Best Of Blog

Blog postings that have been most popular, or which have said things I really wanted to say. Note, I have not been updating this in the past several years so it does not have recent material.

Standardize computer access in hotels, and vnc everywhere

Hotels are now commonly sporting flat widescreen TVs, usually LCD HDTVs at the 720p resolution, which is 1280 x 720 or similar. Some of these TVs have VGA ports or HDMI (DVI) ports, or they have HDTV analog component video (which is found on some laptops but not too many.) While 720p resolution is not as good as the screens on many laptops, it makes a world of difference on a PDA. As our phone/PDA devices become more like the iPhone, it would be very interesting to see hotels guarantee that their room offers the combination of:

Giving up the unprovable ballot

Yesterday, I wrote about election goals. Today I want to talk about one of the sub-goals, the non-provable ballot, because I am running into more people who argue it should be abandoned in favour of others goals. Indeed, they argue, it has already been abandoned.

As I noted, our primary goal is that voters cast their true desire, independent of outside pressure. If voters can't demonstrate convincingly how they voted (or indeed if it's easy to lie) then they can say one thing to those pressuring them and vote another way without fear of consequences. This is sometimes called "secret ballot" but in fact that consists of two different types of secrecy.

The call to give this up is compelling. We can publish, to everybody, copies of all the ballots cast -- for example, on the net. Thus anybody can add up the ballots and feel convinced the counts are correct, and anybody can look and find their own ballot in the pool and be sure their vote was counted. If only a modest number of random people take the time to find their ballot in the published pool, we can be highly confident that no significant number of ballots have not been counted, nor have they been altered or miscounted. It becomes impossible to steal a ballot box or program a machine not to count a vote. It's still possible to add extra ballots -- such as the classic Chicago dead voters, though with enough checking even this can be noticed by the public if it's done in one place.

The result is a very well verified election, and one the public feels good about. No voter need have any doubt their vote was counted, or that any votes were altered, miscounted, lost or stolen. This concept of "transparency" has much to recommend it.

Further, it is argued, many jurisdictions long ago gave up on unprovable ballots when they allowed vote by mail. The state of Oregon votes entirely by mail, making it trivial to sell your ballot or be pushed into showing it to your spouse. While some jurisdictions only allow limited vote by mail for people who really can't get to the polls, some allow it upon request. In California, up to 40% of voters are taking advantage of this.

Having given up the unprovable ballot, why should we not claim all the advantages the published ballot can give us? Note that the published ballots need not have names on them. One can give voters a receipt that will let them find their true ballot but not let anybody who hasn't seen the receipt look up any individual's vote. So disclosure can still be optional.

The paradox of identity management

Since the dawn of the web, there has been a call for a "single sign-on" facility. The web consists of millions of independently operated web sites, many of which ask users to create "accounts" and sign-on to use the site. This is frustrating to users.

Today the general single sign-on concept has morphed into what is now called "digital identity management" and is considerably more complex. The most recent project of excitement is OpenID which is a standard which allows users to log on using an identifier which can be the URL of an identity service, possibly even one they run themselves.

Many people view OpenID as positive for privacy because of what came before it. The first major single sign-on project was Microsoft Passport which came under criticism both because all your data was managed by a single company and that single company was a fairly notorious monopoly. To counter that, the Liberty Alliance project was brewed by Sun, AOL and many other companies, offering a system not run by any single company. OpenID is simpler and even more distributed.

However, I feel many of the actors in this space are not considering an inherent paradox that surrounds the entire field of identity management. On the surface, privacy-conscious identity management puts control over who gets identity information in the hands of the user. You decide who to give identity info to, and when. Ideally, you can even revoke access, and push for minimal disclosure. Kim Cameron summarized a set of laws of identity outlining many of these principles.

In spite of these laws one of the goals of most identity management systems has been ease of use. And who, on the surface, can argue with ease of use? Managing individual accounts at a thousand web sites is hard. Creating new accounts for every new web site is hard. We want something easier.

The paradox

However, here is the contradiction. If you make something easy to do, it will be done more often. It's hard to see how this can't be true. The easier it is to give somebody ID information, the more often it will be done. And the easier it is to give ID information, the more palatable it is to ask for, or demand it.

Tags: 

Stig's Inferno Final Issue

In the 1980s, my brother Ty Templeton published his first independent comic book series, Stig's Inferno. He went on to considerable fame writing and drawing comics for Marvel, D.C. and many others, including favourite characters like Superman, Batman and Spider-Man, as well as a lot of comics associated with TV shows like The Simpsons and Ren and Stimpy. But he's still at his best doing original stuff.

Topic: 

Replacing the FCC with "don't be spectrum selfish."

Radio technology has advanced greatly in the last several years, and will advance more. When the FCC opened up the small "useless" band where microwave ovens operate to unlicenced use, it generated the greatest period of innovation in the history of radio. As my friend David Reed often points out, radio waves don't interfere with one another out in the ether. Interference only happens at a receiver, usually due to bad design. I'm going to steal several of David's ideas here and agree with him that a powerful agency founded on the idea that we absolutely must prevent interference is a bad idea.

My overly simple summary of a replacement regime is just this, "Don't be selfish." More broadly, this means, "don't use more spectrum than you need," both at the transmitting and receiving end. I think we could replace the FCC with a court that adjudicates problems of alleged interference. This special court would decide which party was being more selfish, and tell them to mend their ways. Unlike past regimes, the part 15 lesson suggests that sometimes it is the receiver who is being more spectrum selfish.

Here are some examples of using more spectrum than you need:

  • Using radio when you could have readily used wires, particularly the internet. This includes mixed mode operations where you need radio at the endpoints, but could have used it just to reach wired nodes that did the long haul over wires.
  • Using any more power than you need to reliably reach your receiver. Endpoints should talk back if they can, over wires or radio, so you know how much power you need to reach them.
  • Using an omni antenna when you could have used a directional one.
  • Using the wrong band -- for example using a band that bounces and goes long distance when you had only short-distance, line of sight needs.
  • Using old technology -- for example not frequency hopping to share spectrum when you could have.
  • Not being dynamic -- if two transmitters who can't otherwise avoid interfering exist, they should figure out how one of them will fairly switch to a different frequency (if hopping isn't enough.)

As noted, some of these rules apply to the receiver, not just the transmitter. If a receiver uses an omni antenna when they could be directional, they will lose a claim of interference unless the transmitter is also being very selfish. If a receiver isn't smart enough to frequency hop, or tell its transmitter what band or power to use, it could lose.

Since some noise is expected not just from smart transmitters, but from the real world and its ancient devices (microwave ovens included) receivers should be expected to tolerate a little interference. If they're hypersensitive to interference and don't have a good reason for it, it's their fault, not necessarily the source's.

How to stop people from putting widescreen TVs in stretch mode

(Note I have a simpler article for those just looking for advice on how to get their Widescreen TV to display properly.)

Very commonly today I see widescreen TVs being installed, both HDTV and normal. Flat panel TVs are a big win in public places since they don't have the bulk and weight of the older ones, so this is no surprise, even in SDTV. And they are usually made widescreen, which is great.

Cell carriers, let us have more than one phone on the same number

Everybody's got old cell phones, which sit in closets. Why don't the wireless carriers let customers cheaply have two or more phones on the same line. That would mean that when a call came in, both phones would ring (and your landlines if you desire) and you could answer in either place. You could make calls from either phone, though not both at the same time.

Can the big web sites save the political system

I've written before about one of the greatest flaws in the modern political system is the immense need of candidates to raise money (largely for TV ads) which makes them beholden to contributors, combined with the enhanced ability incumbents have at raising that money. Talk to any member of congress and they will tell you they start work raising money the day after the election.

Cameras (Canon) -- handle reversion from specialty settings better

My Canon cameras have a variety of ways you can change their settings to certain specialty ones. You can set a manual white balance. You can set an exposure compensation for regular exposures or flash (to make it dimmer or brighter than the camera calculates it should be.) You can change various shooting parameters (saturation etc.) and how the images will be stored (raw or not, large/medium/small etc.) You can of course switch (this time with a physical dial) from manual exposure to various automatic and semi-automatic exposure modes.

Location aware phone to call a local expert

People are always looking for location aware services for their mobile devices, including local info. But frankly the UIs on small mobile devices often are poor. When you are on a cell phone, voice to a smart person is the interface you often want.

So here's a possible location aware service. Let people register as a "local expert" for various coordinates. That's probably folks who live in a neighbourhood or know it very well. They would then, using a presence system on their own phone or computer, declare when they are available to take calls about that location.

