Submitted by brad on Sat, 2009-04-18 19:37.
My prior post about USB charging hubs in hotel rooms brought up the issue of security, as was the case for my hope for a world with bluetooth keyboards scattered around.
Is it possible to design our computers to let them connect to untrusted devices? Clearly to a degree, in that an ethernet connection is generally always untrusted. But USB was designed to be fully trusted, and that limits it.
Perhaps in the future, an OS can be designed to understand the difference between trusted and untrusted devices connected (wired or wirelessly) to a computer or phone. This might involve a different physical interface, or using the same physical interface, but a secure protocol by which devices can be identified (and then recognized when plugged in again) and tagged once as trusted the first time they are plugged in.
For example, an unknown keyboard is a risky thing to plug in. It could watch you type and remember passwords, or it could simply send fake keys to your computer to get it to install trojan software completely taking it over. But we might allow an untrusted keyboard to type plain text into our word processors or E-mail applications. However, we would have to switch to the trusted keyboard (which might just be a touch-screen keyboard on a phone or tablet) for anything dangerous, including of course entry of passwords, URLs and commands that go beyond text entry. Would this be tolerable, constantly switching like this, or would we just get used to it? We would want to mount the inferior keyboard very close to our comfy but untrusted one.
A mouse has the same issues. We might allow an untrusted mouse to move the pointer within a text entry window and to go to a set of menus that can’t do anything harmful on the machine, but would it drive us crazy to have to move to a different pointer to move out of the application? Alas, an untrusted mouse can (particularly if it waits until you are not looking) run applications, even bring up the on-screen keyboard most OSs have for the disabled, and then do anything with your computer.
It’s easier to trust output devices, like a printer. In fact, the main danger with plugging in an unknown USB printer is that a really nasty one might pretend to be a keyboard or CD-Rom to infect you. A peripheral bus that allows a device to only be an output device would be safer. Of course an untrusted printer could still record what you print.
An untrusted screen is a challenge. While mostly safe, one can imagine attacks. An untrusted screen might somehow get you to go to a special web-site. There, it might display something else, perhaps logins for a bank or other site so that it might capture the keys. Attacks here are difficult but not impossible, if I can control what you see. It might be important to have the trusted screen nearby somehow helping you to be sure the untrusted screen is being good. This is a much more involved attack than the simple attacks one can do by pretending to be a keyboard.
An untrusted disk (including a USB thumb drive) is actually today’s biggest risk. People pass around thumb drives all the time, and they can pretend to be auto-run CD-roms. In addition, we often copy files from them, and double click on files on them, which is risky. The OS should never allow code to auto-run from an untrusted disk, and should warn if files are double-clicked from them. Of course, even then you are not safe from traps inside the files themselves, even if the disk is just being a disk. Many companies try to establish very tight firewalls but it’s all for naught if they allow people to plug external drives and thumbsticks into the computers. Certain types of files (such as photos) are going to be safer than others (like executables and word processor files with macros or scripts.) Digital cameras, which often look like drives, are a must, and can probably be trusted to hand over jpegs and other image and video files.
A network connection is one of the things you can safely plug in. After all, a network connection should always be viewed as hostile, even one behind a firewall.
There is a risk in declaring a device trusted, for example, such as your home keyboard. It might be compromised later, and there is not much you can do about that. A common trick today is to install a key-logger in somebody’s keyboard to snoop on them. This is done not just by police but by suspicious spouses and corporate spies. Short of tamper-proof hardware and encryption, this is a difficult problem. For now, that’s too much cost to add to consumer devices.
Still, it sure would be nice to be able to go to a hotel and use their keyboard, mouse and monitor. It might be worth putting up with having to constantly switch back to get full sized input devices on computers that are trying to get smaller and smaller. But it would also require rewriting of a lot of software, since no program could be allowed to take input from an untrusted device unless it has been modified to understand such a protocol. For example, your e-mail program would need to be modified to declare that a text input box allows untrusted input. This gets harder in web browsing — each web page would need to have to declare, in its input boxes, whether untrusted input was allowed.
As a starter, however, the computer could come with a simple “clipboard editor” which brings up a box in which one can type and edit with untrusted input devices. Then, one could copy the edited text to the OS clipboard and, using the trusted mouse or keyboard, paste it into any application of choice. You could always get back to the special editing windows using the untrusted keyboard and mouse, you would have to use the trusted ones to leave that window. Cumbersome, but not as cumbersome as typing a long e-mail on an iPhone screen.
Submitted by brad on Mon, 2009-04-13 13:31.
What should be in a good hotel room?
Well, one thing that’s easy to add to the list is a powered USB hub, with as many as 6 ports and a 3 amp power supply. Toss in some mini-USB cables (possibly just built into the hub) as they have become, for better or worse, the present-day universal charging standard. (At only 2.5 watts, USB is a bit anemic as charging standard, but it’s what we have for now.) A mouse would be nice too, but is a security risk.
Alas, we can’t have a keyboard on it, as nice as that would be, since that can’t be trusted. It might have a keylogger put in it (even by the previous occupant of the room) to grab passwords.
Now this is a fairly cheap item (under $20) and like many other hotel items, it could also be available at the front desk, though it’s so cheap I don’t see a reason for that. While you could not be sure it would be there at every hotel, it would still be useful, since it can add to the charging you bring, and most laptops can be a charging station if you are willing to leave them on overnight. It’s also useful as a hub. Indeed, have two, one on the desk, and one by the bed for cell phones.
We’re almost ready to not need the hotel phone unless you are coming from overseas and pay ridiculous roaming charges. But they still need it to call you sometimes, and I don’t want to have to hand over my mobile number at check-in.
Most hotel rooms now are getting a flat-screen HDTV. That’s great, but rarely do they offer up the VGA port that many of these TVs have, or a cable to plug it in. I recommend a 1080p TV for each room, located in such a way that it can be an external monitor for my laptop. As such there should be a VGA cable connected or handy. The TV could also be connected to the USB hub, and use a video over USB protocol for devices that have USB out but not video out. (This usually needs a driver and has some limitations.) read more »
Submitted by brad on Sat, 2009-04-11 08:33.
