Aaron's Essays

Ubuntu 10.04: Pulseaudio, nfs, automounter and my dismay

2010-09-01T19:00:00.004-04:00

I upgraded to Ubuntu 10.04 last night. Ouch.

My first problem was that, suddenly, the automounter was going totally berserk. It would randomly mount/unmount all of my NFS filesystems. I couldn't do anything.

This morning, I found the solution to that problem, but that only served to further confuse me: pulseaudio was freaking out over not being able to create a file under ~/.pulse. I deleted that directory and suddenly my automounter worked again... OK, that's spooky. I'm assuming that pulseaudio was loading audio drivers on startup and the fact that it kept re-starting meant that the module interface was constantly being banged around, resulting in poor service for any calls to loaded drivers. Surprising my system was stable at all, if that's the case.

Anyway now I'm finding lots of horrible little problems:

Rythmbox used to hide itself when you clicked on its notification icon... no longer
Pidgin seems to have been put into tabbed window mode by default which is painful
Evolution seems to squirrel your password away and use it for the password to your keychain... this means that when your password changes, you have to remember the old one in order to access your saved passwords. It seems like this should at least come with a big red button labeled ("just start over") so I can stop having the password dialog box pop up.
System services are no longer managed by the standard init.d script interface. Joy, a non-standard init. Just what I needed.
Process names are getting more and more absurd. The fact that something is running on my system called rtkit is deeply wrong. I nearly had a heart attack before I googled for it (of course, it's not alone: liboobs was one I saw scroll by as I was installing)

Overall, 10.04 does not impress me. It seems to have been put together as a way to prepare for future updates rather than as a stable starting point for long term support.

PS: Another issue just cropped up: outbound mail from evolution seems to have been silently failing all day. I finally realized that people weren't getting my mail and went to check the settings. Sigh.

The public domain and why it's important

2010-08-31T19:00:00.010-04:00

I've been thinking a lot about the public domain ever since I wrote my proposal for a reform of copyright law in the United States. In that proposal I discussed the value of allowing works to expire (I set a time frame of 30 years, but that number is arbitrary; the important element is the expiration), but I continue to hear corporations who own copyrights "explain" how their business will be in ruin, should their works expire, fueling the continued extension of copyright terms each time they are about to expire. But, this fails to explain why the public domain was considered valuable enough to enrich with expired works in the first place. What is it that we, the public and the creators of new works derive from copyright expiration and the public domain?

When we discuss the public domain today, it can be difficult to understand its true value because so few works expire today. However, the works which have already expired have had a deep impact on our modern culture. One need look no further than Walt Disney Corporation's success in adapting public domain works such as Snow White and the Seven Dwarfs, Cinderella, Pinocchio, The Hunchback of Notre Dame, Alice in Wonderland, and The Jungle Book. How is it, then, that we continue to argue that copyright terms must be extended in order to protect our cultural heritage? Is it possible that such examples are just outliers and the public domain doesn't actually benefit the public and our culture? Hardly. In order to illustrate that point, let me provide a few examples:

It's likely impossible to fully account for the impact of William Shakespeare in modern culture. Hamlet, alone, has spawned dozens of adaptations for film and television, not to mention its continued performances and adaptations on stage. Film alone accounts for over fifty adaptations of the play! Overall, there are over 400 adaptations of Shakespeare's plays, just in film.

Since the copyright expired in 1956 there have been over 40 adaptations of The Wonderful Wizard of Oz and related books and characters in film, television and stage.

The script for Braveheart was based mainly on Blind Harry's 15th century epic poem, The Actes and Deidis of the Illustre and Vallyeant Campioun Schir William Wallace.

The 1985 film, Ran, by Akira Kurosawa is based on legends of the daimyo Mōri Motonari, as well as on the Shakespearean tragedy King Lear.

The 1959 film, Ben-Hur, was the third film version of Lew Wallace's 1880 novel Ben-Hur: A Tale of the Christ, though I have not been able to determine if, in fact, the novel's copyright had expired by 1959, it does seem likely that it had.

The Wizard of Oz, Braveheart, Ran and Ben-Hur are all listed in the Internet Movie Database top 250 films of all time. How could it be that our popular culture could be so influenced from the public domain and yet we continue to argue that enriching the public domain by allowing works to expire is harmful?

The simple fact is that corporations fear losing any source of income, regardless of how much they might ultimately benefit from a copyright system that enriches the pool of works upon which they might draw. This is understandable, but should not be the basis on which we form our laws.

TV credenza

2010-08-25T19:00:00.003-04:00

I've been looking at TV stands and credenzas for some time now, but I didn't see anything that met my needs and was well designed. In the end, I was going to give up and build something... then I found the Prepac TV Console. At first I thought it was kind of nice looking. Height was a big thing for me. I bought a conservatively small TV, and most stands are fine for 50" behemoths, but they're too short for what I have. At 26.75" this stand was a perfect height, and the shelves looked well placed.

I had already decided to buy it when I clicked on the image to see a close-up. That's when my mind was blown. The swing-out DVD/CD racks are beautiful and the holes for cables in the back aren't holes... they're notches cut into opposing, sliding panels that let you get equipment in and out easily from the back (also affording you trivial cabling access).

I've seen a ton of TV stands over the past few months and this has to be the best one I've laid eyes on, hands-down. What's more, for the price, it's a steal!

Scott Pilgrim: What comic book movies should be

2010-08-22T10:56:00.000-04:00

I saw Scott Pilgrim vs. The World with friends last night. I had not realized, when I saw it, that it was based on a graphic novel, but it makes perfect sense. The film is as visually creative as Tim Burton's recent Alice in Wonderland but with a Wayne's World sensibility. The first image you see is an 8-bit video game-style rendering of the Universal Pictures logo. This is accompanied by an appropriately retro version of the usual signature theme. From this point on, the movie firmly establishes itself as a movie / video game hybrid, and I expect that audiences will fall into two camps: those who are aware of video game (specifically console and hand-held video game) culture who will enjoy the humor and visuals and those who are not and won't.

I can't say enough about the work they've put in to layering a video game world over the movie. I'll likely have to watch the movie again just to pick up on some of the touches I missed, but keep an eye on out-of-focus backgrounds. These are often fully rendered and the subtle touches are just as much a part of the story as the costuming and makeup.

The love story is essentially ignorable. Boy meets girl, girl has sketchy past, boy sees through all that, love springs eternal. It's nothing you haven't seen before. On the other hand, the secondary relationships are absolutely priceless. Scott's chaste relationship with an underage girl, his gay roommate with whom he shares a bed, and his cartoon-thin band mates are the real fulcrums of this story of a young man who hasn't yet given up being a boy.

Is it all good? No. What's entertaining about the film is its constant string of humorous twists on the culture of the generation that was born in the late 1980s to early 1990s. Some of the references are spot-on. Some of them miss the mark or just don't play well to the audience (I'm not in the target demographic, however, so there might be a very different mix of humor that works for people who are). The film walks a fine line between goofy spoof and cutting satire and sometimes comes up short on both sides. Still, the vast majority of movie works well and it's a rare movie that attempts as much as Scott Pilgrim.