On your web page, give a different customer service number that knows I've been to the web site

When you call most companies today, you get a complex "IVR" (menu with speech or touch-tone commands.) In many cases the IVR offers you a variety of customer service functions which can be done far more easily on the web site. And indeed, the prompts usually tell you to visit the web site to do such things.

However, have we all not shouted, "I am already at your damned web site, I would not be calling you to do those things!"

RSS aggregator to pull threads from multiple intertwined blogs

It's common in the blogosphere for bloggers to comment on the posts of other bloggers. Sometimes blogs show trackbacks to let you see those comments with a posting. (I turned this off due to trackback spam.) In some cases we effectively get a thread, as might appear in a message board/email/USENET, but the individual components of the thread are all on the individual blogs.

Better handling of reading news/blogs after being away

I'm back fron Burning Man (and Worldcon), and though we had a decently successful internet connection there this time, you don't want to spend time at Burning Man reading the web. This presents an instance of one of the oldest problems in the "serial" part of the online world, how do you deal with the huge backup of stuff to read from tools that expect you to read regularly.

Anti-Phishing -- warn if I send a password somewhere I've never sent it

There are many proposals out there for tools to stop Phishing. Web sites that display a custom photo you provide. "Pet names" given to web sites so you can confirm you're where you were before.

I think we have a good chunk of one anti-phishing technique already in place with the browser password vaults. Now I don't store my most important passwords (bank, etc.) in my password vault, but I do store most medium importance ones there (accounts at various billing entities etc.) I just use a simple common password for web boards, blogs and other places where the damage from compromise is nil to minimal.

So when I go to such a site, I expect the password vault to fill in the password. If it doesn't, that's a big warning flag for me. And so I can't easily be phished for those sites. Even skilled people can be fooled by clever phishes. For example, a test phish to bankofthevvest.com (Two "v"s intead of a w, looks identical in many fonts) fooled even skilled users who check the SSL lock icon, etc.

The browser should store passwords in the vault, and even the "don't store this" passwords should have a hash stored in the vault unless I really want to turn that off. Then, the browser should detect if I ever type a string into any box which matches the hash of one of my passwords. If my password for bankofthewest is "secretword" and I use it on bankofthewest.com, no problem. "secretword" isn't stored in my password vault, but the hash of it is. If I ever type in "secretword" to any other site at all, I should get an alert. If it really is another site of the bank, I will examine that and confirm to send the password. Hopefully I'll do a good job of examining -- it's still possible I'll be fooled by bankofthevvest.com, but other tricks won't fool me.

The key needs in any system like this is it warns you of a phish, and it rarely gives you a false warning. The latter is hard to do, but this comes decently close. However, since I suspect most people are like me and have a common password we use again and again at "who-cares" sites, we don't want to be warned all the time. The second time we use that password, we'll get a warning, and we need a box to say, "Don't warn me about re-use of this password."

Read on for subtleties...

Switching to popular vote from electoral college

A proposal by a Stanford CS Prof for a means to switch the U.S. Presidential race from electoral college to popular vote is gaining some momentum. In short, the proposal calls for some group of states representing a majority of the electoral college to agree to an inter-state compact that they will vote their electoral votes according to the result of the popular vote.

Remaining neutral on network neutrality -- it's the monopoly, stupid

People ask me about the EFF endorsing some of the network neutrality laws proposed in congress. I, and the EFF are big supporters of an open, neutral end-to-end network design. It's the right way to build the internet, and has given us much of what we have. So why haven't I endorsed coding it into law?

If you've followed closely, you've seen very different opinions from EFF board members. Dave Farber has been one of the biggest (non-business) opponents of the laws. Larry Lessig has been a major supporter. Both smart men with a good understanding of the issues.

I haven't supported the laws personally because I'm very wary of encoding rules of internet operation into law. Just about every other time we've seen this attempted, it's ended badly. And that's even without considering the telephone companies' tremendous experience and success in lobbying and manipulation of the law. They're much, much better at it than any of the other players involved, and their track record is to win. Not every time, but most of it. Remember the past neutrality rules that forced them to resell their copper to CLECs so their could be competition in the DSL space? That ended well, didn't it?

Read on...

End ringtones -- bluetooth "personal vibrator" watch.

No, not the sexual kind of personal vibrator. Today we regularly hear reminders to put phones on vibrate, and they are often ignored. The world is becoming rapidly swamped with loud, deliberately destracting cell phone ringtones. (The ringtones themselves are a business.)

Pages