Submitted by brad on Tue, 2006-05-02 00:03.
Here’s an interesting problem. In the movies we always see scenes where the good guy is fighting the Evil Conspiracy (EvilCon) and he tells them he’s hidden the incriminating evidence with a friend who will release it to the papers if the good guy disappears under mysterious circumstances. Today EvilCon would just quickly mine your social networking platform to find all your friends and shake them down for the evidence.
So here’s the challenge. Design a system so that if you want to escrow some evidence, you can do it quickly, reliably and not too expensively, at a brief stop at an internet terminal while on the run from EvilCon. Assume EvilCon is extremely powerful, like the NSA. Here are some of the challenges:
- You need to be able to pay those who do escrow, as this is risky work. At the same time there must be no way to trace the payment.
- You don’t want the escrow agents to be able to read the data. Instead, you will split the encryption keys among several escrow agents in a way that some subset of them must declare you missing to assemble the key and publish the data.
- You need some way to vet escrow agents to assure they will do their job faithfully, but at the same time you must assume some of them work for EvilCon if there is a large pool.
- They must have some way to check if you are still alive. Regularly searching for you in Google or going to your web site regularly might be traced.
Some thoughts below… read more »
Submitted by brad on Tue, 2006-03-21 00:32.
You may be familiar with Stegonography, the technique for hiding messages in other messages so that not only can the black-hat not read the message, they aren’t even aware it’s there at all. It’s arguably the most secure way to send secret data over an open channel. A classic form of “stego” involves encrypting a message and then hiding it in the low order “noise” bits of a digital photograph. An observer can’t tell the noise from real noise. Only somebody with the key can extract the actual message.
This is great but it has one flaw — the images must be much larger than the hidden text. To get down a significant amount of text, you must download tons of images, which may look suspicious. If your goal is to make a truly hidden path through something like the great firewall of China, not only will it look odd, but you may not have the bandwidth.
Spammers, bless their hearts (how often do you hear that?) have been working hard to develop computer generated text that computers can’t readily tell isn’t real human written text. They do this to bypass the spam filters that are looking for patterns in spam. It’s an arms race.
Can we use these techniques and others, to win another arms race with the national firewalls? I would propose a proxy server which, given the right commands, fetches a desired censored page. It then “encrypts” the page with a cypher that’s a bit more like a code, substituting words for words rather than byte blocks for byte blocks, but doing so under control of a cypher key so only somebody with the key can read it.
Most importantly, the resulting document, while looking like gibberish to a human being, would be structured to look like a plausible innocuous web page to censorware. And while it is rumoured the Chinese have real human beings looking at the pages, even they can’t have enough to track every web fetch.
A plan like this would require lots and lots and lots of free sites to install the special proxy, serving only those in censored countries. Ideally they would only be used on pages known to be blocked, something tools behind the censorware would be measuring and publishing hash tables about.
Of course, there is a risk that the censors would deliberately pretend to join the proxy network to catch people who are using it. And of course with live human beings they could discover use of the network so it would never be risk-free. On the other hand, if use of the proxies were placed in a popular plugin so that so many people used it as to make it impossible to effectively track or punish, it might win the day.
Indeed, one could even make the encrypted pages look like spam, which flows in great volumes in and out of places like China, stegoing the censored web pages in apparent spam!
(Obviously proxying in port 443 is better, but if that became very popular the censors might just limit 443 to a handful of sites that truly need it.)
Submitted by brad on Thu, 2006-03-09 23:23.
George Carlin once proposed a system where people would shoot suction cup darts at cars when they did something annoying, like cutting you off, and if you got too many darts the cops would pull you over. Another friend recently proposed a lot of interest in building some sort of reputation system for cars using computers.
Though Carlin’s was a satire, it actually has merits that it would be hard to match in a computerized system. Sure, we could build a system where if somebody was rude on the road, you could snap a quick photo of their licence plate, or say it into a microphone or cell phone for insertion into a reputation database. But people could also just do this to annoy you. There’s no efficient way to prove you actually were there for the rude event. The photos could do that but it’s too much work to verify them. The darts actually do it, since you could not just stick them on my car when I’m stopped, or I would pull them off before driving.
One problem I want to solve with such a system is the selfish merge. We’ve all seen it — lanes are merging, and the cooperating drivers try to merge early. Then the selfish drivers zoom ahead in the vanishing lane until they get to its end. And always, somebody lets them in. Selfishly zooming up does get you through the jam faster, but at the same time these late mergers are a major contributor to the very jam they are bypassing.
We’ll never stop people from letting in the drivers, and indeed, from time to time innocent drivers get into the free lane because they are not clear on the situation or missed the merge.
…More… read more »
Submitted by brad on Thu, 2006-02-09 00:41.
Yahoo is now entering the context-driven ad field to compete with Adsense, and that’s good for publishers and web authors. I have had great luck with adsense, and it provides serious money for this blog and my other web sites, which is why I have the affiliate link on the right bar encouraging you to join adsense — though I won’t mind the affiliate fee as well, of course.
But I’m trying Yahoo now, and soon MSN will enter the fray. However, it seems to me that no one network will be best for a diverse site. Each network will have different advertisers bidding up certain topic areas. In an efficient market, advertisers would quickly shift to the networks that give them the best performance (cheapest price, most qualified clicks) but in practice this won’t happen very often.
So it would make sense for somebody to build a web site optimizing engine. This engine would automate the task of switching various pages on a site between one network and another, and measuring performance. Over time it would determine which network is performing the best for each page or each section of the site and switch the pages to use the best network. It might run further tests to see how things change.
Such optimizations could take place even during the day. (Yahoo doesn’t have much intraday reporting yet.) For example, Google does better in the morning than it does in the evening. I guess that this is because advertisers have set a daily budget, and more of them hit their budget as the day goes on. My CPMs usually start high and then sink in the later hours. It might make sense to switch from Google to Yahoo as the CPM drops. However, Yahoo’s advertisers will have their own budget limits so this may not help.
Another interesting optimization might be to present different ads depending on whether the user came in from the associated search engine. Theory: If the user searched for “copyright” on Google to come to my copyright myths page the chances are they already saw a lot of copyright related adwords ads. Might make more sense to show a different set of ads from another network. Likewise if they came in from Yahoo, might be best to show the Google ads. If they come in from elsewhere, use the best performing network. This would be generated live, based on the Referer field. Hard to say if the search engines would like it or not
Submitted by brad on Wed, 2006-01-18 18:28.
How often does it happen? There’s an important idea or action which is controversial. The bravest come out in support of it early, but others are wary. Will support for this idea hurt them in other circles? Is the idea against the “party line” of some group they belong to, even though a sizeable number of the group actually support it? How can you tell.
What the world needs is a way that people can register their support for something anonymously and learn how many other members of their group also secretly support it — but not who. However, once the support reaches a certain threshold, their support would become public. And not just public, but an actual binding committment to the support.
For example, Republicans may oppose the war, or the wiretapping, but are afraid to say so, even among their closer associates. What if really a lot of people feel that way, but nobody speaks up?
Now, obviously, you can do this with a trusted web site where people register and then can vote on issues. But you have to really, really trust the web site, because some of the positions such a system is designed to record are ones that could get you branded a traitor to the group. For issues like war, no web site could be trusted.
So can it be done cryptographically? Is there a way to do this in a public space? I think that with the use of things like Chaum’s blinding algorithms, and fragmented keys (So that a secret message can be decoded in the presence of N of M key fragments, but no fewer than N) it would be possible to create a club, give everybody fragments of everybody else’s key for a given message, and thus arrange that only after at least N votes of support arrive, everybody can decrypt the identities of the supporters. But it’s a bit messy, and might require new generation of keys for every question and various other complex logistics.
There is a particular danger as well. Opponents of a proposition might well pretend to be supporters, in order to bump the support number above the threshold and reveal who the “traitors” are. The opponents would make sure to record that their support was fake in some notarized location so they can renounce it when the names are revealed.
As such, in a governing body, it would be necessary to make the measures of support non-repudiable, which is to say they would be binding votes.