I refer the frequent reader of my blog back to The best days of cinema were... 2009? where I described why I believe that creativity and quality story telling are alive and well in modern movie making. I'll happily add Scott Pilgrim vs. The World to the list of films that make my point.

Parrot and PIR: The best tool you don't use

2010-08-16T19:00:00.001-04:00

For over 10 years now, many eyes have been on Perl 6, watching and waiting for it to be stable enough to use. Its promise is vast. Powerful "rules" will transform complicates parsing tasks into trivial libraries; A multi-method OO system like Common Lisp, but without the syntactic hurdles of learning to live with Lisp, a typed dynamic language that doesn't tie you down to type management. All of these features seem like the white whale of Melville's story, and yet they all exist today in a usable and stable form. Why doesn't anyone know about this? Well, I'm here to change that.

Parrot, the virtual machine first intended for Perl 6 and developed in parallel with that project, has the underlying mechanisms for everything Perl 6 wants to accomplish. It even has a pseudo-Perl 6 language called NQP (Not Quite Perl) for writing rules and other Perl 6-like functionality. But one thing slowing people down, to date, has been the lack of a coherent tutorial on using Parrot as a general purpose programming tool. Enter Parrot Babysteps. This Web tutorial (which is also a Github project) aims to teach people to program with Parrot. Its examples range from the typical and trivial, "Hello world" to a star catalog manager.

Parrot code is anything but beautiful. The language is modeled on assembly and is designed to be easily transformed into machine code via a JIT compiler, so don't expect it to be full of syntactic sugar like Perl. On the other hand, the combination of JIT compilation and high level constructs gives you the kind of power and performance that even Java is hesitant to offer.

Zen Alarm Clock

2010-08-06T13:05:00.001-04:00

Zen Alarm Clock... it sounds like some kind of scam, doesn't it? Some New Age, crystal-based frob that's supposed to make you wake up.

But I bought my first Zen Alarm Clock back in ... oh it had to be '96 or so. I was having a hard time waking up, and no alarm clock worked. I can sleep through a jack hammer, and have, literally. Someone recommended this clock and I tried it out, even though it cost $100, which seemed like a ton for an alarm clock. The difference was staggering. Instead of doing something loud and obnoxious enough to force you to wake up immediately, it uses a long series of increasingly frequent chimes, none of which on their own would wake you.

By the time you become aware that it's going off, you've been gradually waking up for a good 10 minutes or so, which means that you don't feel like you're still asleep, being propelled only by the adrenaline release triggered by a loud noise. Instead you're just "up". If you put the clock on the other side of the room, that final act of getting out of bed and walking over to turn it off is usually sufficient, even if you're sleep deprived, to wake you up thoroughly.

My old clock is now breaking down after about 15 years, and it's time to upgrade to the digital version. I just purchased it today, and hope to get it in the mail in a few days. Can't wait.

Contest: Primes with an unusual number of a digit

2010-08-02T19:00:00.011-04:00

I'd like to propose a quick contest. Here are the rules:

You must submit your entry by September 2, 2010, 23:59 (sorry, I can't wait until 2011, the next prime year)
Your submission must be a sequence of decimal digits.
The number that these represent must be prime (which make up (in order) a prime number. You may use a test like Rabin-Miller, which will be the method used to validate the submission. Note that it is therefore possible for the submission to fail such a test, even if it passed for the sumitter.
The number must be composed of at least either 155 decimal digits or 512 bits (either will do).
The winner will be the number which has the highest ratio of any one digit. For example, "23" has a 50% ratio of the digit "2" while 1011 has a 75% ratio of "1"
You must send your entries to essay-contest@ajs.com

As an example, here is a number:

1074934746  0579280428  5352135601  3625508347  1908730962  4560090445  3404800574  5211453514  0988380000  3920392507  2147060801  0391490408  0059833120  1609426475  4887127734  07857

which has 31 zeros for a ratio of 20%. Obviously, your submission should seek to beat at least this relatively low number.

You can submit as many times as you like, but in order to avoid making me unhappy with you, I suggest waiting until the last minute (or whenever you decide to stop searching) and submit the best result you have by then.

The winner will get a lifetime subscription to this blog and their name prominently featured in the article in which the number is published.

For fun, I'll be writing my own solver in Rakudo Star Perl 6. It won't be very efficient, so I expect it to get seriously trounced, but I'll do it for the fun. Even if I find the best number, I'll publish the best submission from someone else.

The best days of cinema were ... 2008?

2010-07-20T19:00:00.001-04:00

We've all heard it. The claim goes that, back in the day, they made movies like North by Northwest, Some Like It Hot and Ben-Hur, and that was just one year! Now we get sequels to movies that sucked, which themselves suck and an endless stream of romcoms that don't even rise to the level of sucking.

But this isn't quite true. Sure, you have stand-out years like 1959, but if you look at IMDB's top 250 movies, you'll notice something interesting. The top-voted movies of all time are fairly evenly spread across the decades with a big bump toward the end. Why? Well, in part a move you've seen recently tends to be more impressive in your memory, so movies that pre-date IMDB aren't always very highly rated.

But that doesn't entirely explain the phenomenon. 2008 for example, has:

The Dark Knight, WALL·E, Gran Torino, Slumdog Millionaire, The Wrestler, In Bruges, Let the Right One In, Changeling and The Curious Case of Benjamin Button

Now, I'll be the first to say that some of those represent short-term fascination or novelty. Still, I think Gran Torino, Slumdog Millionair, The Wrestler and Let the Right One In certainly do compare well to their historical analogs. Going back a year, you have films like No Country for Old Men and There Will Be Blood. Meanwhile, in 1945, 1956, 1970 and 1971 there is only one movie that made the list each of those years. Why? Because movie-making has been inconsistent throughout history and that's both good and bad.

Certainly, if movie making followed any one formula, no matter how well crafted that formula, it would have precluded some of these films. Instead, it's a hectic and chaotic process that yields one or two great movies every year and a handful of very good films.

2008 had 9 movies last year in the top 250, beating out the next-best year by two movies (1957, 1995, 1999, 2003, 2004 and 2007 all tied at 7 films). While this makes me wish I'd been alive in 1957 to sample the amazing creative output of that generation, it also makes me glad that I'm around now. So far 2010 has 4 movies on the list, and I think we'll see at least one of those (Inception, which immediately jumped to the #3 spot on opening weekend, not an easy feat) stay on the list for many, many years to come.

