The Windkey and the Lamplighter

I could’ve had a space calendar with Emily Lakdawalla (of the
Planetary Society)’s Year in Pictures from 2006. If you don’t
have a calendar, you could have one!

I bought my car, a 2001 Outback, in May 2006 after my Toyota Corolla
got crushed by an SUV. I didn’t do a lot of shopping around among
dealerships—I looked at Craigslist, but I picked CitySide Subaru
because they were the closest dealership to me.

This is not a good way to pick a dealership.

I made some mistakes in not noticing things about the car—a tear in
the seat, scratches on the back windshield—but as those were all
minor things, I wasn’t worried about it. After all, the dealer said
they did a 100 point service inspection, including checking all the
fluid lines. What’s to worry about?

Apparently, a lot. The headlights burned out (shorted out?) the first
day I drove the car to work. That was merely annoying, since the
dealer’s service department fixed them promptly and for free.
But, only a couple months later, the car overheated while I was
driving through Harvard Square, and started overheating frequently.
The dealer replaced a thermocouple and gave it back, for like $200.
That did seem to fix the issue, at least temporarily.

Next, though, the power steering fluid started leaking. Power
steering fluid isn’t something I check very often, so I was totally
out before I realized something was wrong. No fun. But it was just a
leak in the lines… yes, the lines the dealer said they checked in
that 100 point inspection. Yargh. $300 to Local Mechanic (who seemed
competent) as by this point I’m quite upset by CitySide’s apparent
lies about the pre-sale inspection.

Between when I discovered the power steering fluid problem and when I
got it fixed, the car started overheating again. Great, so now I’m
carrying around power steering fluid and radiator fluid. Local
Mechanic can’t find the problem, but it’s magically cured for a couple
days after he replaced the power steering lines. Okay, I’m fine with
magical symbiotic car systems, as long as it works.
But it stops working shortly after, and I’m rapidly to the point where
it not only overheats every time I drive to or from work and get stuck
at a long light, it overheats while I’m just driving along. The day I
took it to the new dealership, it overheated three times in 10 miles.

Enter Village Subaru. I called them on a recommendation from a
coworker, who said she’d had her oil changed there and they were nice
and didn’t get anything obviously wrong. They got the car in that day,
and as soon as I described the problem to the guy at the desk, he said
"Hrm, sounds like the head gasket, but we’ll check it out and call
you." By the time they’d called me, they’d not only already fixed the
head gasket, they’d also replaced the corroded terminal on my battery.
They also found the recall that covered the cost of replacing the head
gasket if radiator fluid were leaking (which it was), so my total cost
was $14. Yes, $14, for the aforementioned battery terminal. I
was thrilled, and will be taking the car back to them for oil changes
and when I actually do need the timing belt replaced. They made me
stop hating my car and regretting that I didn’t get a Toyota.

Thank you, Village Subaru

How many dead languages do you know? Well enough to understand when
spoken? Well enough to speak? Can you start a fire? Have you skills
which would be in demand in Imperial Rome, or Medieval France?

I think this thought train was set in motion by a book of Latin
phrases suitable for modern use, which I received yesterday. That got
me thinking about the [Latin for Americans][] books I got a couple
years ago—I’ve hardly started working with them. For that matter,
my French is rusted to pieces, my Spanish was never any good, and I
have no idea how to parse Chinese, Japanese, or Hindi—written,
spoken, or beaten-with-the-book-over-the-head makes no difference.

This seems like a poor state of affairs—there are so many people I
can’t talk to!

But, anyway, the result of my imagined trip to Imperial Rome

Roman Guard, in Latin: Hey! Tall woman inappropriately dressed for
the climate! What are you doing here?

Me: Brittania est insula.

Roman Guard, still in Latin: Apparently, giving geography
lessons. Where are you going?

Me: Roma est in Italia. Italia est peninsula.

Roman Guard, frustrated: I know Rome is in Italy. I’m a Roman.
And stop with the geography. Okay, you’re a badly-dressed Briton
barbarian, headed for Rome. What are you going to do in Rome?

Me: Agricola est.

Roman Guard: Aha! You got hit in the head with farm equipment.

Me: Alumna est.

Roman Guard: And now you’re going to be a student?

Me, frustrated: mea culpa, non est miles.

Roman Guard: Guilty of what? And I am so a soldier! I’m going to
have to take you downtown.

And, that, I think, would be how I ended up in jail my first day in Rome.

It hasn’t stopped raining in Cambridge, though it’s starting to get
cold. But more than wanting snow, I would love if it would clear up
long enough to see [Comet McNaught][]. SkyTonight says I missed
my chance—it’s now going to be visible in the southern hemisphere,
but Friday was the last good day to see it in the north. So, because
of El Nino, or global warming, or just bad Boston weather, I will not
get to see the brightest comet to appear in my lifetime.
(SpaceWeather.com says "At magnitude -4 to -5, McNaught
is the brightest comet since Ikeya-Seki in 1965.")