Say you wanted to have a vote to legalize gay marriage. There might be lawmakers who would support it, but could not do so publicly while it’s likely to lose. However, once it is assured to pass, they would accept making their support public — as is necessary in an open legislature. People would see the tally go up, and once it hit a majority the vote would pass. This stops people from pretending to support something just to unmask the real supporters.
Of course none of this prevents regular open support or opposition on things. Would the temporary secrecy cause risks due to some temporarily reduced transparency? And of course on failed propositions, the transparency would be permanent. (Or perhaps permanent until the person leaves office or dies or whatever.) Would it be good or bad that we knew that 30% of the house would vote to ban abortion if they could win, without knowing who they were?
Submitted by brad on Sat, 2006-01-14 15:29.
Can giant companies, especially monopolies, ever get it right? Listen to this litany of the efforts to move my phone service, and get DSL.
- SBC offers rebate of the $35 install fee if you order your service transfer online. Great.
- First attempts to do it fail. When it says I can’t do this, it gives me an 800 number to dial to make the trasnfer. Number asks me which state I am in, and offers a choice of Texas, Oklahoma and a few other Southern states. Press 0, eventually get to agent who says, “You’re in California, I can’t help you.”
- Try to call California customer service. Long IVR and long wait. Have no idea who to ask to fix web problem.
- Email online customer service. A few days later I get a canned meaningles response, as is so common with online customer service these days.
- Notice there is a $100 gift card offer if you sign up for DSL online. That’s great, since at the 6 month promo price, you can effectively get DSL free for 6 months if you want it.
- Promo notice says terms of $100 gift card can be found at www.sbc.com/polarexpress. This URL just redirects to the AT&T home page. Mucked up in the merge. Nobody knows who to tell to ask to fix it. Did email customer service, never heard back. Nobody at the live agent desk knows the terms of the online promotion of course.
- Phone customer service says they can take my order, but will charge me $35. I should have accepted that then and there!
- Instead I try online transfer again. Now it lets me in. But it can’t find “23rd avenue” in their database. I try many permutations
- Eventually call agent again. Long, long wait again. Agent says, “Oh, we spell it ‘23D avenue’” — gee, that’s obvious.
- Yes, I order the transfer to address on 23D avenue. That works. It asks if I want DSL too.
- Note that while I am moving the phone, I am not changing the billing address which was always a different location. I have to re-enter my billing address.
- I order DSL. It asks for new phone number and account code. It says order is taken, but account code was incorrect. I’m presuming that’s because there’s a new phone number. Says somebody will contact me in 48 hours to verify account code.
- No sign of DSL order. I phone. They say no sign of order, and can’t place order on phone number yet to be installed. I phone again, they confirm account code is the same for me with the new number as with the old.
- Still no sign of DSL order. Promoted to smarter agent. Smarter agent says DSL order was “dropped” due to some problem, possibly not being able to find new target address. (Though it says 23D on the order.) Can’t place order. Old number at the location does not match the address. Some other disconnected number is also ringing the phone at the new location!
- Transfer to yet smarter agent. 10 minute wait. I explain I want the gift card, but deadline for ordering is the 15th. Other agents have now said I can’t order until I get dial tone, which is the 18th.
- Smarter agent says she can place the order for me even though there is no dial tone. However, won’t get $100 gift card. Puts note in file about how order was dropped due to their error so if I am crazy enough, I can call to try and get it.
- In theory order is now in place, but for another week after I get dial tone. So no DSL for a while.
Who knows how many hours of time wasted in all this? I would not have SBC at all if not for the fact you must get SBC voice to get DSL at a good price, and it is a good backup if you do have a VoIP failure in any event.
Submitted by brad on Tue, 2005-12-27 23:50.
I was visiting a senior citizen today who rarely leaves her house due to lack of mobility. Like many her age, she is not connected to the net, nor interested in it. Which makes the following idea a challenge.
Could we design a really engaging game/online community for seniors? Especially those who have had to give up much of their old community because of infirmity? They don’t want to slay monsters like in Evercrack or Warcraft. They won’t build objects like in Second Life.