By year, here's the number of top-250 movies:

1921: 1
1925: 1
1926: 1
1927: 2
1930: 1
1931: 2
1933: 2
1934: 1
1936: 1
1938: 1
1939: 3
1940: 4
1941: 2
1942: 1
1943: 1
1944: 1
1945: 1
1946: 4
1948: 3
1949: 2
1950: 4
1951: 3
1952: 3
1953: 3
1954: 5
1955: 2
1956: 1
1957: 7
1958: 2
1959: 5
1960: 3
1961: 3
1962: 3
1963: 2
1964: 1
1965: 1
1966: 3
1967: 3
1968: 4
1969: 2
1970: 1
1971: 1
1972: 2
1973: 2
1974: 3
1975: 5
1976: 3
1977: 2
1978: 1
1979: 4
1980: 4
1981: 2
1982: 3
1983: 2
1984: 3
1985: 2
1986: 3
1987: 2
1988: 5
1989: 1
1990: 1
1991: 2
1992: 2
1993: 3
1994: 6
1995: 7
1996: 2
1997: 4
1998: 5
1999: 7
2000: 6
2001: 6
2002: 3
2003: 7
2004: 7
2005: 3
2006: 7
2007: 6
2008: 9
2009: 6
2010: 4

The Laundry series by Charles Stross

2010-07-02T19:00:00.003-04:00

The Laundry series is an ongoing series of books by Charles Stross. It's a genre mashup which includes Lovecraftian horror, science fiction, comedy, spy thriller and computer industry elements. Put simply, it's the story of a computer geek turned Bondesque British spy, set against a backdrop of horrible, multi-dimensional creatures that would like nothing more than to eat his brains (or at least cohabit with them).

The setup is rather brilliant on its own, and it's no surprise that it was quickly turned into its own roleplaying game. Our hero was a budding computer scientist who discovered just a bit too much about the nature of his field. In fact, it turns out that under the surface of the well-ordered mathematics of computer science lies magic. "Spells" are just complex mathematical problems like those introduced by Alan Turing during World War II, and those who accidentally solve them are quickly scooped up by The Laundry, the magical equivalent of MI6, as a possible risk to national security.

The Laundry is therefore populated with very smart people whose only option is to work for a giant government bureaucracy for the rest of their lives. The only way to move on to anything remotely rewarding appears to be the path to field agent status and that's where we pick up in the first book, The Atrocity Archives, with our hero Bob Howard as he embarks on his very first field mission.

The combination of computer science, general geekdom, horror and spy elements gives the books a hilariously perverse tone. There are times that I've had to stop reading, just to catch my breath, and that doesn't happen very often for me.

The second book in the series has been out for about a year and is titled The Jennifer Morgue. It traces Bob's exploits in a subsequent adventure that is more directly styled on the works of Ian Fleming, most especially the Bond novels.

The next book in the series is about to be released, and is called The Fuller Memorandum. It should be out by July 6, according to Amazon.com. I highly recommend picking up the first book and working your way up to The Fuller Memorandum, but much like the Bond books or movies, I don't think you absolutely have to read them in order. Certainly The Jennifer Morgue is a good enough book to stand on its own, should you prefer to start there, and I have high hopes for this next book for similar reasons.

Collatz graphs and Perl 6

2010-06-24T19:00:00.061-04:00

I wanted to play around a bit with numbers in Perl 6, so the Collatz Conjecture seemed like a good place to start.

The Collatz Conjecture is a simple statement which has some massive implications:

f(n) = if n is even n/2, otherwise (n x 3)+1

Given that n is a positive integer, repeated applications will eventually yield 1.

So, for example, n=10. On the first step, we get 5 because 10 is even, so we divide by two. On the second step, we get 16 because 5 is odd, so we multiply by 3 and add 1. Because 16 is a power of 2, we know that continuing to divide it by 2 will eventually give us 1, and all results until we reach 1 will be even so we're done. In fact, so far every number tested works this way but no one can, as yet, mathematically prove that there isn't an exception.

My code is fairly simple. It works backwards from 1. You can only get to 1 from 2 because there's no odd, positive integer (0 doesn't count, here) that when multiplied by 3 and incremented by 1, is 1. So then we work on 2, which can only be arrived at from 4. 4 can be arrived at from 1, but 1 is the end of the process, so we ignore that. It can also be arrived at from 8. 8 Can be arrived at from 16, but as we know from above 16 can be arrived at from 5 as well as 32, so that's our first branch in the tree. This process can be repeated for as long as you have enough computer memory to store all of the current branch-points.

That's exactly what I do, and I configured it so that you simply input a depth of tree you want to output and it outputs every value in a tree of that depth.

If you would like to see the code, check it out on github. The output svg file is also in the same directory for the tree-like output and the radial output from the twopi filter, along with the Graphviz source. I generated the following graph with the help of my good friends Graphviz and rsvg. The whole depth-20 graph looks like this:

But, of course, it's hard to make anything out there, so here's a close-up:

There are some interesting things that jump out at me in this. Because you can only ever get to a multiple of 3 from its double (since n-1 is never divisible by 3 if n is), once you hit any number that's divisible by 3, you embark on a straight line, like the one you see above at 213. The other thing that becomes obvious is that even fairly low numbers (like 19) don't appear until very late in the process. That there's no duplication in this graph is really fascinating.

The most interesting part of the Collatz Conjecture, I think, is that it can be expressed so easily that anyone with a rudimentary amount of math skills can understand it. This makes it accessible to a wider audience than any other unsolved problem in math that I can think of, and yet it's never been solved. Interesting stuff.

Anyway, enjoy your own explorations of the Collatz Conjecture and don't get too engrossed, or you might find that you're a bit too much like this XKCD comic: http://xkcd.com/710/

Are your passwords safe in MD5 or SHA-1 formats?

2010-06-10T09:00:00.018-04:00

I've read, over and over again, various questions and seemingly authoritative statements about the security of various hashing algorithms. I've gotten kind of tired of reading misinformation, so here's some detail that you can trust.

US-CERT of the U. S. Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use."
The document that this was stated in is titled, "Vulnerability Note VU#836068: MD5 vulnerable to collision attacks"
A collision attack is where an attacker, given access to a hashed password (or other plain text), crafts a password that yields the same result when hashed. Thus to a password authentication system, the crafted "collision" seems to be the correct password.
If your password hashing scheme does not use a salt, none of this is interesting to you, as you have little or no security to speak of given an attacker (internal or external) who has access to your hashed passwords.

OK, so what does any of this mean to you? Is MD5 secure? Well, not really. It is possible, with moderate hardware investment and access to the hashed password to generate a "skeleton key." No one can "crack" the original password in a reasonable amount of time that I know of or that I've read about, but access to an equivalent password solves many problems for an attacker, even if they can't then take that password and use it against other services (since those services would not be using the same "salt" which prevents the same password hashing the same way on two different sites or services).

The question you have to ask yourself is this: why are you hashing passwords? Is it to protect them, should someone gain access to your systems from the outside? Is it to protect them from those who have access to the data store? In these cases, md5 is at best a weak protection, but it is significantly better than some of the alternatives (DES, etc.) which are breakable in practically no time.