So, it doesn’t matter if the weather wil clear up on Wednesday,
there won’t be anything to see. I will have to watch it through the
Solar Heliospheric Observatory (SOHO). It’s the big bright thing
that’s whiting out the detector in the left image. The right one shows
where it will be on various days.

In a comment on my previous post,
csoandy writes:

The question is actually a good philosophical problem, and you’ve
run into the Voltaire argument (the perfect is the enemy of the
good). Many opponents of DRM (justly) reference arguments based on
the malice of the rights-holders. Assume that rights holders were
reasonable people, and attempted to provide a full set of legitimate
uses, and had a non-perfect DRM system that allowed those uses.

So they’ll accept the error rate on their side? That is, it’ll let me
do anything I want that actually is legal, and a few things that
aren’t. But it’ll stop a number of illegal things.

No such system can be built.

Warning: Theory

A DRM system is a theorem-prover. It accepts as input some program P,
and tries to prove theorems of the form "P will perform no illegal
operations." When I say "Program" here, don’t envision mplayer,
Handbrake, or Emacs as such, but one of those together with a sequence
of user input—the program-in-practice. Such systems must be either
incomplete or inconsistent. If the DRM system is incomplete, we’re in
the state I was talking about—some true theorems can’t be proven in
this logic, so some legal programs can’t be run. If the DRM system is
inconsistent, we’re in the case you’re talking about: a few untrue
statements can be proven.

But since this is a complete logic, it contains ∀ A,B. A^~A
→ B.
That is, from any contradiction we can prove anything at all. In
other words, if a DRM system lets through 1% of the illegal cases
and all of the legal cases, it’s possible to construct any illegal
activity from the result. A DRM system in a digital, general-purpose
computing environment can’t have a 1% false-admission rate: it can
have 0, or 100%. One bad guy getting out a clean copy and the whole
DRM regime is screwed. Even with watermarking schemes, which attempt
to meet the goals you describe much more than the interoperability-DRM
used in FairPlay and HDCP, one unmarked copy is all it takes to
locally collapse the regime.

And since this is a general-purpose computing environment, the process
of scrubbing watermarks can be automated. Now you have a class break.
That is, any DRM system with a slight failure rate in favor of the bad
guys lets the bad guys get away with anything they want. DRM
designers can either restrict user functionality and inconvenience
legitimate users, with no real way to cut down on the latter, or else
serve no purpose in preventing illegal copies.

Theory’s over

As an example of the last: consider Apple’s FairPlay. I won’t buy
From the iTunes music store because it imposes too many inconveniences
on me, coordinating my legal music sharing with Kat. I did until they
tightened restrictions; now I won’t. Their billions of dollars of
investment haven’t fixed that because they can’t: they do nothing to
prevent copying, since all those songs hit the darknet anyway, but
still manage to inconvenience users enough to lose customers!

I’m working on an explanation of that targeted to laymen. One point
I’m not sure how to cover is the jump from "possible" to "easy"—it
happens that for this sort of case, it is easy to construct any
illegal copying from the result, but my previous toying with this idea
has met complaints that I’m only saying "possible." Ah well, I’ll
wave my hands harder.

The question now is whether a given person’s opposition is
ideological - DRM is evil, and they’ll just object - or practical -
the DRM won’t work right, so shouldn’t be used. It’s worth noting
that your argument - that DRM can’t perfectly protect the rights -
is actually an invalid argument from the current opposition
viewpoint. If a rightsholder chooses to use DRM that provides 99%
of the protection they want, and are willing to accept the 1% theft
risk, that’s their worry, not the consumer’s worry. The consumer’s
worry is when the rightsholder employs DRM that doesn’t provide
adequate protection, and sacrifices consumer rights to do so.

I agree that their acceptance of the 1% theft risk is their
worry—but I feel it only fair to warn them that they’re going to end
up with a 100% theft risk. DRM works well in cases where class breaks
are not helpful—like cell phones tied to networks, or iPods to
iTunes. It works very poorly in cases where class and metaclass
breaks are easy: once one MP3 of a song is leaked, that’s it, it’s out
in the open. Once the CSS-decryption process is automated, all
CSS-protected movies are out in the open.

The consumer isn’t actually worried about the DRM providing adequate
protection, I think: he is worried about inconvenience, cost, and yes,
a loss of his rights to manipulate purchased media. No DRM system can
avoid these practical concerns: they’re always going to be spending a
noticeable chunk of CPU time on crypto (cost), they’re always going to
involve more hoops and more device incompatibility (inconvenience,
cost), they’re always going to make systems more fragile (what happens
to my AAC backups when Apple goes under?), and they’re always going to
prevent some legitimate uses—consider what happens when a copyright
holder buys a copy of his own media, protected by some DRM scheme. He
can do anything he wants with it, legally—but the DRM scheme is
unlikely to permit this.

And for all that, they’re never going to provide protection firm
enough to keep content under wraps. DRM schemes are great for
corporate environments, preventing anyone but PR from sending mail
with certain content outside the company. They’re great for device
lock-in—the Torx of the digital world. But they’re no more useful
for copy control than GnuPG is useful for general mail security.

The New York Times has a story today on cheerleaders in upstate
NY. In response to a complaint from the parent of a female basketball
player, the US Department of Education ruled that the cheerleaders
must support boys’ and girls’ teams equally.

So the cheerleaders now go only to home games, of both boys’ and
girls’ teams. They miss out on meeting rival squads at home or away
games, and (I imagine) the home team advantage is that much more
advantageous.

This can’t possibly be the spirit in which Title IX was intended.
There are much more egregious violations of that spirit, to be
sure—cancelling low-profile mens’ sports, for example—but no
solution that makes the girls (who didn’t request cheerleaders) just
as unhappy as the boys (who were used to having them) can’t be right.

A clue to what might be going on came in the second page of the
article, in a quote from an athletic director:
"It’s probably hardest on some of the parents… all of a sudden
they’re at a game, and there are no cheerleaders."

Hrm… it’s hardest on the parents? So even if the female players are
distracted by the cheers, the cheerleaders are quitting, and the boys
miss having cheerleaders at their games, it’s okay. The parents
of the girls’ team feel like they’re getting equal treatment.

Can I say again how much I am bothered by this kind of
helicopter/stage parenting? Get over yourselves, people. Your child’s
basketball game, or spelling bee victory, or college admissions, or
first job are not about you. It’s about them. You can be proud, and
happy for them, but if you can’t realize it’s not about you, you should get out
of the way.

My weekly [Burning Empires][] group has been having difficulty with some
of the mechanics. Some are not well-written as technical
specifications. No matter how much fun they are to read, they’re
difficult to apply. Some just take a very long time—we’re
considering ways to shorten the application of these. But one has
caused problems all on its own: the Duel of Wits, Burning Empire’s
social conflict mechanic. The Duel of Wits was inherited from Burning
Wheel with minimal changes, so you might understand it as well from
there.

This has led me to comparison between several games mechanics for
resolving social conflicts. They can be classified on several
principles:

• Why is the mechanic here? Is it to force an end to player
  conflicts, or to simulate convincing characters?

• What is the conclusion? Does it let one player edit another’s
  character sheet? Let one character influence another? Provide
  incentives and influence? Commit players to binding deals?

• By what means does it operate, combining randomness, character
  skill, player skill, and player desire?

• How broadly are they available? Is this just something for
  dedicated preachers and diplomats, or a common mechanic?

Burning Empires and Burning Wheel

The Duel of Wits is a core mechanic of the game: the easiest way to
extend a conflict beyond a single roll. It appears to be there
because the author, Luke Crane, had problems with on-running arguments
in his group. Now one player can demand another engage in the Duel of
Wits or drop the argument. At the beginning, players name forfeits
from the other side. At the end, they agree on a compromise between
those forfeits based on the result of the die rolls. To cut down on
randomness and provide some room for player skill, there’s a
RPS-derived mechanic for integrating die
rolls to produce a final score. Variance in this score influences the
balance of the compromise.

This is a player-level commitment. Once, I thought this was a great
idea. Having now seen that some players don’t like being bound in
this way, I’m not certain that it’s right for all groups or for
long-term commitments. It’s fine for getting one player to shut up
about how he hates the group’s shadowrunning plan—for that night.
It’s not going to work to get the Elf and the Dwarf to stop bickering
over racial supremacy issues.

Weapons of the Gods

An extensive social conflict system, tied to the medicine and sorcery
mechanics. All of these work by imposing Chi Conditions: incentive
pairs. For example, a Courtier might impose the condition "In Love,"
specifying that the target receives a bonus to certain other
die-rolls, or a resource useful for the broader game, in every scene
in which he makes eyes at his beloved. A less pleasant Courtier might
make this a negative condition, so that the target receives a penalty
in any scene in which he does not moon around.

These are slow to set up—it’s typical for players to show up for a
session with the Chi Conditions they intend to use in mind. These
don’t show up in high-action conflict. Pre-existing Chi Conditions
can have great impact there.

Because this is an incentive system, players never have the chance to
complain about others abuse of the system—you’re not bound to
behave in a particular way, you merely have set costs.

Exalted, Second Edition

There’s a very complicated tactical mini-game for social conflict.
It’s built parallel to the basic physical combat system, without
concepts of Soak (armor). Just as a Mass Combat system exists as a
modifier to the base combat system, a Mass Social Combat system exists
to model religious conversions and the like.

The game is heavily focused on player skill: the vast quantity of
rolls smooth out most randomness. At the end, a target character has
been convinced of something, but his player may spend a scarce
resource to have his character act in contravention of this belief.
It’s not clear what this represents in the imagined space: is the
character stubborn? strong-willed? