one of the main reasons (to accumulate enough signal so that it can be measured above the ambient background). It is true that there are advantages to having antenna (and optics, etc.) be larger than the wavelength of the radiation, but it is still possible to interact with EM radiation at smaller size-scales, too. As for a microwave effect... wrong frequency, buddy. no... just.. no. Microwave radiation is in the part of the EM-spectrum that happens to coincide with the energy-levels for molecular rotation (again, molecules interacting with much larger EM rays). Thus microwaves can be used to increase the rotational energy of materials, which very quickly dissipates into heat (this is how a microwave oven works: by increasing the rotational energy of molecules, thereby heating the material).
The rationale for microwave radiation having biological effects is thus based on either: (1) localized heating leading to tissue damage or slight change in biological functioning; (2) changes in rotational behavior of molecules biases other biological processes (e.g. the change in rotational behavior of some protein changes the expression of a gene, etc.). By all accounts, the low-levels of microwaves produced by cell phones are so small that the heating and other effects are very, very small. Whether or not they are too small to lead to biological effect is what is being studied, of course. It's not as exposing you to radio frequency is actually "adding" anything to your environment. We are being constantly struck by radio waves of every frequency Yes, but what matters, as always, is: (1) exposure above background, (2) energy density. (We are constantly bombarded by all kinds of radiation, including gamma rays and x-rays, and our biology can handle those low-levels just fine. But above a certain threshold, the energy density is high enough to lead to very real health effects.)
A sufficiently concentrated pulse of microwave radiation could no doubt harm a person (at a minimum, a sufficiently intense pulse could heat them to death). So the question is really whether the additional exposure (above normal background) that cell-phones cause leads to any health effects, or whether it is indeed "lost in the noise" as you suggest.
Again, I agree with the sentiment of your post, inasmuch as I have seen no credible evidence that cell-phone radiation is harmful to human physiology in any real, measurably way. That having been said, we must be careful with how we describe these effects, and not allow spurious reasoning on either side of this debate.