But MD5 is used in many places besides password hashing. Should we stop using it there? Probably not.

For example many backup and data validation tools use MD5 to make sure that data has not been modified (either to initiate a backup/copy or to safeguard against accidental local change). These purposes are still served just as well now as they were when MD5 was introduced, and the fact that MD5 has been proven to have possible collision attacks does not really impact the data integrity aspect of the algorithm. Of course, there are cases where MD5 will identify a block as unchanged when it has, in fact, changed. This is true for all hashing algorithms, but the reason that MD5 was initially considered acceptable for this purpose was that the chance of that happening without malicious intent is astronomically small (that malicious intent was not believed to be as much of a factor then is not interesting to us, now). It would be a bit like dropping a penny down into one of those boxes with water where the goal is to land it on a small platform, and just as you dropped it, an earthquake struck, causing the penny to bounce off the platform, jump back up through the slot and blind you. Just as I don't recommend avoiding such games because of the risk of blindness, I don't think you need to stay away from hashing algorithms (including MD5) in order to avoid missing a data update. If you think someone might be waiting for you to drop the penny so they can set off some dynamite, then you have a different kind of problem, and MD5 might not be the best choice (e.g. if you're performing MD5 checksums in order to verify that a system's software has not been compromised).

Now, that changes as your risk profile changes. There are times, I believe, where it makes sense to take extra precautions. For example, if you're making constant backups of large amounts of rapidly changing data whose integrity in original and backup form has a high risk associated (e.g. medical data), then I might use two hashing algorithms to perform the verification. MD5 might be a fine choice for one of them, but I'd use SHA-1 or something similar on top of it. It's still astoundingly unlikely to be an issue, but there's a time an place for being stupidly extra-certain and if you can afford the extra CPU cycles, why not compute two hashes while you're looking at the data?

What about SHA-1? Hasn't that been broken too? No, SHA-1 has known weaknesses which will likely yield security-impacting attacks in the future, but as of now, these weaknesses have yet to be translated into actual attack vectors. It's certainly worth staying on top of, and keeping a flexible hashing scheme (ala the OpenBSD/LDAP schema) in your application in order to upgrade to SHA-3 when it becomes available and has been thoroughly tested, but for now SHA-1 is an excellent choice for anything short of military/state-secret sorts of crypto-hashing needs.

Bruce Schneier, who is recognized around the world as an authority on cryptographic security, had this to say about the news regarding SHA-1:

They can find collisions in SHA-1 in 2⁶⁹ calculations, about 2,000 times faster than brute force. Right now, that is just on the far edge of feasibility with current technology.
Jon Callas, PGP's CTO, put it best: "It's time to walk, but not run, to the fire exits. You don't see smoke, but the fire alarms have gone off." That's basically what I said last August.

It's time for us all to migrate away from SHA-1.
Most of the hash functions we have, and all the ones in widespread use, are based on the general principles of MD4. Clearly we've learned a lot about hash functions in the past decade, and I think we can start applying that knowledge to create something even more secure.
Hash functions are the least-well-understood cryptographic primitive, and hashing techniques are much less developed than encryption techniques. Regularly there are surprising cryptographic results in hashing ... we still have a lot to learn about hashing.

Perl 6, Python, hyperoperators and list comprehensions

2010-06-09T19:00:00.015-04:00

I use Python every day at work, and I do like the language. There are things about it that annoy me, but I don't think that's ever not been true of any language I've used. One of Python's best features is its list comprehensions. These short snippets of code can embody so much work that it often feels like Python is writing your code for you.

At night, I go home and work on Perl 6, the upcoming update to the decades-old programming language which adds features from nearly every programming language you've ever heard of (and some you haven't). The direct equivalent of the list comprehension in Perl 6 is the same as it was in Perl 5: map. Here's how you use map in Perl 6:

map {$_ + 10}, (1,2,3,4)

This yields the same list as the Python:

[ x + 10 for x in 1,2,3,4 ]

Ah, but the astute among you are noticing that the Perl uses a variable name that's always the same, thus making nested map statements painful due to the need to create temporary variable names manually. In Perl 5, this was true, but we can name those temporaries quite easily now:

map { $^x + 10 }, (1,2,3,4)

Perl sees these temporaries from left to right and considers them positional parameters in the order that they appear to the current block (which is also a closure).

But Perl 6 gives us something more than map. In fact, map will be used much less frequently in Perl 6 because of hyperoperators. A hyperoperator is an operator that takes another operator as a parameter and augments its behavior. In Perl 6, hyperoperators can do this:

(1,2,3,4) <<+>> 10

or the Unicode equivalent:

(1,2,3,4) «+» 10

This takes the + operator and makes it work on the list given on the right side, adding the value on the left to each item and returning the newly created list of results. So, we never need to create a closure in order to ask Perl to do some particular binary operation on all elements of a list. Instead, we just pass the list, the operator and the right hand side to a hyperoperator and it does all the heavy lifting. We don't even need to see the temporary variable that's being used.

List comprehensions like Python's [ ... for ... ] and Perl's map are extremely valuable things for doing complex operations, but when what you really want is just to perform a simple operation on the elements of a list, hyperoperators give you what you need without the trappings you don't care about.

Note: There are actually multiple forms of hyperoperator depending on how "DWIMy" (Do What I Mean) you want it to be and on which of its arguments. See Synopsis 3's section on Hyperoperators for more.

5 things you can do with Lists in Perl 6, Python and Ruby

2010-06-03T10:34:00.002-04:00

I think practical examples of doing the same sorts of tasks in different programming languages can be wonderful tools. Recently, an IT student in Poland named Konrad posted a followup on his blog to the 2007 Ruby blog, "5 things you can do with a Ruby array in one line (PLUS A FREE BONUS!!)" by drewolson. He updated this for Python. Of course, having worked with Perl 6 quite a lot recently (see my Google Buzz posts titled "Your daily dose of Perl 6"), I was compelled to do the same for that language. See below for the results. Notice that Konrad chose temporary variable names that were much shorter than drewolson's, so the visual comparison between Ruby and Pyhthon in terms of code size is somewhat unfair, but I'll go with the original names where I need temporaries, just to be fair to Ruby.

Summing elements

Here, the original Ruby example printed the result, but I've trimmed that out for consistency with the rest of the examples.

Ruby:

  my_array.inject(0){|sum,item| sum + item}

Python:

  sum(my_list)

Perl 6:

  [+] @my_array

Double every item

Ruby:

  my_array.map{|item| item*2 }

Python:

  [2 * x for x in my_list]

Perl 6:

  @my_array <<*>> 2

Finding all items that meet your criteria (such as being divisible by 3)

Ruby:

  my_array.find_all{|item| item % 3 == 0 }

Python:

  [x for x in my_list if x % 3 == 0]

Perl 6:

  grep {$^item %% 3}, @my_array

  # or...

  grep * %% 3, @my_array

Combine techniques

Ruby:

  my_array.find_all{|item| item % 3 == 0 }.inject(0){|sum,item| sum + item }

Python:

  sum(x for x in my_list if x % 3 == 0)

Perl 6:

  [+] grep * %% 3, @my_array

Sorting

For more information on how Perl 6 sorting works and what the *-autoclosure syntax that I've used above does, see carl's excellent Perl 6 Advent Calendar post.