Lots of people are doing it — using their digital camera as a quick way to copy documents, not just for taking home, but to carry around. Rather than carry around a large travel guidebook (where most of the weight is devoted to hotels and restaurants in other towns) we normally just photograph the relevant pages for the area we will be exploring. We also do it even with portable items like guides and travel maps since we don’t really want the paper. We also find ourselves regularly photographing maps of cities, facilities and transit systems found on walls. We will photograph transit timetables: take a ferry out, photograph the schedule of ferries going back. In countries where you can’t write the language, photographing the names of destinations, so you can show it to cab drivers and locals is handy.
Yes, I have also seen copyright violation going on, with people taking a temporary photograph of somebody else’s guidebook, or one in a library or hotel. Not to save money, but for the convenience.
While I still think a dedicated travel device makes sense when doing tourism, cameras should embrace this function. Some travel guides, such as Lonely Planet, will sell you a PDF version of the book or chapters in it. Perhaps being able to read PDFs is more than a camera wants to do, but these could be converted to PNGs or some other clear and compact format. A very simple book browser in the camera is not a tall order, considering the level of processing they now have. Though there seems to be a lot to be said for the simplicity of the camera’s interface, where you turn a wheel to find a page and then zoom in. If there’s a browser it had better be easier to use than that.
However, even simpler would be a way to tag a photo as being text (indeed, many cameras could probably figure out that a photo is dense with text on their own.) Such photos would be put into their own special folder, and the camera’s menu should offer a way to directly go to those photos for browsing.
I realize the risk here. Forced convergence often results in a device that does nothing well. In this case people are already using the camera for this, because it is what they are carrying. There is already pressure to make camera screens bigger and higher resolution, and to give them good interfaces to move around and zoom in.
In time, though, travel guides might deliberately make versions that you store on the flash card of your camera. Of course, you can already do this on your PDA, and I read eBooks on my PDA all the time. And sometimes your cell phone/PDA is your camera.
Submitted by brad on Thu, 2009-03-26 22:54.
I’m on the shores of Kinneret (Sea of Galilee to Christians) for Israel’s version of FOO Camp. A great time so far, after visiting Haifa and the area. To Tel Aviv on Sunday to speak at the Marker’s internet conference for those of you who are in the area.
The title reflects what I was told is sort of a national catchphrase. This is indeed a complex country. The first thing you can’t avoid seeing is the massive amount of security. Going into ordinary buildings, even a shopping mall can be like going to the airport in many places. Like fish in water, however, many Israelis no longer notice it the way a visitor does. Scores of times a day you will see groups of IDF with submachineguns slung on their backs, as well as solo soldiers, as all Israelis do a tour in the army. And at the same time all I have seen has been tranquil and very friendly.
More observations upon my return, bit of blogging break until then.
Submitted by brad on Tue, 2009-03-17 17:05.
The news of the past few days has been full of anger that AIG is paying $165 million in bonuses out to managers who drove the company into insolvency, using federal bailout money to do it. The excuse — these bonuses were guaranteed in contracts.
This may be the case. I have always thought it strange when a contract includes a mandatory bonus and not sure what the point is. A normal bonus is contingent on some metrics of personal or corporate success. If this is the case here, did they just design their metrics so badly that the goals were met even in light of driving the company into the ground?
However, if you’ve been through a corporate buy-out or rescue, you know that contractual rewards like these get nullified fairly often. Usually it’s presented as a choice between getting your bonus from a bankrupt company (and thus being in line with other creditors to collect nothing, or a small fraction) or renegotiating your contract to help the rescued company get the deal. You can be a hold-out, of course, but only if it is your plan to resign, since the new management, and the people who did renegotiate, will have no interest in working with you.
Stockholders get this done to them all the time. They have various rights in the stockholder agreement, but the white knight says, “No deal unless we redo those agreements from scratch with new terms.” Stockholder agreements can be renegotiated for everybody with not everybody agreeing, however, unlike bonus agreements.
The buyout of AIG was of course different. First of all it was done in an emergency, to keep confidence in the economy. And it was done by the government, which had no choice but to do it. With no choice, the normal threat of “Fix the bonus contracts or we won’t do the rescue” was not an option for the government. And finally, the government is easy to embarrass politically. It has to be seen as benevolent, unlike a corporate raider or rescuer.
Still, I am surprised they could not make it clear that it’s “Take your contracted bonus and resign with a stink on your name, or lower/eliminate your bonus and keep your job.” Perhaps they did, but the bonuses are so sweet that the former is the easy choice. This case is famous enough that those who decided to take their bonus and leave would become well known, or at least their circumstances would be well known. A resume that says “Left AIG March 09” would be one that spoke of failure and greed.
It may just be a lesson that companies need to do better at writing bonus contracts, so they don’t pay off in the event of total company failure, or any failure connected to the employee of this scale. These would not be hard to negotiate. At the table, you can’t seriously stand up and demand you get your bonus even if you drive the company into the ground. You can’t make that a deal-breaker.
Update: A NYT Op-Ed on other ways to get out of bonus contracts.
Submitted by brad on Mon, 2009-03-16 15:39.
Last week I wrote about what I consider the main goal of green electricity
efforts, namely to stop burning coal. You can do that, to
some extent, by removing demand from the grid in places where the grid is
coal-heavy. Even in other places, removing demand from the grid will be
fairly effective at reducing the production of greenhouse gases.
Update: Since this article a flood of cheap solar panels from China has been changing some of the economics discussed here. I have not altered the article but some of its conclusions deserve adjustment.
No matter what you do — conserve, or put up solar or wind — your goal is
to take power off the grid. Many people however, consciously or unconsciously
take a different goal — they want to feel that they are doing the green
thing. They want their electricity to be clean. This is actually a
dangerous idea, I believe. Electrons are electrons. In terms of reducing
emissions, you get the exact same result if you put a solar panel on your
house than if you put it on your neighbour’s house. You even get a better
result if you put it on a house that’s powered by a coal plant, so long as
you also reap the benefit (in dollars) of the electricity it makes.
