Category: Rants

Posts where I spout off on one topic or another

Don’t emulate the US on health

On CBC’s The Current the other day, there was a panel discussion about health care costs and Canada’s system. Partly, it was a response to a recent article by David Dodge and Richard Dion. They basically say that health care in Canada is going to get too expensive, and lists some possible actions to respond to that.

One action that is mentioned by them and others is to more closely emulate the United States by having more of a private health care system. It seems to me that the point that should be stressed in response to that is that the United States has a poor health care system, particularly when it comes to value for money. Private insurers paying private health care providers does little to reduce the serious economic externalities that exist in relation to health care. The US system also does poorly on objective measures like life expectancy and infant mortality, especially when considered in terms of outcomes per dollars spent. The weird hybrid character of the US system – with insurance tied to jobs and adults with pre-existing conditions barred from new coverage – also produces significant economic inefficiencies, as people risk losing the health care along with their jobs and never being able to secure coverage again.

Ultimately, the mechanism for controlling health care costs is rationing. We cannot afford to give every drug and treatment to everybody, since we could theoretically spend an infinite amount of money on each citizen. What we can do is fund those interventions that are justified by the degree to which they extend and improve a person’s life. The super rich will always be able to afford to buy a superior quality of care out of pocket – and they can do so perfectly easily outside Canada. For our society as a whole, however, our health system should be focused on producing the best outcome possible for the greatest number of people at a reasonable cost.

Careful on your bikes everyone!

The weather is starting to get nice, but I am wary of breaking out my bicycle.

9 months and 22 days ago, I hit a pothole on my bicycle, flew forward over the handlebars, crashed into the pavement, and broke my collarbone. If I had landed differently, I might have broken my neck. As it was, the recovery was long and difficult and I am still not quite at 100%. This is my third serious bicycle accident in Ottawa. Back in November 2007, a turning car forced me to brake urgently on Rideau Street and made me fly over my handlebars. Another time, a turning black pickup truck actually hit me, as I was headed up Somerset Street.

Cyclists like to pretend otherwise, but cycling in the city is dangerous. Even without the menace of cars, you can kill yourself by hitting a pothole, going over a railing, or getting your wheel caught and being thrown into traffic.

Friends and family members who cycle, please be careful! Wear lights and reflective clothes at night. Avoid the temptation to talk on the phone or listen to music while cycling. Even with a headset on, holding a conversation is as poor an influence on your reaction time as being drunk.

Evil and non-evil Facebook buttons

Many websites now include Facebook buttons and widgets of various sorts. As a user, it is worth knowing that if you are logged into Facebook, many of those buttons and widgets can be used by Facebook to track your web use and  link it to your real identity. 

This site has a Facebook button, as well, but it is a graphic that loads from my own server. It does not allow Facebook to add to their trove of data.

That said, Google has its own massive data pile, which this site contributes to in obvious ways like content being indexed and less obvious ways like Google Analytics visitor tracking.

Flex your rights: anonymity

Being able to speak anonymously on the internet is an important right, in this age of increasingly constant surveillance. Because of organizations like the NSA, GCHQ, and Canada’s CSE, we can never know when our private conversations are actually being intercepted.

One tiny way to push back is to continue to be bold in asserting the importance of freedom of speech, even what circumstances compel that right to be used anonymously.

To leave anonymous comments on this site, just use whatever made-up name you like, including ‘anonymous’. If you use anon@sindark.com as your email address, you will get an anonymous logo beside your comment.

None of this is intended as an endorsement of the amorphous group ‘Anonymous‘.

Reading momentum

On top of a chest of drawers, I have about six tall stacks of partially read books. Each horizontal stack contains about ten volumes, lying atop one another with spines facing into the room. Most of them are serious tomes on environmental topics or difficult novels that I have received as gifts. It is relatively rare that I come home from a day of work in the kind of headspace where sitting down with something challenging – in a literary or intellectual sense – is terribly appealing. Weekends, too, tend to be filled up with laundry and catching up on a work week’s neglected sleep. As such, the books tend to sit unread for weeks, and months, and years.

One trick I have found is to give myself a bit of mental cheesecake – a book that is quick and delicious. For instance, a novel that doesn’t require you to keep track of the storylines of multiple family members across different generations, perhaps punctuated by nauseating sexual violence. Or a non-fiction book that is not a depressing trudge through all the ways humanity is wrecking the planet that sustains us.

Malcolm Gladwell’s books often play this role well. So can classic novels, which often lack the flourishes that Booker Prize judges seem to fixate upon but which often make the books into impossible morasses that can only be passed through as the result of determined and uninterrupted effort.

Not only does the cheesecake book itself get read quickly and enjoyably, but it also conveys a certain forward momentum to the general project of reading, and sometimes makes me make some progress against one of the heavier items in my long queue.

On sexual education

A friend of mine works for an organization that teaches sex education classes in high schools. After a recent presentation, there was a barrage of complaints from parents who were offended that their high-school-aged children were being told how to put on condoms, and that masturbation is a risk-free alternative to sex. I can somewhat understand the psychology of parents, insofar as I can recognize the signs of people struggling desperately to retain control of something they feel as though they own. At the same time, I think their complaints should be dismissed completely.

Human bodies are incredibly complex things, which is why medical school is one of the most challenging intellectual undertakings people can take on. At the same time, every human being possesses such a body and has a right to understand at least the most important things about it. Those include understanding their own nature as sexual beings (and, yes, twelve-year-olds are already sexual beings), as well as knowing the facts about human sex and reproduction. They have the right to know about the risks associated with different sexual acts, and the mechanisms that are available for reducing those risks. They also have the right to know about the psychology and sociology of human sexuality: that being gay isn’t a sign of being unhealthy, that there is a whole spectrum of preference when it comes to sexual acts and partners, and that standards of sexual morality vary across time and space.

There is an especially insidious argument made sometimes that suggests that children should be made fearful of sex, in order to keep them from trying it. Firstly, this argument fails on a factual basis. Keeping kids ignorant will not stop them from experimenting. What it will keep them from doing is taking precautions like using barriers and contraception, talking with their parents and doctors, and generally making informed choices. This argument also fails from a moral perspective. For one group of people to decide that a thing should not be done, then agree to use misinformation to trick everyone else into acting that way, is insidious, paternalistic, and duplicitous. By all means, if you can use logic and evidence to convince people to agree with your views, do so. If you need to lie to them, however, there is a good chance that your perspective is actually incorrect.

Parents obviously have a role in keeping their children safe and in shaping their views about the world. At the same time, they have no right whatsoever to keep their children in ignorance about something as important as their own health and safety, or the functioning of their own bodies and reproductive systems. When schools cave to parental pressure and intentionally maintain the ignorance of some children, they are making the same kind of ethical mistake as fundamentalist governments make when they ban heresy or censor the news. One person’s patronizing impulse doesn’t create a valid justification for the suppression of important knowledge and information. Children should be educated about sex, and it should be done by taking the best scientific evidence we have available and making it as comprehensible as possible for people who have their level of general education.

More controversially, I think it is appropriate to tell students that sex is a natural and joyful part of human life, not something they should be fearful or ashamed of. It can be argued that this steps outside the bounds of science and objectivity, but I would question that on the basis of Sam Harris’ general argument about science and ethics. It is possible to distinguish between societies that enable human flourishing and those that suppress it, and those distinctions are valid in a way that can be demonstrated scientifically. Societies that treat sex exclusively as something shameful, dangerous, and secret seem likely to be comprehensively worse than those that treat it as something positive with risks that can be managed in intelligent ways.

Recognizing checkmate

There comes a time in most games of chess (those not doomed to end in a draw) where one king can no longer evade the opposing forces and stands checkmated. This position can be expressed with mathematical precision and is undeniable for anyone who accepts the current rules of the game.

Nothing quite so clear-cut exists when it comes to logical arguments, but there can be cases where it comes close. For instance, if there are two theories about what is causing some effect, testing can be used to develop strong confidence about which cause explains it. If my computer will not turn on and the problem could be either that the hard drive has been removed or there is no electricity, I can undertake trials to determine the cause. I can check that the power cord is plugged in. I can test the socket by putting something else into it. I can open up the computer case. I can try booting from a DVD or a network drive.

Similarly, it is possible to forcefully rebut a logical argument on the basis of logic itself. This mostly applies to very narrow computer-science-type problems, but it is still worth recognizing. For instance, we can evaluate self-contained logical statements like: “Object X is either part of Group A or Group B. It is part of Group A. Therefore, it is not part of Group B.”