Ruby:

  my_array.sort
  my_array.sort_by{|item| item*-1}

Python:

  sorted(my_list)
  sorted(my_list, reverse=True)

Perl 6:

  @my_array.sort;
  @my_array.sort: -*;

And there you have it. Enjoy the many choices you have in programming languages!

Lost: What the !@#& was going on?!

2010-05-25T20:00:00.013-04:00

Lost's pilot episode pulled me in. It was one of the best television shows I'd ever seen. The writing was brilliant, the actors were not only excellent, but all clearly gave everything they had (with one or two exceptions, but I'm able to ignore than in an ensemble cast). By the second season, the show had ground to a halt, and I became bored. I'd also been burned by Alias, Abrams' previous creation, and was not eager to be strung along for season after season again. I stopped watching late in the second season, and didn't come back until the fifth. The fourth and fifth seasons definitely picked up the pace of the show, but I was left wondering how much of what was going on would be revealed. The show was clearly set on a very cosmic trajectory, and to play that out would risk alienating a large percentage of the viewship (no matter how you play out a cosmic ending, it always alienates someone who feels that your story conflicts with their beliefs).

So, it was with trepidation that I approached the sixth season, and in fact in the final two and a half hour movie, they never did play out the larger back-story. This post is aimed at exploring what was actually going on and whether, speculation aside, we had enough information to understand what it was that was going on. This will involve spoilers for the entire series. If you haven't watched the final seasons, I suggest you do, but go in expecting a non-reveal. I liked the last episode, but I felt the way I felt at the end of Donnie Darko: clearly someone knew where they wanted to go with this, but decided they didn't have the time, creative freedom or desire to follow through. In the case of DD, the story played out in supplemental materials on the Web. In the case of Lost, I think the creators simply don't want to explain what they feel they've sufficiently hinted at, for fear of losing the sense of mystery.

OK, so let's see if we can extract reason from this show. There is really only one unanswered question of merit: what is the island? The other questions ("what are the numbers," "why do pregnant women die, etc." are secondary to this central theme and may not have answers outside of fan speculation).

Jacob gives us a metaphorical answer to this question. He explains that the island is like a wine bottle, holding in some sort of evil using a cork. I think it's safe to say that Jacob has more information about this than most, but in order to explain what he meant, we need to look at the evidence that we've been shown:

Whenever someone opens up a hole in the island to expose the "magnetic anomalies" something very bad happens involving a flash of light, the release of a large amount of destructive energy and some strange shifts in reality/time (including the removal of Desmond's clothes, the shifting of the 1970s group to the "present" and so on).
It looks as if one such opening was created a very long time ago, and "stopped up" by a large stone "cork" in the cave where the light is seen.
The smoke monster came out of the cave with the light when the Man in Black (MiB) was thrown in, but the MiB's body was later found, suggesting that he died.
The smoke monster can assume the form of many of the people who have died on the island or have strong attachments to those who are there (e.g. Jack's father).
When the stone cork is removed, the light is dulled to a reddish and darker hue and the island starts to crumble.
When Jack goes down to get Desmond, at least one, possibly two skeletons are seen. Since we know the MiB's skeleton was in the cave where the Losties found refuge, this skeleton must belong to someone else.
In the very old temple that appears to pre-date Jacob and the MiB, there is an icon showing the smoke monster. This means that the smoke monster has appeared before, prior to the MiB's death.

Now, let those facts settle in for a bit, while we explore some themes. At the start of the show, the initial concern is survival against the forces of nature, but soon we are introduced to a more personified adversary: The Others. From the beginning Locke's analogy of there being a light and a dark in contention seems to be the theme of the show. The light, we assume, are the survivors and the dark are The Others. Certainly Henry Gale appears to be one seriously evil bastard bent on performing medical experiments on the newcomers and killing them off one by one. The Losties are just trying to survive and rally around basic concepts of goodness such as motherhood and friendship.

But there are cracks in this veneer. There's a killer, a drug abuser, a torturer and many other forms of unsavory characters among our band of "heroes," and they are all drawn back in to their personal unpleasantness. As the series progresses we find out more about The Others, and they're not quite the pure evil that we thought they were, either. Eventually, the two groups merge, but there's always a fragmentation and re-formation of the lines between sides. The island appears to bring out this fragmentation, and no matter how many interested parties are present, a duality emerges. "Us vs. them" appears to be the law of the island, but with each person responding on a personal level to the struggle and developing their own internal fight between darkness and light.

Finally, we meet Jacob and MiB. Now we have some clarity. Clearly Jacob is good personified and MiB is evil. Well... not quite. In fact, though MiB seems to have always tipped toward the darker side and Jacob toward the lighter, they're not that cut and dry. MiB is initially not vindictive and only attacks those who attack him first. In fact, it's Jacob who repeatedly beats MiB and eventually kills him, becoming a Cain-like figure. Their "mother" in turn, also struggled between her mission to defend the island and her ruthless and homicidal impulses. Again, we see this very personal struggle between darkness and light on the part of everyone on the island.

At every step, a layer of assumptions is removed and the dark stone/light stone analogy becomes more clouded. Is there a dark stone and a light stone, or are they purely internalized forces, vying for dominance within everyone?

Going back to our evidence, I believe that we can support this conclusion, which fits well with the character drama I've described, above:

The Island is a prison or containment vessel or battleground. We may never know which term best applies, but it is clear that there is a Light and a Darkness at play. Are they the same entity struggling internally as the island's inhabitants do or are there two entities in conflict? Again, we can't say, nor can we pinpoint the nature of the entities. They could be "gods" or "aliens" or some more general Gaimanesque manifestations of existential concepts. However, we know what it looks like when they interact with the world outside. When the "cork" of the island becomes weak it appears to manifest as a magnetic anomaly. When fully breached, time and other forces are bent in ways that Danial Faraday seems to have managed to understand to some extent, and which may even be directly responsible for the influence of the numbers (again, we could only speculate there, as we're never given enough information).

When Light seeps out through these small cracks it is able to influence the world by creating a protector (e.g. Jacob's "mother," Jacob, Jack and Hurley). When Darkness seeps out through the same cracks, it is able to manifest physically, but we see its limitations quite clearly. It seems to only be able to manifest by appropriating the souls of those who have died, and even then some proximity to one of the cracks appears to be required at first. This would explain why MiB became the smoke monster. It was his death near the cave of light that exposed him to Darkness's control and manifestation. It also explains the prior appearance of the smoke monster (as shown on the temple wall) and the resulting skeleton in the cave of light. This also implies that the whole cycle has played out before, culminating in the death of the smoke monster's vessel.