People don’t like to accept this, but it’s much better to put a wind
turbine somewhere windy than on your own house. Much better to put a solar
panel somewhere sunny than on your own house. And much better in all cases
if the power you offset is generated by more by coal than at your house.
However, the real consequences are much deeper. The following numbers
reveal it is generally a bad idea to put up solar panels at all, at least right
now. That’s because, as you will see below, solar panels are a terrible
way to spend money and time to make greener electricity. Absolutely
dreadful. Their only attribute is making you feel good because they
are on your roof. But you should not feel good, because you could (in theory, and I believe with not much work in practice) have
made the planet much greener by using the money you spent on the panels
in other ways.
The true goal is to find the method that provides the most bang per buck in removing load from the dirty grid.
Keep reading to see the math and a spreadsheet with some very surprising numbers about what techniques do that the best. read more »
Submitted by brad on Sat, 2009-03-14 16:43.
As you may know, I allow anonymous comments on this blog. Generally, when a blog is small, you don’t want to do too much to discourage participation. Making people sign up for an account (particularly with email verification) is too much of a barrier when your comment volume is small. You can’t allow raw posting these days because of spammers — you need some sort of captcha or other proof-of-humanity — but in most cases moderate readership sites can allow fairly easy participation.
Once a site gets very popular, it probably wants to move to authenticated user posting only. In this case, once the comment forums are getting noisy, you want to raise the bar and discourage participation by people who are not serious. My sub blog on Battlestar Galactica has gotten quite popular of late, and is attracting 100 or more comments per post, even though it has only 1/10th the subscribers of the main blog. Almost all post using the anonymous mechanism which lets them fill in a name, but does nothing to verify it. Many still post under the default name of “Anonymous.”
Some sites let you login using external IDs, such as OpenID, or accounts at Google or Yahoo. On this site, you can log in using any ID from the drupal network, in theory.
However, drupal (which is the software running this site) and most other comment/board systems are not very good at providing an intermediate state, which I will call “casual comments.” Here’s what I would like to see:
- Unauthenticated posters may fill in parameters as they can now (like name, email, URL) and check a box to be remembered. They would get a long-term cookie set. The first post would indicate the user was new.
- Any future posts from that browser would use that remembered ID. In fact, they would need to delete the cookie or ask the site to do so in order to change the parameters.
- If they use the cookie, they could do things like edit their postings and several of the things that registered users can do.
- If they don’t pick a name, a random pseudonym would be assigned. The pseudonym would never be re-used.
- Even people who don’t ask to be remembered would get a random pseudonym. Again, such pseudonyms would not be re-used by other posters or registered users. They might get a new one every time they post. Possibly it could be tied to their IP, though not necessarily traceable back to it, but of course IPs change at many ISPs.
- If they lose the cookie (or move to another computer) they can’t post under that name, and must create a new one. If they want to post under the same name from many machines, create an account.
- The casual commenters don’t need to do more special things like create new threads, and can be quite limited in other ways.
In essence, a mini-account with no authorization or verification. These pseudonyms would be marked as unverified in postings. A posting count might be displayed. A mechanism should also exist to convert the pseudonym to a real account you can login from. Indeed, for many sites the day will come when they want to turn off casual commenting if it is getting abused, and thus many casual commenters will want to convert their cookies into accounts.
The main goal would be to remove confusion over who is posting in anonymous postings, and to stop impersonation, or accusations of impersonation, among casual posters.
I don’t think it should be too hard to make a module for drupal to modify the comment system like this if I knew drupal better.
Submitted by brad on Fri, 2009-03-13 12:08.
Coach is cramped, but not everybody can afford business class. In addition, there are airlines that require fat people to purchase a second seat if they can’t fit into one. Fortunately I am not in that department, but it seems there is an interesting alternative that might make sense for all — selling half of a middle seat, for half price (or less) to somebody wanting more room in coach.
The idea, of course, is that two passengers want this extra room. So if sold at half-price, the airline effectively is selling that seat for full price. In fact, since they don’t have to provide any services for that missing passenger — nor carry the weight and luggage or offer miles — they could and should sell the guaranteed empty middle for less than half, perhaps as low as 1/3rd.
On the other hand, half the time there would be an odd number of passengers buying half a middle, which would cost the airline half a fare on half the flights. They might need to bump the cost slightly to account for this.
Of course, ideally these would be rows where the armrest is able to go up fully so it doesn’t stick into you even if you recline, though not all airlines do that.
Now there is a bit of gamesmanship to be played on flights that vary widely in load. After all, if a flight is not that loaded, the middle seats will be vacant anyway, and no revenue would be lost by offering the guaranteed empty seat. I can see two strategies for selling in these conditions:
- The passenger pays full-bore (say 40% extra) for the seat. However, if the flight is light enough that many middles are empty, they pay nothing. The passenger always gets value for money and never feels they paid for what others got free.
- The passenger pays a lower fraction, based on how often it’s truly needed. Say it’s needed only half the time. Pay 20% extra, and always get the empty middle, but no refund even on an empty plane. (Perhaps give “whole row” preference on really empty flights.)
Which would you prefer? Of course if you feel comfy in a full coach cabin, you would not desire either.
Passengers of course would be strategic, and look at the seat map to see how loaded the plane is, and buy the premium only if the flight is filling up. The airline may or may not wish to allow upgrading an existing ticket because of this.
This is also something that could be offered for miles instead of cash.
As you may know, many airlines already do this for their elite passengers, only filling the middle between two elites if the flight is completely full. Promotion to premium legroom sections (which United offers for cash) could be combined with this. A seat in United’s Economy Plus with an empty seat next to you gets much closer to Business Class in terms of space, though it still lacks other comforts.
