Live from Austin!

Breakfast with a squirrel. Experimenting with the new MPEG-4 camcorder.

It has taken a long time and lots of nuts, but today it finally happened: our local alpha squirrel, Black Tip, took a peanut out of my fingers.

I’m wondering if the other squirrels watching him have the intellectual capacity to reason that they can do it too, or whether I’ll need to train them separately.

Turner County High School in Ashburn, Georgia had its first racially integrated prom—on Saturday.

That’s last Saturday. As in, 2007.

But there was still a separate whites-only prom. Baby steps, I guess.

Scientific American, February:

Money is an incentive to work hard, but it also promotes selfish behavior. Those conclusions may not be surprising, but psychologists at the University of Minnesota recently found that merely thinking of money makes people less likely to give help to others.

The researchers got people to think about money by showing them words related to money, having them handle play money, or revealing a poster with pictures of money on it. They then got the subjects to perform tasks which had nothing to do with money, but assessed social behavior. The result: people who think about money are less helpful and also less likely to seek help from others.

Science, November 17. [Link]

We now have 3 female squirrels visiting us who are either pregnant or nursing. Today one was feeding when a second turned up with two young squirrels in tow. The latecomer was chased off, and the youngsters proceeded to spend most of the rest of the afternoon playing in the treetops.

I seem to have started an interspecies conflict, however. One of the doves has worked out that there’s often sunflower seed to be had on the rear deck. On Friday I saw a squirrel being chased along the fence by an angry dove.

I’m going to have to come up with some kind of seed dispenser that’s dove-proof but not squirrel-proof. Maybe a plastic container with some smallish holes in, attached to the mat with some wire.

Buster has also returned. I’m going to try to get a good photo.

A few years ago the UK police carried out Operation Ore. It was a major operation targeting online child pornography. Some 7,272 British residents were added to a police database of people who paid to view child porn online. 4,283 homes were searched, 3,744 people were arrested, 1,451 were convicted. It was a major blow against pedophiles.

Or at least, that was the theory.

The US had a similar operation, Operation Avalanche. They assembled 35,000 entries in their database. Curiously, though, they only charged 100. If the US police could only justify prosecuting less than 1% of their suspects, how could the UK police be arresting more than half of theirs?

The answer is that many of the UK cases are based entirely on use of credit cards to sign up for suspected child porn web sites. Unfortunately, many of the credit cards were stolen. Oh, and many of the web sites contained only legal material. Minor details to the UK police.

The problem comes from the fact that many small porn sites use online transaction processors to handle their credit card transactions, rather than setting up their own merchant accounts. In particular, a company called Landslide in Texas provided credit card subscription services to a large network of affiliate porn sites.

It’s estimated that up to half the money Landslide collected actually ended up in the hands of a ring of Indonesian credit card scammers operating the familiar “small charge” fraud. Also (ab)using the service was a Brazilian hacker who “signed up” more than 3,000 stolen credit card numbers.

Before long, Landslide found itself on the receiving end of thousands of chargebacks from irate credit card owners. The company went bankrupt. Clearly the owner had been a victim of fraud just as the credit card holders had. That wasn’t a good enough excuse for federal prosecutors, though; he ended up in federal prison serving a 180 year sentence.

Meanwhile, UK police were swooping on houses, smashing down doors, seizing computer equipment, and arresting thousands of people on the basis that their credit card numbers had been found on Landslide’s hard drives. Never mind the massive amount of fraud that had pulled Landslide under; never mind whether the affiliate site the credit card holder had supposedly paid to see was legal or not. The police reasoning was apparently: At least one affiliate site held child porn; Landslide membership theoretically allowed users access to all the affiliate sites; John Doe’s credit card was used to sign up via Landslide; therefore John Doe signed up to view child porn.

The problem with the hysteria around child pornography and pedophilia is that if you’re accused, your life can be ruined even if you’re innocent. Plenty of employers will fire anyone as soon as they’re accused. The alleged pedophile finds himself jobless, with all his computer equipment seized by police, who have no obligation ever to return it.

For example, consider the case of naval officer Commodore David White. He was suspended from the navy, who feared that the case would hit the newspapers. It did anyway, but not in the way they expected—the commodore committed suicide by drowning. It turned out that he was totally innocent.

So far, 39 people have committed suicide as a definite result of Operation Ore. The true number may be higher, as not everyone leaves a suicide note. Maybe a few of the dead were guilty, but I’d place bets that the majority were innocent.

A web site has been set up covering the unraveling of Operation Ore. The police must realize things are starting to look bad for them, as they have apparently pressured Google to remove the site from searches. Another web site has information about the forensic investigation of Landslide’s computers. Journalist Duncan Campbell has been acting as an expert witness in some of the defence cases, and has written about Operation Ore in The Guardian. A recent Slashdot article has some first hand experience in the comments.

Update 2007-04-26: More from the Guardian and from Ross Anderson.

From AP via Slashdot and Yahoo:

A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network.

In the first public account revealing details about the intrusion and the government’s hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software.

Consumers using the same software remained vulnerable until months afterward.