These breaches, however, are quite small. When they are pried open for short periods (e.g. by the wheel) the forces released can move the island and send people into different time periods, but actually opening a crack and leaving it that way would effect the escape of Darkness into the world (the smoke monster being just a sliver of its power, reliant on the soul which it infests like a parasite). Interestingly, though, it would also release Light which appears to be equally trapped, though how voluntary this is, or if they're the same entity is still unknown. The result could be Armageddon or some equivalent conflagration between the two.

So, the Island is a prison, capable of holding two beings (or one) whose attenuated power is capable of downing airplanes, shifting time and bringing dozens of people into interpersonal and internal conflict. Just imagine how truly awful it would be should that cork ever give way entirely. One day, I imagine someone like Faraday will have to come up with a way to re-build these soft-spots and shore up these weak spots in the island's containment. Until then, it will continue to fall on the shoulders of the protector to keep the damage to a minimum.

One interesting bit of hint at the singular or dual nature of Light and Darkness is the way in which the island responds to the death of their servants. When Jacob dies, it appears to lock MiB into Locke's form. This might suggest a more substantial connection between the two, and again we might be seeing an internal struggle playing out rather than the jailer / prisoner relationship.

Writing a Perl 6 URI module

2010-05-23T02:13:00.000-04:00

I wanted to write a parser of some sort using Perl 6's spiffy parser language otherwise known as "rules". This is the super-extended regular expression syntax that Perl 6's own parser is written in, and it's not just powerful, it's easy to use. In fact, it's so easy to use that almost all of my time writing a URI parser module was spent on other aspects of the code than the parser itself.

First off, some background. Perl 6 has a URI module already. However, it relies on a number of Perl built-in character classes to match things like digits and alphanumerics. In reality, the RFCs that define URIs are very precise, and there are different specifications depending on what you need. So, I decided to re-write the module with a pluggable parser so that you could give a regular, modern URI and have it parse correctly, but you could also ask for special "IRI" parsing on an internationalized URI and the right thing would happen there. I even went so far as to bring in an older version of the specification as a legacy mode.

The current state of the Perl 6 parser and runtime called Rakudo is actually fairly solid for a pre-release implementation of such a complex language spec. There are some gaping holes, but they were all relatively easy to work around. Some of these included overly aggressive list-flattening, some operators that were broken at the time I wrote this code and the big one: named rules only work as a stand-alone grammer with a specific entry-point called TOP.

I worked around all of these issues and have, so far, been able to parse basic URIs according to RFC 3986. Here's a sample of what a Perl grammar for URIs looks like:

    token URI {

         ':'  [ '?'  ]? [ '#'  ]?

    }

Here you can see most of the basics: "token" introduces a single expression within the grammar. It calls out to other tokens by enclosing their names in angle-brackets. Literal sequences are enclosed in single-quotes and sub-expressions can be enclosed in square-brackets with regular expression-like repetition counts such as ? for 0 or 1 matches.

In order to have a pluggable interface, I needed a class capable of providing me with two things for each grammar: the grammar itself and a set of routines which would tell me how to find the resulting URI elements in the match data. For this I defined an interface using Perl 6's roles:

  role URI::Specification {

      method parser() { ... }

      method scheme_path() { ... }

# ... other _path methods here...

}

Those ellipses are literal. They cause the methods to be required for any class composed with this role, but do not define any functionality themselves.

Each parser is then defined as:

  class URI::rfc3896 does URI::Specification {

      grammar URI::rfc3896::spec {

          token TOP {  }

          # RFC definition of URI goes here.

}

      method parser() { return ::URI::rfc3896::spec }

      method scheme_path() {

          gather do { take  }

}

      # And so on ...

}

That's it. The only really funky bit here is the gather/take code in the scheme_path. That's the way Perl 6 defines a coroutine-like interface. The paths define how we traverse the match object to find match results. So, for example, the "scheme" (the "http" in "http:/www.example.com/") can only be matched in the URI rule's scheme sub-rule. Some URI elements, however, such as authority (the host name and port - possibly username as well) can be matched multiple ways, so these routines might return multiple lists of subrule names to traverse. I would have simply returned a list of lists, but Perl 6's parameter passing is very complex and currently some of the specification is not yet implemented. Right now, this manifests as overly aggressive list flattening when returning them from a subroutine or method.

This is why I used coroutines to return each of the sub-lists, one call at a time.

I'll continue to post new updates as my URI module nears readiness. For now, it's just awaiting some love on the other parsers, and I think it'll be ready to go.

Icons from Wikimedia Commons

2010-05-20T09:00:00.002-04:00

I'm often lacking for exactly the right Icon for Web work, and then I remember Wikimedia Commons. For a number of open-licensed UIs I've used the Wikimedia images to help create a look that implies I spent an awful lot of time and energy. These icons vary in quality because they were uploaded from different sources, but you can get some of the best icons available from this site (along with, of course, the best freely licensed photographs and other media). Commons is a gem, and if you don't use it, you're probably missing out.

The Crystal Icons from KDE were uploaded as PNG, but the original SVG icons can be acquired from their original site. These are very clean and plastic-feeling icons for everything from the power button you see on the left to various arrows to hands to gears. Because they were uploaded in fairly high resolution, using the PNG versions isn't all bad, but you'll still get a better final result if you work from the SVG.

There are also many icons for specific applications. You can use these when writing reviews or otherwise mentioning the applications in quesiton. Many of the application icons come from the Crystal set as above, but some are directly lifted from open source projects, such as the Gaim (now pidgin) icon you see to the left.

Other icons include arrows, globes, hands and many other cateogries. You can browse all of the categories from Wikimedia's "icons by subject" page.

To use these icons, I recommend always selecting SVG format images and then using Inkscape . Load an SVG icon up in Inkscape and select File, Export Bitmap... to save it as a PNG file, setting the height and width to exactly what you want. For now, PNG is the way Web browsers deal with icons the best, though in the future, SVG will be taking over that role as older browsers fade away.

Fire alarms: Among the worst UIs in history

2010-05-12T18:40:00.000-04:00

So a fire alarm just went off in my office building. Here's what you hear:

"*beep* Your attention please. There has been a report of an emergency in this building. If your floor evacuation tone sounds after this message, please leave the building. *beep* Your Attention please. ..."

OK, am I the only person who sees the problem with that announcement? Is the second *beep* just a repeat of the message or am I supposed to read that as "my floor's evacuation tone?" What does my floor's signal tone sound like? Is it different from other floors? Does our floor's signal tone rule relative to the suckage of other floors' signal tones?

So here's an idea: Instead of a useless recorded message, have the damned thing announce the floor that the problem exists on (or floors). I'd really love to hear, "Floors 8 through 10 should consider jumping out the windows because a fire is quickly sucking the oxygen out of the stair wells!" Now that would be a warning I could do something with.