Update: The question came up of full fights with sold empty middle seats. If a passenger has bought this because he can’t fit in a single seat, there are few options, unless the passenger they want to add is very small, like a child. However, if the passenger bought the seat simply for extra comfort, but still can fit, they could sell it back to the airline for whatever can be agreed on. The airline could offer cash, business class upgrades, or free half-seat upgrades on future flights, and many passengers might take it. After all, anybody who purchased such a half-seat is the sort who would find a business class upgrade valuable. This might be arranged in advance. For example, the fare rules might say, “The airline, at its discretion, can fill the empty middle seat with a passenger of below average size in exchange for compensation X.” A ticket where the seat can’t be filled, no way, no how, could cost more, but still a lot less than the option they offer today of purchasing an entire seat.
When I fly with my companion, of course, we usually book aisle and window with empty middle between us. If they seat somebody there, we let them have the window. There are tricks to try to otherwise get that empty middle.
Like premium economy, airlines could make money from selling these guaranteed middle seats to business travelers whose companies have a rule that they won’t pay for business class, but will pay for improved economy seating.
Some other options might include a focus on putting somebody as small as possible in the seat, such as an unaccompanied minor.
Some of this also touches on a different problem I will address in a future blog post. Airlines should, if they can, avoid seating two large people in the same pair or trio of seats. While I am sure I’ll get claims of “the fatties deserve this for not curbing their appetites” it’s a hard problem to solve, since everybody, thin or wide, would want to get tagged as wide to avoid having a crowded row. More on this later.
Submitted by brad on Fri, 2009-03-06 15:32.
I recently attended the eComm conference on new telephony. Two notes in presentations caught my attention, though they were mostly side notes. In one case, the presenter talked about the benefits of having RFID tags in everything.
“Your refrigerator,” he said, “could read the RFID and know if your milk was expired.” In the old days we just looked at the date or smelled it.
Another presenter described a project where, with consent, they tracked people wherever they went using their cell phones, and then correlated the data, to figure out what locations were hot night spots etc. In a commercialization of the project, he said the system could notice you were visiting car dealerships and send you an email offering a bargain on a car.
Now I won’t try to say I haven’t seen some interesting applications for location data. In fact, many years ago, I started this blog with an article about a useful location aware service of my own design.
But why is it that when people are asked to come up for applications for some of the most intrusive technologies, they often come up with such lame ones? Perhaps you may have concluded that your privacy is doomed, and these invasive technologies are coming, but if so, can we at least give up our privacy for something a bit more compelling than having to smell the milk?
I mean, RFIDs in everything (and thus the trackability of everything for good and ill) just so your fridge can be a touch smarter? So you can be marketed to better and thus, in theory, get slightly cheaper products — at least until all sides have the technology and the competitive advantage goes away.
Have we revealed all our data about ourselves and our friends to Facebook just so we can throw sheep?
I’m not saying that throwing sheep (or the other, more practical applications of Facebook) aren’t fun, but are they worth the risk? I don’t say cost because you don’t see the cost until long after, until there has been a personal invasion? What if Falun Gong’s members had all been on Facebook when the Chinese government decided it was time to round them up? Mark my words, there will, before too long, be some group that a government decides to round up, using a social networking tool to find them. What cool apps are worth that?
There are ways to do applications on private data that are not nearly as risky. My yellow button application only transmits your location when you take an action, and that transmission can use a pseudonym. The real function can take place in the phone, knowing where it is, and knowing where interesting locations are that it needs to no more about. In this case, the network only learns something about you during explicit actions. The dangerous ones are the ones that are on all the time, that track and record your whole sea of data to do something useful. It is your whole sea of data that is the most dangerous to you, because if untrained eyes look in a big sea of data with something already in mind, they will find it, whether it’s there or not. That’s not as true for specialized subsets.
Comments welcome, even Anonymous ones!
Submitted by brad on Thu, 2009-03-05 00:35.
I’m looking at you Ubuntu.
For some time now, the standard form for distributing a free OS (ie. Linux, *BSD) has been as a CD-ROM or DVD ISO file. You burn it to a CD, and you can boot and install from that, and also use the disk as a live CD.
There are a variety of pages with instructions on how to convert such an ISO into a bootable flash drive, and scripts and programs for linux and even for windows — for those installing linux on a windows box.
And these are great and I used one to make a bootable Ubuntu stick on my last install. And wow! It’s such a much nicer, faster experience compared to using CD that it’s silly to use CD on any system that can boot from a USB drive, and that’s most modern systems. With a zero seek time, it is much nicer.
So I now advocate going the other way. Give me a flash image I can dd to my flash drive, and a tool to turn that into an ISO if I need an ISO.
This has a number of useful advantages:
- I always want to try the live CD before installing, to make sure the hardware works in the new release. In fact, I even do that before upgrading most of the time.
- Of course, you don’t have old obsolete CDs lying around.
- Jumping to 1 gigabyte allows putting more on the distribution, including some important things that are missing these days, such as drivers and mdadm (the RAID control program.)
- Because flash is a dynamic medium, the install can be set up so that the user can, after copying the base distro, add files to the flash drive, such as important drivers — whatever they choose. An automatic script could even examine a machine and pull down new stuff that’s needed.
- You get a much faster and easier to use “rescue stick.”
- It’s easier to carry around.
- No need for an “alternate install” and perhaps easier as well to have the upgrader use the USB stick as a cache of packages during upgrades.
- At this point these things are really cheap. People give them away. You could sell them. This technique would also work for general external USB drives, or even plain old internal hard drives temporarily connected to a new machine being built if boot from USB is not practical. Great and really fast for eSata.
- Using filesystems designed not to wear out flash, the live stick can have a writable partition for /tmp, installed packages and modifications (with some security risk if you run untrusted code.)
Submitted by brad on Wed, 2009-02-25 15:47.
There are many ways to go green, though as I have identified, the vast bulk of the problem is in just a few areas — personal transportation, electrical generation, building design/heating/cooling and agriculture.