More often, we combine logic with factual claims about the world. The patient cannot be having an allergic reaction to the antibiotics, because they have not been administered yet. My keys cannot be in my apartment, because they are here in my hand. The atomic bomb cannot detonate, because the plutonium pit has been removed.

To me, it seems that there are some large and important questions where we have basically achieved checkmate, when it comes to how certain we can be that one perspective is correct and another is not. For example, the claim that the universe is 6,000 years old is demonstrably false. The case is closed. We know the universe to be billions of years old. The same goes for the fact that evolution takes place.

Less certain, but still very close to checkmate, are positions including: “The Earth’s climate is being altered by human activities.”.

Then there are positions that are very certain, but which involve less concrete claims, such as: “There is no evidence the universe was created by a sentient being.” and “There is no evidence of any kind of divine being that cares about human behaviour.”. The only real rebuttal to these arguments is that people have strong feelings or intuitions that contradict them, but feelings are neither logic nor evidence.

Ultimately, it is important to keep proving and re-proving claims that we believe to be true. Oftentimes, we find that we were basically right but that there was more complexity than we expected. Other times, we discover that we have been more comprehensively wrong. Awareness of our own fallibility is a critical part of the advancement of knowledge.

At the same time, we should not allow ourselves to be paralyzed with uncertainty, especially when it is those last lingering wisps of uncertainty that remain alive only because people have strong feelings about a subject. Every human decision involves dealing with some level of uncertainty, and yet it is demonstrably the case that it is better for people to act once they have done their due diligence than it is for them to dither forever while evaluating evidence and arguments. When one is in checkmate, the only sensible thing to do is to accept it and start thinking about what the lessons of the game have been. It is frustrating for me – then – that there are still vast numbers of people who believe that the planet is 6,000 years old, all the world’s land animals were once on one big boat, every organism was created in its current form and doesn’t change, or that all the climate change we are observing is caused by natural forces. How can we continue to improve humanity’s understanding of the world when there are people who will never accept that they have been checkmated, no matter how many times you point out the pieces blocking every possible avenue of escape for their king?

Radio frequency ID security

Contact-free cards and authentication tokens have become common. These are the sort of things that you put close to a reader on the wall in order to open a door or perform a similar function. People use them to get into parking garages and offices, and even credit cards now allow you to pay without swiping or inserting your card. Of course, all this creates new security risks. All of these cards can be read at a moderately long distance with inexpensive hardware, which is one reason why it is a bit crazy that these chips are being put into passports. Furthermore, cloning these radio frequency identification (RFID) tags is often quite easy.

Your standard RFID tag is just a little chip with an antenna. When it receives a signal on a particular frequency, it chirps out its name. The card reader says: “Any RFID tags out there?” and it says: “12345678abc” or whatever string it contains. The string is transmitted in clear text, and it is always the same. Anyone with a device that can program RFID tags can easily copy it. These sorts of tags exist all over the place. An office tower might have a database listing the code inside the RFID tags used by each employee. It would then check the database each time someone used a card, to make sure the number was on the list.

This system can easily be attacked. Just stand outside a building with an appropriate antenna and recording equipment and you can capture the code from each person’s tag as they go in. You can then copy whichever you like to make your own access card.

More sophisticated tags use a challenge-response authentication protocol. That means they take an input value, perform a mathematical operation on it, and generate a response which they transmit. For instance, an absurdly simple rule would be something like ‘multiply input by two’. Then, the reader would say: “3” and any card that replied “6” would be accepted as valid. These tags tend to require a battery to run their computing hardware, so they are relatively rare.

This is harder to attack. You need to figure out what the rule is, and they are often cryptographic. That being said, the cryptography used is often either proprietary (which usually means ‘bad’) or out of date. With access to a few tags and some knowledge, it may well still be possible to reverse-engineer the algorithm being used and clone tags.

In addition, this kind of system can be attacked in real time, using a man-in-the-middle attack. Suppose I am in line at the grocery store, about to pay. I take out a dummy wireless credit card, while I have an antenna concealed in my jacket sleeve. The clerk’s RFID reader sends a challenge request, which my antenna picks up. I then re-broadcast that request with more power, so that all the tags nearby chirp up. Suddenly, everyone in line who has a wireless card is offering to pay for your groceries. Re-broadcast one of those responses back to the clerk’s card reader and you suddenly have free groceries. I suspect something similar would work with the more high-security access cards used by some offices.