Test Wave Post

2010-05-03T13:21:00.005-04:00

I'm testing out Google Wave integration. Please, let me know what you think in the Wave, below.

Enforced bad passwords

2010-04-06T19:00:00.001-04:00

Long ago, I got sick of sites that restrict me to bad passwords, but today I came across another and it has pushed me to yet again explain why it is that you should never restrict passwords without deeply compelling cause.

Today's offender was Boston Coach, the luxury livery service in that was founded by Boston's Fidelity Investments (the legend states that one day, Fidelity's owner, Ned Johnson wanted a cab and couldn't get one; the next day he had his own fleet of black sedans with smartly dressed drivers, trained to treat their passengers like royalty). Anyway, so I wanted to hire a Coach to take my mother and I to a concert for her birthday (I won't say what birthday; you're welcome, Mom). I had to sign up for an account on their Web site. They committed a few sins in the process:

Unless you really need a pseudonym, don't ask the user to create one. Instead, use the email address for logins.
Never restrict passwords unless you are technologically constrained to do so, and if you are, file a security bug with whatever braindead software it was that forced you to (or consider just dumping it).
Test your UI with and without JavaScript support. This sounds silly, but there are plenty of environments where people aren't allowed to enable unsafe browser features.
Never give the user an error without explaining what it is that they did to get it. Two examples came up, here: the password security policy and the number of occupants per car.

To get back to the heart of my concern: the password. I use PasswordSafe, a program originally written by renowned security expert, Bruce Schneier. It can happily generate a very random, long password. For example:

K1/}"jUCF/byp6( : $1$0ZV5xOu3$iTgccli1bBSykSJxcOrfi.

Notice that this password would be nearly impossible to memorize, but because PasswordSafe stores it in an encrypted file, I just have to remember one, easier to remember password to access all of them. I tried to enter this very password for my account, but don't bother trying to use it... it was rejected. The confusing bit was that the UI informed me that I had not met "minimum password requirements." Wow, if that password doesn't measure up to Boston Coach's minimum requirements, they must spend all day, every day servicing lost password requests!

In reality, what they'd done is refused to accept any password with punctuation (resulting in 31 possible characters being removed from all possible passwords on a typical US keyboard). This is a tragic thing to do to your password security, and a company founded by Fidelity Investments should know better.

Anyway, they should fix their broken software and anyone else that uses such terrible requirements for passwords should get on it ASAP.

Twitter / Buzz: the new news?

2010-04-05T19:22:00.000-04:00

Today's XKCD discusses the math behind a tweet out-distancing an earthquake (oddly, I read the comic before I heard about the quake). Later in the day, I found myself using Google's Buzz to post pictures of a fire in Boston. It's now getting to the point that I look to the Buzz map on my Droid before I consult Boston.com for local news. It's not that it's more rational or more considered. It's just a matter wanting to know what's going on now rather than a half hour ago. Sure, I can visit a regular news site and find more detail later on, but there's just nothing like having a few thousand potential "reporters" on the scene.

I suppose the future written by some science fiction authors is coming: we'll all be the on-the-scene "reporters" with actual journalists being the people who surf Twitter, Buzz, YouTube and so forth, the way they used to listen to police-band radio for a story. Once a journalist can tap into your head-mounted cam for a live feed hire you on the spot as a freelance photographer, there will be no story too fast to be fed into the hungry maw of the Internet.

Python class attribute annoyance

2010-03-29T19:00:00.000-04:00

Python class attributes are fairly handy things, if somewhat visually misleading. Coming from other languages, you might expect this:

  class Foo(object):

    a = 10

To define a class whose instances will have one attribute called a. Not quite. a is actually what most languages call a "static attribute" or "static member" of the class itself, not the instances. Python calls these "class attributes." Once you know this, class attributes are a tool you'll reach for in a number of circumstances, but they have subtle behaviors that can feel like bugs.

For example, today I was trying to do something like this:

  class Foo(object):

    a = 10

    b = a + 5

which works just fine and does what you might expect (a is 10 and b is 15). But, this will yield an error:

  class Foo(object):

    a = 10

    b = [ a+i for i in range(1,11) ]

You might expect b to contain [ 11, 12, ..., 20 ] but instead, you get an error telling you that a isn't defined. [Note: tested in Python 2.6 and 3.1] This subtle flaw exists because that a+i is actually being executed in a nested lexical scope, but because it was created inside of a class body, it fails to inherit what appears to be the parent scope and thus has no access to its lexically scoped variables. There are many ways to accomplish what you might have intended, here, but none of them are very clean. For example:

  class Foo(object):

    a = 10

    b = [ z+i for z in (a,) for i in range(1,11) ]

Now you are passing a as a parameter to that nested scope, so it works perfectly. It's certainly a stilted way to do this, but it works just fine.
Coming, as I do, from Perl, this feels very odd. Perl's OO model is, at best, a framework upon which to build your own. Even still, this kind of scoping problem just never happens. Any lexical scope introduced anywhere in Perl will have a parent scope which is visually quite obvious. Running into such subtle shifts in Python's behavior seems counter to its stated goal of simplicity and elegance.

Safe browsing and virus removal

2010-03-26T19:00:00.000-04:00

Sometimes you have to use Windows. There might be a game you like that only runs there or you might need a Windows-only program for work. Whatever it is that draws you to Windows, you know going in that you run the risk of your system becoming compromised (becoming a "zombie," getting a key-logger or any number of other harmful scenarios). OS/X is starting to feel the heat of increased market share as well, in case Mac fans thought they were somehow immune. In 2009 and now in 2010, Mac/OS + Safari did quite poorly in a challenge to compromise browsers. My brother just recently got some sort of malware that caused him to spam the family with bogus links, and I put together this overview of what to do in response. In case it's useful to others, here you go:

Preventative:

1) Always use Firefox to browse the web (Safari and Chrome are getting there, but currently don't have the suite of helpful and stable plugins that Firefox does) http://www.mozilla.com/en-US/firefox/personal.html
2) Always use the noscript plugin for Firefox http://noscript.net/ and add exceptions with care
3) If you're going to visit a site that might be questionable, use the "Tools -> Start Private Browsing" feature

Doing anything less is roughly equivalent to going on a sex tour of the third world without condoms. That's not a pretty metaphor, but neither is having your system infected with every bot this side of Robbie from Forbidden Planet.

As for cleaning your existing system... it's hard. The best and safest way is to back up your data and then use the re-install/recovery disks that came with the computer. If you want a less drastic approach (that isn't as guaranteed to work), then I suggest one of these resources:

AntiVir removal tool -- Avira, makers of my favorite free antivirus tool
McAfee Virus Removal Tools -- McAfee (about $90)
Symantec Removal Tools -- Symantec removal tools (free?)

I suggest figuring out what you have first. AntiVir, McAfee or Symantec can be used to do a full scan, and should turn this up. If not, try a malware removal tool like Spybot Search and Destroy SpyBot Search and Destroy (but be careful if you do a Web search for it... don't click on ads, and make sure you spelled it correctly).

To keep yourself safe in the future, make sure you have an up-to-date virus scanning tool (AntiVir has a free version that pops up a single ad for their product only, per day, asking you to buy the full version and there are paid programs from Symantec and McAfee). Also, make sure that you run the latest version of your browser (Firefox will auto-update with security fixes, but you should upgrade to the latest major version at least once every 6 months). Don't use IE. but if you really must, make sure it's updated to the very latest version. Microsoft's track record for keeping old browsers secure isn't very good.

Beyond that, consider doing everything that isn't Windows-specific in a virtual machine. You can get an easy-to-use virtual machine manager at http://www.virtualbox.org/wiki/Downloads and then download the install image for Ubuntu Linux and load it up in the virtual machine. This allows you to do things that would otherwise be unsafe in Windows within a safer environment. It's cumbersome, but the security return on your investment is well worth it.

Peter Watts: An author to check out

2010-03-22T19:12:00.000-04:00

Peter Watts was an interesting author before he became national news. But in light of his treatment at the hands of U.S. Border Police and subsequent conviction on a charge which is as absurdly broad as it is injust, I'd suggest that looking into his work now is probably the easiest way to say, "asking a police officer why you're being detained and searched should not be a felony."

You see, Watts was crossing back into Canada when he was pulled over for what has recently become a routine, random exit search. He made a mistake... a big one. He got out of his car and asked why he was being searched. What he didn't know was that getting out of your car is interpreted as a dangerous and hostile act by police. It's an unfortunate consequence of the adversarial relationship we have with our police force (and they with us) in the U.S. What happened then was a series of increasingly wrong decisions on everyone's part. Watts was ordered back in his car, which he did comply with. An officer got into his car and and punched Watts in the face. Watts was then ordered back out of his car. He asked again what was going on and why he was being treated this way. He was ordered to get down on the ground which is when he again asked why (I'm reminded of The Nightmare Before Christmas and the line, "you aren't comprehending the trouble that you're in.") This is when the police maced him with pepper spray.

In the end, Watts was charged with assault and failure to comply. The officers claimed that he struck first, but this was later refuted in court and different officers' stories were shown to diverge. Anyway, the bottom line is that he wasn't convicted of assault, but under current statutes, that failure to get down on the ground after being hit carries exactly the same penalties. That's right, he committed the same crime by inaction as by attacking a police officer.

So, on the one hand, I'd request that people please support this author. He acted in a way that certainly didn't help, but no one deserves to be hit, bullied and pepper sprayed just for (literally) getting out of line. That's not the kind of country we're supposed to be living in.

On the other hand, we clearly need to change this law. Police should be the first in line demanding that it be so. After all, under the current law, you have nothing to lose once you fail to comply with an officer. Getting physically abusive won't escalate the nature of your crime (at least in terms of the assault charge, there might be additional charges that would apply at that point)! That's just wrong, and police and average citizen alike should demand that failure to comply be separated out with a reduced penalty so that real criminals and people who are just slow to recover from being punched in the face aren't treated the same.

To those who are unsympathetic toward someone who is attacked in this way, keep in mind that purely for selfish reasons, the United States really can't afford to make every non-U.S. Citizen afraid to visit the U.S. Tourism and the sorts of business exchanges that require face-to-face meetings are essential to our continued economic growth. Incidents like this reduce the number of people coming to the U.S. which directly reduces the number of jobs in the U.S.

Following the Health Care Bill

2010-03-19T20:48:00.001-04:00

I've been trying to catch up on the state of the health care bill... it's not easy. There are some good sources, though. PBS has a really excellent comparison on the House, Senate and reconciliation versions of the bill and the Washington Post has a very informative timeline of the changes that the bill will bring. There are some details there that I hadn't realized previously:

All employers over 50 employees would be required to provide insurance for their employees or pay a substantial fine per employee (though you don't pay for the first 30, even if you're over 50). Most people will be required to get insurance if they don't get it from their company, but there will be exceptions (those now covered by Medicaid, those who file a waiver for religious reasons, etc.)

The religious reasons exemption kind of bothers me. I understand that there are those who don't want to seek medical care because they feel that their deity of choice doesn't approve. That's fine, but I don't get to opt out of paying for highways because I don't have a license... and I'm fine with that. It's just one of those infrastructure costs. If the fees for not getting insurance were about the same as the cost of insurance, then I wouldn't see any problem with removing the religious exemption.

Another great source is the Christian Science Monitor (no relation to my above statements). They've always been a great news source, and that continues to be the case. Their coverage of health care reform includes some interesting insight, including the point that requiring people who don't get coverage through work to buy insurance is partially a way to increase coverage, but also helps the insurance companies as many new customers will be young people who are less at risk for expensive conditions. This means that the insurance companies will be able to immediately recover some of their lost margins due to being forced to insure those with pre-existing conditions. Of course, they'll still try to raise rates in response, but I'm seeing some major resistance to that... my company just announced that they're switching providers, probably due to increased rates, though I don't know for sure. Point being that competition will probably prevent these rates from getting too far out of control, though not as much as if there'd been a public option.

The New York Times has a nice opinion piece that covers some of the bickering that's going back and forth right now. It does a reasonable job of tearing apart some of the talking points on both sides (I like the insight about gaming the C.B.O.)

Of course, you can always browse the top stories from lots of sources via Google news, which I like to do every couple of days to keep up on the twists and turns.

There's an interesting bit on the Wall Street Journal site about how the bill's proposed system "does not adequately pay doctors and hospitals in some areas for treating Medicare patients," but that appears to be an existing Medicare problem that this will would expand by increasing enrollment. Pelosi says they're working that one out, now.

No matter what it will be an interesting ride. You can follow the current odds of passage over at Intrade, which I've always been fascinated by as a predictive tool. They're edging up toward 85% right now, but have recently been below 50%, I assume as a result of various announcements coming out about who's voting which way.

iTunes vs. Amazon

2010-03-12T00:29:00.001-05:00

Have you ever compared iTunes and Amazon for music download services? I have, and while both services have something unique to offer, I can quickly point you to the two largest differences between the two. Here's a link to a page on Amazon:

Free Albums on Amazon

And here's a link to a similar service through iTunes.

Free on iTunes

You will notice these differences:

The iTunes link doesn't go to a Web page that has the items on it. Instead it goes to a nearly blank page that, if you have the right browser features, will allow you to launch iTunes to go to the iTunes store.
The Amazon mp3 store has 120 free albums for download. The iTunes store has two songs and a music video. No, I'm not kidding, check it out.

Enough said? Of course, free music isn't all there is, but I figure it's worth going through those 120 albums from Amazon first and then maybe browsing their over 1,500 individual free songs and then think about which music service you want to patronize for your non-free music purchases.