While those who focus on CO2 work from the fact that both Natural Gas and Coal, which produce 70% of the USA’s electricity, emit CO2, coal is a much bigger villain.
- Coal is 50% of the US electricity supply, gas is only 20%.
- Coal produces all sorts of nasty pollution in addition to CO2, including sulfur products for acid rain, radioactive elements and worst of all, fine particulates, which are major killers of the elderly.
- Coal mining is highly destructive, and lives are regularly lost.
- Coal power plants are not as efficient as gas ones. This is both due to the simplicity of gas plants, and the fact that many coal plants are older. The worst coal plants are almost twice as inefficient, and emit more than twice the greenhouse gasses, as gas plants. Some modern coal plants are a bit better, but the gap is still large.
- Coal plants are slower to turn off and on than gas plants. They are better than nuclear plants.
- There are lists of more at other web sites.
The problem is that coal is cheaper. Particularly once you have the coal plant. I’ve seen estimates all over the map but many suggest that the fuel cost of coal electricity is in the range of just 2-3 cents per kwh, and 1-2 cents more for gas fired. Hydro doesn’t really have a fuel cost, and while nuclear does, it’s a much harder cost to measure.
That cheaper price has given us a 50% coal electric infrastructure. With hydro, the amount of water that is going to flow through your plant is fixed by the weather. You want to use all of it (ideally at peak times) and keep your reservoirs at the same level each year. Nuclear is hard to start and stop, so you use it for base load. It’s expensive to build, but you want to use the plants you have to their capacity.
So my understanding is that if demand on the grid goes down (say, because somebody puts solar panels on their roof or conserves energy) the first reaction of the power companies is to burn less natural gas, because it’s a bit more expensive, and the easiest thing to cut back on. However, the power grids (there are 3 main ones in the USA and various sub-grids) are not superconductors, so due to line losses, it is cheaper to reduce output on the plants closest to the reduced demand. So the situation varies a lot.
All the power sources have their downsides. Nuclear’s are well known and controversial. Hyrdo is clean but destroys river systems and habitats. Gas emits CO2 but is clean as far as fossil fuels go. (Leaks of it also emit methane.) Oil is barely used. Coal’s only upside is its price, and the existing base of coal plants and mines.
So while it is good to look at reducing all energy production that has problems, right now if you want to do something green, it’s a fair, if broad statement to say that the best way to do it is to stop the burning of coal.
What that means for people who don’t run power companies is that reducing electrical demand in a sub-grid that is heavy with coal (such as Chicago or West Virginia) is a fair bit better than doing it in a coal-light sub-grid like California. And doing it in a place like China would be even better.
There is an irony here. Californians tend, on average, to be more eco-conscious than others. This is the birthplace of the Sierra Club after all. And because it is natural for people to focus on where they live, you see lots of effort to conserve energy or use alternative energy in California. But the same efforts would get 65% more bang for the buck if they took place in the midwest or southwest. This calculator claims to report the CO2 cost of electrical production in each zip code. It uses numbers from the North American Electric Reliability Council (NERC) for different sub-grids:
NERC region acronym
NERC region name
Alaska Systems Coordinating Council
Electric Reliability Council of Texas
Florida Reliability Coordinating Council
Hawaiian Islands Coordinating Council
Midwest Reliability Organization
Northeast Power Coordinating Council
Reliability First Corporation
SERC Reliability Corporation
Southwest Power Pool
Western Electricity Coordinating Council
Combined National Average
This conclusion will be disturbing for some. If you’re considering putting a solar panel on your roof in California, you would do 65% better at reducing pollution if you put the panel up on a roof in Arizona. (Actually a little better as Arizona has better sun.) If you are considering putting a solar panel up in Vermont, you would do almost 3 times better to put it in the southwest, since not only is their power twice as dirty, but they get a lot more sun.
What you would not get is the personal satisfaction of seeing panels on your roof and feeling that you personally are green. But there really is no such thing as solar electrons. Electricity is just electricity. There’s a big grid (and not being grid tied is really non-green) and the most you can do is improve how green the grid is. It doesn’t make a difference if you put the solar panels up on your house or a house across town. And it makes a positive difference if you put it up where it will have the best effect. It just doesn’t feel as good.
Now, can you go put panels on another roof? Not at present. But it certainly could be made to happen. In fact, oddly, the tax breaks are better for corporations who put up panels then they are for individuals, though this may change with new laws. Leaving out rebates and credits, a business could be set up to offer people in high-sun, high-coal areas subsidized solar power on their houses. The money they would have paid their power company could go instead to pay your power company as you continue to buy energy from your cleaner grid, having reduced demand in their dirtier grid. This works best when the power prices are similar — with PG&E’s “tiered” pricing in California this may not pan out.
It would also be possible to set up green power companies that put up green power plants in coal-heavy areas. They sell their power there, and the income would flow to investors on greener grids to pay for their grid power.
However, in a future blog post you’re going to learn something even more surprising, if you’ve been a booster of solar. It’s that it is a poor idea to put up solar panels at all, even in the coal-heavy, sunny southwest. In fact, it’s one of the worst ways you could use your money to green the planet. Stay tuned.
Submitted by brad on Tue, 2009-02-24 16:19.
There are many opinions about whether the bailout and stimulus package are a good idea or not. But one thing that I hope everybody agrees is bad is that it teaches the lesson that if you screw up so badly that you hurt the global economy, we’re not going to let you fall. Take huge risks because in the event of catastrophe, the government has no choice but to make it better.
Is there a way to do a bailout that doesn’t end up rewarding, or even saving, the people responsible?
Well, outside of the frauds like Madhoff, many of them did not break the law, or didn’t break it severely. Those who broke the law should get the punishment of the law. A lot of people just looked the other way has horribly bad loans were financed, resold and insured in strange ways. Some people had no idea what they were doing was so dangerous. Some didn’t know but should have known. Some suspected but ignored the evidence. And some knew, but where happy if they were getting their share.