It must be a killer app — so compelling that they are willing to learn a bit about computers in order to get it. For some seniors, they killer app has been emails and photos from grandchildren.
The game would have to be aimed at the fantasies that seniors have, and it must also be deliberately aimed at the computer novice with less desire to learn new technology than average. (Not that there aren’t seniors with full ability to learn new tech — many of them are already online.)
Thus it would not necessarily require the hottest new graphics cards or fastest net connection. It might try to avoid typing or require fast reaction times. It might use audio for socializing, and focus on the topics most dear to these players. (I jokingly wonder if avatars should be surrounded by pictures of grandkids.) Obviously research is needed to see what they want to play about, and how to deliver it.
There are also questions of levels of ability. Some people become mentally infirm with age and their skills and desires are limited. But is there nothing in the way of interactive community entertainment we can offer them?
Submitted by brad on Tue, 2005-08-16 11:52.
One of the scourages of urban areas is the requirement (I presume) that heavy equipment make a loud beeping noise when it’s backing up. It’s meant to warn anybody standing behind the vehicle, presumably because the driver doesn’t have the same field of vision to see you, and because people are more wary of standing in front of a moving vehicle than behind it.
As such, as we all know, the sound is really piercing. And more to the point, it travels, often for miles. It’s a major noise pollution anywhere near any work site. I presume part of the problem as well is workers wearing hearing protection need it even louder.
So my challege is, can we do a better job? Can we make an attention getting sound that is more directional (aimed backwards, and perhaps down from the top of the vehicle) so it won’t travel as far or distract people not behind the machine?
Can we standardize rear-view cameras, which are so cheap now, so that the operator’s view of what’s behind is top notch?
Can we combine a quieter sound with really bright, moving lights, the kind you would see on the ground if your back were to the beeping machine? Could we blow air with high pressure streams or those long-distance vortexes like the AirZooka makes, or would this be too much of a problem with dust (or in wind?)
Can we have object detectors that spot objects in to the rear of the machine and make the beeps louder when there is something? (Admittedly they are going to go off for a wall or wheelbarrow as much as a guy, and they have to be really reliable because people would start depending on them to know how much caution to use.) Perhaps they can detect that everything they have seen has left the area and reduce the beeping, because if there is one person behind the truck, that assures you somebody is watching and will move anybody who doesn’t see the lights or hear the beeping.
I solicit other ideas to safely warn people about moving equipment that don’t ruin the peace.
Update: I received information from a firm called Brigade which claims to have an answer. They use white-noise alarms. They claim they are easier for us to echolocate than less natural pure-tone sounds, and I agree that they disperse into the environment more quickly so they won’t travel. The piercing alarm has been chosen in the past as it is un-natural and thus stands out more from background, but that means it travels further. Natural sounds fade from notice more quickly but possibly are just as recognizable close up.
Submitted by brad on Mon, 2005-08-01 12:06.
Mapping programs, and fancy GPSs come with map databases that will, among other things, plot routes for you and estimate the time to travel them. That’s great, but they are often wrong in a number of ways. Sometimes the streets are wrong (missing, really just a trail, etc.) and they just do a rough estimation of travel time.
Yet all the information is there, being collected constantly by every car that drives the roads with a GPS. Aggregating this data will tell you what roads are real, what roads might be missing, which are one-way, where freeway entrances and exists really are.
And it will also tell you real-world speed examples at various times and dates, at rush hour or otherwise. Even a range of speeds so you can know the speeds for faster and slower drivers and get a really good estimate of your own likely speed on a given road at a given time. After removing the anomalies (like people stopping for coffee) of course.
Rental cars with GPSs are collecting this all the time (sometimes to nefarious uses, like charging whopping fees for brief trips out of state). Technically this data can be had.
But here’s the bad part — there is a potential for giant privacy troubles unless this is done very well, and some may be impossible to do without a privacy risk. After all, until you upload the data, there is clearly a log of your travels sitting there to be used against you. Only a system with rapid upload (and which discards data that gets old, even if it’s not uploaded) would not create a large risk of something coming back to haunt you.