Donald R. Reid, the senior security coordinator for the Bureau of Diplomatic Security, also confirmed that a limited amount of U.S. government data was stolen by the hackers until tripwires severed all the State Department’s Internet connections throughout eastern Asia. The shut-off left U.S. government offices without Internet access in the tense weeks preceding missile tests by North Korea.

Awesome. Meanwhile, Microsoft lobbyists successfully killed a bill in Florida that would have opened the path for official use of OpenDocument standards instead of proprietary Microsoft Word documents.

I got tags working via a plugin.

Since I was messing with the site anyway, I hacked together some Ruby code to pull all the content out of the database and perform automatic keyword extraction via naïve bayesian analysis.

It spat out a file of SQL commands, consisting of the subject of each posting and the first line of text (in comments), followed by the commands to add the tags. I ran through the file in vim deleting here and adding there, then executed the result. So now pretty much everything should be tagged, right back to the start. How cool is that?

As you have probably noticed, I’ve just gone through a major software migration for my web site.

I was using typo. It was OK, but had a few problems. While its web site describes it as “lean”, that isn’t really the reality. It also relied on a combination of Apache, LigHTTPd and FastCGI that tended to break down without explanation.

The biggest reason for change, though, was that typo’s authors’ idea of what was important functionality was diverging from mine. The wakeup call was when someone spent a bunch of time replacing the regular page templates with templates written in HAML.

For those lucky enough not to know, HAML is a stupid and inexplicably trendy idea in the Rails community, comparable to LiveJournal’s S2 style system. Basically, instead of creating your page templates in HTML and CSS, which everyone can understand and for which there are a zillion useful tools, you instead write program code in a whole new language which has minimal documentation. The program then generates the HTML and CSS.

Of course, this destroys the entire point of template systems, which is to separate code from presentation and make the presentation layer editable by non-programmers using common tools.

I wouldn’t have minded the HAML idiocy so much if it wasn’t for the fact that typo still lacked support for things as basic as user authentication for commenting. So I looked at other web content management software… and looked… and looked.

I tried Blojsom. Supposedly it’s what Apple uses. If so, I hope they’ve done a lot of work on their version, as it’s a major PITA to set up, and very complicated even when you get it working.

In the end, though, I knew the main feature I wanted: OpenID support. Hence, I found myself reluctantly herded towards Wordpress, which has a working OpenID plugin. (Or at least, it works for my OpenID account when I test it. I don’t think it has XRI support, though.)

I did entertain the idea of writing my own CMS. I even sketched out some design notes. But it really is a solved problem, I just didn’t like the technologies used to solve it.

Let’s be blunt about this: I hate PHP, and I hate MySQL. PHP is the Visual BASIC of web programming languages, a mess which grew with no planning out of a quick hack, a kitchen sink language known for its amenability to security holes. MySQL is a toy database, popular because it’s fast, fast because by default it doesn’t actually provide the basic ACID functions a database is supposed to provide. (Sure, you can turn those on, but once you do, today’s PostgreSQL is faster under non-trivial load.)

But I don’t believe in religion, especially not when it comes to software. I’m a strict pragmatist–whatever it takes to get the job done, even if it may offend a few aesthetic sensibilities and fall far short of perfection.

I spend most of my time at work developing using IBM Lotus Notes and Domino. Every time Notes is mentioned on Slashdot, a bunch of people will rant about how bad its UI is. They miss the point utterly. Believe me, the poor UI of Notes is only the most glaringly obvious defect it has; there are far worse problems underneath that the average end user is blissfully unaware of. But you know what? It works. It is sufficient. It lets you build groupware applications and dynamic web sites with fine-grained security in days, not weeks. That is why people use it. The only other tool I’ve found which comes close is Ruby on Rails, and that’s still too immature for me to want to use it on production systems. (That, and it’s surrounded by a community of people who think things like HAML are a good idea.)

So, here we are. I’m editing this in a nice AJAX WYSIWYG editor with spelling checker (an idea shot down by the typo developers), and you should be able to log in with OpenID to comment (an idea the typo developers seem utterly uninterested in).

It took most of Saturday hacking with Ruby, PostgreSQL and MySQL, but I believe I’ve managed to transfer not just all my data, but all your comments too. I think I’ve even managed to keep all the permalinks the same, and preserve all the timestamps. I’ve temporarily lost the tags functionality, but should be able to get it back with another plugin. Hopefully Wordpress will prove more reliable than Typo, and hopefully the OpenID stuff will interoperate correctly with LiveJournal. If not, pray that I inexplicably become independently wealthy and have the time to write something that does the job properly.

Lawrence Dennis was, arguably, the brains behind American fascism. He attended the Nuremberg rallies, had a personal audience with Mussolini, and met Nazi leaders; throughout the 1930s he provided the intellectual ballast for America’s bourgeoning pro-fascist movement. But though his work was well known and well appreciated by the intelligentsia and political elites on both sides of the Atlantic, there was one crucial fact about him that has never emerged until now: he was black.

Full story in The Guardian.