I propose taking a small fraction of the bailout and stimulus and using it for “punishment.” It need not be much. With a possible 2 trillion dollars to spend, even 1% would be 20 billion dollars which surely buys a lot of enforcement, and of course stimulates the industries of enforcement. But we don’t need even 1%.
The first step is to define a set of good practices and ethics defining who did wrong. They would be fairly narrow. They would not catch the people who didn’t know they were doing something wrong and were not at the level that they should have known. This is not a simple task but I think it can be done.
The next step is to say “no bailout or stimulus money for any company which employs or significantly compensates, above minimum wage, a person responsible for the collapse.” They lose their jobs. If millions are to be out of work, start with the people responsible. The most adapatable of the laid off can take some of their jobs. If the government can fire all the air traffic controllers without catastrophe, I suspect a lot of bankers can be fired too. Only minimal dole for those fired too, enough to survive, but not well. They will be incented to find other jobs, in industries not getting bailout and stimulus money. Or they can work for minimum wage in their old jobs.
Culpability will run up, as well. While there will still be standards of proof, and a presumption of innocence, if a group of people all working for one person are guilty, that person is going to have to work hard to convince a jury they had no knowledge of what went on underneath and that this was as it should be.
So yes, this means the CEOs and other top executives of most of the banks and brokerages involved will be out of work. I think they can handle it. If they are really civic minded, they can keep their jobs for minimum wage, no options, no bonus.
Now this is not my favoured plan. I think people who screw up should, wherever possible, be allowed to fail, and they and the stockholders will pay the price. If executives mislead stockholders, they should be subject to the rules. But if we have to not do that, somehow a message must get out that if you do something like this, you’re going down.
Note that I also expect, and hope, that many of these people have been fired already. But some of them haven’t. Some got fat bonuses instead.
Submitted by brad on Sat, 2009-02-14 19:34.
Product recalls have been around for a while. You get a notice in the mail. You either go into a dealer at some point, any point, for service, or you swap the product via the mail. Nicer recalls mail you a new product first and then you send in the old one, or sign a form saying you destroyed it. All well and good. Some recalls are done as “hidden warranties.” They are never announced, but if you go into the dealer with a problem they just fix it for free, long after the regular warranty, or fix it while working on something else. These usually are for items that don’t involve safety or high liability.
Today I had my first run-in with a recall of a connected electronic product. I purchased an “EyeFi” card for my sweetie for valentines day. This is an SD memory card with an wifi transmitter in it. You take pictures, and it stores them until it encounters a wifi network it knows. It then uploads the photos to your computer or to photo sharing sites. All sounds very nice.
When she put in the card and tried to initialize it, up popped a screen. “This card has a defect. Please give us your address and we’ll mail you a new one, and you can mail back the old one, and we’ll give you a credit in our store for your trouble.” All fine, but the product refused to let her register and use the product. We can’t even use the product for a few days to try it out (knowing it may lose photos.) What if I wanted to try it out to see if I was going to return it to the store. No luck. I could return it to the store as-is, but that’s work and may just get another one on the recall list.
This shows us the new dimension of the electronic recall. The product was remotely disabled to avoid liability for the company. We had no option to say, “Let us use the card until the new one arrives, we agree that it might fail or lose pictures.” For people who already had the card, I don’t know if it shut them down (possibly leaving them with no card) or let them continue with it. You have to agree on the form that you will not use the card any more.
This can really put a damper on a gift, when it refuses to even let you do a test the day you get it.
With electronic recall, all instances of a product can be shut down. This is similar to problems that people have had with automatic “upgrades” that actually remove features (like adding more DRM) or which fix you jailbreaking your iPhone. You don’t own the product any more. Companies are very worried about liability. They will “do the safe thing” which is shut their product down rather than let you take a risk. With other recalls, things happened on your schedule. You were even able to just decide not to do the recall. The company showed it had tried its best to convince you to do it, and could feel satisfied for having tried.
This is one of the risks I list in my essays on robocars. If a software flaw is found in a robocar (or any other product with physical risk) there will be pressure to “recall” the software and shut down people’s cars. Perhaps in extreme cases while they are driving on the street! The liability of being able to shut down the cars and not doing so once you are aware of a risk could result in huge punitive damages under the current legal system. So you play it safe.
But if people find their car shutting down because of some very slight risk, they will start wondering if they even want a car that can do that. Or even a memory card. Only with public pressure will we get the right to say, “I will take my own responsibility. You’ve informed me, I will decide when to take the product offline to get it fixed.”
Submitted by brad on Tue, 2009-02-10 20:41.
Just returned from BIL, an unconference which has, for the last two years, taken place opposite TED, the very expensive, very exclusive conference that you probably read a lot about this week. BIL, like many unconferences is free, and self-organized. Speakers volunteer, often proposing talks right at the conference. Everybody is expected to pitch in.
I’ve been very excited with this movement since I attended the first open unconference, known as barCamp. The first barcamp in Palo Alto was a reaction to an invite-only free unconference known as FooCamp, which I had also attended but was not attending that year. That first camp was a great success, with a fun conference coming together in days, with sponsors buying food and offering space. The second barcamp, in DC, was a complete failure, but the movement caught on and it seems there is a barcamp somewhere in the world every week.
This year BIL was bigger, and tried some new approaches. In particular, a social networking site was used to sign up, where people could propose talks and then vote for the ones they liked. While it is not as ad-hoc as the originals, with the board created at the start of the conference, I like this method a lot. The array of sessions at a completely ad-hoc conference can be very uneven in quality, and assignment to rooms is up to a chaotic procedure that may put an unpopular talk in a big room while a small room is packed to the gills. (This even happens at fully curated conferences.)
Pre-voting allowed better allocation of rooms, and in theory better scheduling to avoid conflicts (ie. noting that people want to go to two talks and not setting them against one another.) BIL also had some spare slots for people who just showed up with a talk, to keep that original flavour. read more »
Submitted by brad on Mon, 2009-02-09 20:29.