The data would have to be anonymized, of course, and that’s harder than it sounds. After all, your GPS logs say a lot about you even without your name. Most would identify where you live, though that can be mitigated by breaking them up into anonymized fragments to a degree. Likewise they’ll identify where you work or shop or who you visit, all of which could be traced back to you.
So here’s the Solve This aspect of this problem. Getting good data would be really handy. So how do we do it without creating a surveillance nightmare?
Submitted by brad on Thu, 2005-06-23 17:49.
Well, the Supreme Court ruled today that expropriation for private development can still be legal if the town council seems to think there’s a public benefit. It’s a terrible decision, with strange logic, and strange votes from the judges, but you will probably read many other articles about that today. What I want to figure is, given this ruling, what can we do to make it better?
What we will see happening is a land developer coming to the city with a plan to demolish a redevelop a block in a way that they claim will be good for the city — perhaps bringing in tourists, jobs, business, whatever. Of course the deal is very good for the land developer, or they would not be drafting it.
I suggest we make it less sweet for the developer in such cases and give some of that sweetness to the expropriation victims. Today they get a “fair market value” for their property (that part of the 5th amendment wasn’t shredded) but I say, if the expropriation is for private use, let’s give them more.
First, start by paying them this fair market value at the date of expropriation, as we do now.
Then, after the deal is complete (with some time limits and other good constraints) we want to determine just how much “value” came from aggregating the properties. Right now this value goes to the developer. We’re going to give most or all of it to the expropriated folks. So we come up with a value for the amalgamated property. (More below on how to do that.) This pre-opening profit would go, all or most of it, to the landowners. The developer keeps any further appreciation of the property as they operate it — they need an upside too, of course.
More ideas follow… read more »
Submitted by brad on Fri, 2005-06-10 14:59.
Here’s an entry in my new “solve this” cateogry, which asks for reader input on solving problems.
When flying on a very full flight yesterday, we had an example of what my approach for faster airplane loading would have helped with. But until we get that, are there other solutions?
On the full flight, passengers would stand in the aisle trying to store their bags. With the compartments full they took a long time doing it, sometimes found themselves unable to. This blocked the loading and even though we started boarding 30 minutes before the flight, we were not finished by departure time. The flight attendants were on the PA every few minutes telling people not to stand in the aisle, to instead step into the row and let people pass, but very few paid attention to it. We don’t seem inclined to do this, and not just because we are desperate for storage space. (I’m one of the desperate, I carry on fragiles like camera gear that I refuse to let them throw around.) We just don’t believe that our own efforts will slow things much, and we also believe it will take “just a few more seconds” to get the bag in right.
… read more »
Submitted by brad on Tue, 2004-05-04 16:12.
I wrote some time ago of how I would like a car's MP3 player/computer to have 802.11, so that when it parks in my driveway, it notices it is home and syncs up new data and music.
That would be great, of course, but it seems there should be other things you would do with it. Networking with the car next to you on the road seems like a cool idea but I'm having trouble dreaming up applications. Listening to the music in the next car seems cute but probably would be boring after a while. Being able to talk to the driver of the next car seems like a nice social game (and it hardly needs 802.11) and might just result in road-rage.
If common, I could see it for dating, since people seem to attach a strong romantic image to making eye contact with an attractive person in another car. There was even a dating service I read about long ago which gave you bumper stickers so you could contact somebody if you felt sparks. The personals have a section for this.
You might be able to create longer mesh networks, to share traffic info or the sort of things you used to share on CB if there are enough cars, but this would be highly unreliable, and any application here might be better served by broadcast data that goes over longer ranges. (We are already seeing broadcast traffic data services, though they will never warn about speed traps, I suspect.)
And of course, if you can connect back to the internet that's highly useful, but again this would be highly intermittent connectivity. 802.11 isn't really set up for short-burst connectivity though one could create a protocol that was, good enough to fetch live audio etc. But this ends up being just another microcell network -- what can we get car to car?
So -- all sorts of cute little applications but nothing really compelling in my view. But since we will get wireless networking in our cars for the carport sync, I invite readers to dream up some apps.