Not all cloning is necessarily malicious. Phones are increasingly sophisticated radio transmitters and receivers. They can transmit voice calls on various frequencies, as well as access WiFi networks and interface with Bluetooth devices. Somebody should make a phone that can transmit and receive on the common frequencies used by RFID cards. Software could then be used to record the contents of a person’s existing cards. Instead of carrying one fob for your car, one card for work, one embedded in your transit pass, and a credit card, you could just program the functionality of all those RFID tags into one device.

Of course, doing such a thing would reveal how easy it is to copy RFID cards in the first place. That’s all it would be doing, however – making it obvious. Anybody who is malicious and capable can already copy these cards, though consumers often assume that they are secure (like they assume their cell phone calls cannot easily be intercepted by moderately resourceful crackers). By revealing how insecure most wireless authentication technologies are, this cell phone software could play an important role in raising awareness, and maybe even lead people to pressure politicians to get rid of those stupid wireless passports.

I mean really, does that have any non-evil uses at all? A passport clerk can easily scan a barcode or swipe a magnetic strip. Making them readable at a distance only helps spies and criminals. How easy would it be to build a bomb and connect it to a machine that constantly scans the vicinity for wireless-equipped passports? You could program it to explode when more than a set number of nationals of any country you dislike are within a particular distance. Alternatively, criminals could take advantage of chatty radio passports to identify promising targets for mugging.

Selling F15s

Does it strike anyone else as strange and somewhat objectionable that the United States is selling the F-15 attack aircraft to Saudi Arabia? Before being supplanted with the F22 and F35, the F15 had unmatched capabilities. As such, you need to wonder whether the United States would be better off keeping sales of the old plane restricted and being less bothered about developing new generations of attack aircraft during an era where they already possess complete air superiority.

A cynical perspective is that this all comes down to the arms industry. They can’t sell F-15s to the United States anymore, so they want new customers. Even better, they know that the United States will feel threatened by F15s in the hands of potentially unstable regimes like Saudi Arabia, and that the US will respond by purchasing more F22, F35s, and other hardware.

It’s like a gun shop that sells its newest weapons only to its best customers, but progressively makes each new weapon available to anyone with the cash. That keeps the best customers locked on an upgrade pathway and keeps weapon designers in business. Unfortunately, it also makes the world a riskier place, and wastes substantial resources that could be better applied to reducing poverty or building a more sustainable society.

Intrusion detection systems

One side of computer security is keeping people from getting unauthorized access: choosing good passwords, patching software to protect against known exploits, etc. But when you reach a more advanced level than that, intrusion detection systems (IDS) become an important way of detecting and mitigating attacks. These systems monitor the functioning of a computer system or account and produce some sort of alert if suspicious activity is ongoing.

For example, GMail includes a rudimentary IDS. It allows users to check whether anyone is logged into their account from another location. If you check the list and see only your home IP address and your phone, everything is probably fine. If some random IP address from Berlin or Mumbai or Tokyo is on there, someone has probably compromised your account.

IDS can be much more sophisticated than this. While GMail calls upon the user to keep an eye on things manually, automated systems can flag suspicious activity and produce warnings. A classic example would be a computer in a distant country accessing your GMail via POP3 and starting to download the entire contents of your archive. That is super suspicious and – if you are someone like Sarah Palin – potentially career-ending.

The same goes, naturally, for a situation where some random army private starts accessing and downloading thousands of diplomatic cables. Say what you will about the ethics of Wikileaks, but from a computer security perspective there should have been an IDS that spotted that aberrant pattern.

Attackers always get more sophisticated and their attacks always improve. As a consequence, those who want to defend computer systems must keep raising their own game by implementing sophisticated security strategies. Deploying IDS both on personal computers and within cloud services like GMail is one way in which people can become aware of breaches in time to stop them from becoming too severe. It’s never comfortable to learn that you are dealing with an intruder, but it is much better to have that awareness than to continue blindly forward while they persist in nefarious activities.

P.S. Does anyone know of a good IDS for Macs? Given how many people are on always-on internet connections these days, and given that all operating systems have security flaws that take time to fix, operating an IDS on one’s personal computer is probably a good security trade-off. Indeed, I am planning to set up a second system unconnected to the internet, next time I buy a new desktop machine. It is axiomatic that any computer connected to the internet is vulnerable.