Recently, some prosecutors, in efforts to crack down on drunk driving, are pushing for murder convictions. This is happening in the case of really blatant disregard on the part of the drunk drivers — people with multiple DUIs getting smashed, going out, and killing.
In watching coverage of this trend, over and over again I heard it said that the killer’s sin was “getting behind the wheel when drunk.” And that is in fact what we punish with DUI laws. Because so many people have done it (without killing anybody) there is surprising sympathy for the drunk drivers — there but for the grace of god go I.
But is that the right sin? That decision is always made once the person has impaired judgement. Something to me seems wrong about punishing a decision made when one has lost the ability to make good decisions. While I don’t drink, and have no sympathy for the actions of drunks, I think the real transgression comes much earlier.
The real transgression is allowing yourself to get impaired in circumstances where you would then be sufficiently likely to make deadly wrong decisions. A simple example of this would be having enough alcohol to move from sober to drunk when you have your car with you and plan to drive home. Of course, many people in that situation will do the right thing, and still be clear enough to know they should get a cab home, and then come back to pick up their car later. But of course, many don’t. And worse, there is often an incentive not to — such as paying for two taxi fares, and dealing with the car’s location becoming a no-parking zone in the morning.
I believe people should be punished for risky decisions they make while sober, more so than ones they make while drunk. It should be expected that people will make poor decisions and take unacceptable risks when drunk. That is what impairment means. It is the decisions they make when sober, when they know right from wrong, that the law should punish.
Now let me describe how this might work in theory, and then discuss the harder question of making it work in practice.
The simplest way to behave well is to never take your car to go drinking. That car parked outside is too much temptation once you are drunk. And this is what the designated driver concept is about. To get more specific, you must not take the drinks that make you impaired without first, while still not so impaired, making plans to get home so you have no temptation to drive your car. This can include arranging a ride with a sober person, pre-contracting with a taxi company for later pickup, or putting your car keys into escrow.
Car key escrow, for example, would involve giving the keys to a friend or the bartender, who will not return them to you until you are sober. A high-tech version might be a simple lockbox. You can put your keys in the lockbox (provided by a responsible bar) and can only get them out by blowing into the box with alcohol below the limit. The act of escrow, taken while sober, makes you legal. The act of drinking beyond your limit without making alternate plans is the immoral act. Having any recorded plan for getting home — cab, designated driver, transit ticket, keys in escrow — is enough to be acting morally.
Now how to enforce this? Well, we can’t really have police coming into bars, and asking all patrons who are beyond the limit to prove they made alternate plans. Police could check inebriated people leaving bars, but don’t typically have the time for this. If this sort of rule is to be enforced, it would have to be through legal liability on those who serve alcohol (bars, party hosts) to assure none of their guests go beyond the limit without plans, or at least the easy ability to make plans. (Cheap key lockboxes might help in this area.)
And of course, anybody who did drive drunk would be guilty since they obviously didn’t make adequate plans. This approach would simply expand the culpable act to the broader situation of having deliberately (while sober) put yourself in a situation where this has a real chance of taking place.
There are problems of course. Often “guests” come to parties uninvited and get drunk. We’ve all had a fairly drunk person at a party we barely know. Or we may not know the drinking habits of the friends we do invite. Bartenders deal with people arriving who already got sauced at another bar and just have the last few drinks before they drive in the 2nd bar. We want people to act responsibly, not have to go overboard and be paranoid about each guest. Ideally we want the full weight of the law to fall on the sober person who got drunk while his or her car was outside.
One unconnected option might make sense. Parking laws might be changed to let you get out of certain kinds of parking tickets if you can show proof you took an alternate way home because you are drunk. Taxi drivers who take drunks home could issue such a dated receipt. Friends could testify under oath that they drove you home because you were drunk. This might make people more willing to leave cars behind in certain areas. It would have to be clear what those areas were (for example, parking that was free at night but becomes metered or prohibited at 7am) so that the parking does not become a problem. Still the extra parked cars are a better thing to have than cars with drunks behind the wheel.
Submitted by brad on Thu, 2009-02-05 15:36.
Here’s a short new robocar essay, on Robocars helping bring about flying cars.
The thesis of the essay is simple. The quest for flying cars has always had to deal with the very difficult compromise between a vehicle that flies and one that drives. It’s just really hard to make one vehicle to do both.
The robocar (or rather robotaxi) solution is to not try to do both in one vehicle, but adapt to the idea you can hire a robotaxi to zip you right to your plane, and another one will be waiting on the taxiway when you land for a quick transition. It’s not the “take off from your house” vision, though. Of course, independently, the planes themselves could become computer-flown, as is almost the case today. If this happened, and the planes were able to do short takeoff and landing, and do it quietly (perhaps hybrid engines which use battery just for takeoff and landing) the world might accomodate airstrips in much more convenient places, even old stretches of road that don’t have overhead wires.
And don’t forget, I’ll be giving a robocar talk at BIL in Long Beach this weekend.
Submitted by brad on Mon, 2009-02-02 23:05.
As I move to get more paper out of my life, one thing I’m throwing away with more confidence is manuals. It’s pretty frequent that I can do a search for product model numbers or other things on a manual, and find a place to download the PDF. Then I can toss the manual. I need to download the PDF, because the company might die and their web site might go away.
I would like to make this even easier. For starters, it would be nice if the UPC database (UPC are the bar codes found on all retail products) would also offer a link to getting all manuals and paper that come with a product. I would then be able to just photograph the bar codes of all my products with my phone or camera, and cause automatic download or escrow of all manuals. Perhaps a symbol next to the UPC could tell me this is guaranteed to work.
It would be even better if companies escrowed the manuals, which is to say paid a one-time fee to a trustable company which would promise to keep the documents online forever. This company must be backed by a very solid company itself, perhaps a consortium of all the major vendors with a pact that if any of them go other, the rest take up the slack of maintaining the site.
In fact, all free, public documents should have a code on them that can be turned into a URL where I can fetch the document, as PDF, HTML or even MSWord. Any attempt to scan such a document would pick up this code and know it doesn’t have to scan the rest unless it is marked up. For books, we sould key off the ISBN as well as the UPC. Eventually one of the newer, compact 2-D “barcodes” could be used to code a number to find the docs.
Of course, many products are now coming without manuals at all, and that’s largely fine with me.
Submitted by brad on Wed, 2009-01-28 15:13.
Here’s a nice story about the Kiva warehouse delivery robot now being used by major retailers like The Gap. Factory floor robots have been around for some time, and the field even has a name “automated vehicle guidance systems” but these newer deliverbots kick it up a notch, picking up shelves and bringing them to a central area for distribution, finding their way on their own with sensors.
We’re also seeing more hospital deliverbots, which — very slowly — take things around hospitals, roving the same corridors as the people. When a robot goes very slowly, people are willing to allow it to travel with them. The technological question is, how hard it is it to raise that speed and stay safe, and make people believe that they are safe.
Some applications care little about speed, and the slow robots already have a market there. We would not tolerate super slow robots on our streets, getting in the way of our cars, regularly.
One answer may be “extremely deferential” behaviour. Consider a deliverbot trundling down a low-volume street at 10 kph (6mph). It would be constantly checking for a vehicle coming up behind it, using radar, lasers and cameras. With LIDAR it would get about 90 meters of warning, with other sensors perhaps more. Say it detects a car coming behind it at 50 km/h (30mph). It has 8 seconds, during which it will will cover 22 meters. If it’s a small robot — and we might limit the robots to make them small — odds are reasonable that it might find a place in which to duck, such as a driveway. These robots aren’t parking, so they can move into driveway entrances, fire hydrant locations and many small non-parking spaces along the road.
Indeed, it need not find a place to pause on its own side of the road. If there is no immediate oncoming traffic, it could deek to the other side of the road for a hiding spot. Ideally it would be clever and not pick a driveway which has a moving car or even a car sensors reveal has the engine running.
Indeed, it’s not unreasonable for the deliverbot to simply move into the oncoming lane if it is clear, to let the human vehicle pass. This is a bit disconcerting to our usual sense of how things work — slow vehicles don’t move to the left for us to pass them — but there is no reason it could not be true. This is on urban streets where stopped vehicles, turning vehicles and even pedestrians are found in the middle of the street all the time, and drivers have plenty of time to stop for them. Nobody is going to hit such a vehicle, just get annoyed by it.
For the driver, they would see various slow deliverbots on the road ahead. But in all but unusual circumstances, by the time they got close to those robots, they would have pulled out of the lane, to pause in driveway entrances. The main risk is the driver might start to depend on this, and plow right into such a vehicle (at slow speeds) if there was no place for it to pull over. A deliverbot that doesn’t immediately see a place to pull over would probably start blinking a very obvious flashing light on the back, increasing the warnings if the vehicle does not slow down. It might also speed up a little bit, if safe to do so, to reach a spot to pause.
Why is this interesting? I think we’re much closer to building a vehicle that could go 10 kph on slow city streets, using LIDAR. If the vehicle is small and doesn’t weigh a great deal, it simply won’t be capable of doing much damage to people by hitting them. It could even be equipped with airbags on the outside should this ever become unavoidable. The main problems would be people hitting them, or being annoyed by them.
Once accepted, as safety technology improves, the speed can improve — eventually to a level where they don’t get in the way, other than in the sense that any other vehicle is in your way. There will always be those who want to go faster, and so the deference approach will always be useful.
Submitted by brad on Sat, 2009-01-24 17:12.
Since I do so many of my own, you won’t find me blogging about other people’s panoramas very much but this gigapixel shot of the crowd as Obama gives his inaugural speech is well worth exploring full screen. David Bergman’s story of the photo is available.
It was taken with the gigapan imager that I gave a negative review to last month. You can see why I want a better version of this imager. The shot is a great recording of history, as you can see the faces of almost all the dignitaries and high rollers who were there. It has a few stitch errors which would be a lot of work to remove by hand, so I don’t blame the creator for doing just one 5 hour automated pass. When such an imager becomes available for quality DSLRs, the image will be even better — this one faces the limitations of the G10. And due to the long time required to shoot any panorama of this scope, it looks like only some of the crowd are applauding, while others are bored.
I would love to see a shot of the ordinary folks in the far-away crowd too, but he wasn’t in range to get that, and it would have needed a longer lens. A computer might be able to count the faces then, or even tell you their racial mix. The made-the-list area probably has more black faces than ever before, but still a small minority.
A few years in the future, every event will be captured at this resolution, until we start having privacy worries about it.
Submitted by brad on Fri, 2009-01-23 14:51.
In the early days of microprocessors, people selling home computers tried to come up with reasons to have them in the home. The real reason you got one was hobby computing, but the companies wanted to push other purposes. A famous one was use in the kitchen. The computer could story your recipe file, and wonder of wonders, could change the amounts of the ingredients based on how many servings you wanted to make.
This never caught on, but computers have come a long way. But still, I mostly see nonsense applications promoted. For example, boosters of RFID tell us that our fridges will be able to track when things went in the fridge, and when it’s time to buy more milk. We should give up huge amounts of privacy to figure out when to order more milk?
With that track record, I should stay away from the area, but let me propose some interesting approaches in the kitchen.
The cooking area should have a screen, of course. Screens are already in the kitchen to watch TV. While you could (and would) put digital recipes up on the screen, I imagine going further, and having TV cooking shows, where you watch a chef prepare a dish. You would be able to pause, rewind and do everything that digital video does, but the show would also come along with encoded instructions tagged to points in the video. When the recipe calls for cooking for 5 minutes, the computer would start appropriate timers.
The computer should have a speech interface, and a good one, allowing you to call out for timers, and to name ingredients and temperatures. More on that later.
The first thing I would like to see is smart, digital wireless scales in a lot of places. A general one on the counter of course, but quite possibly also built into the rack above the burner which holds the pot. You can get scales built into spoons and scoops now, and they could be bluetooth. read more »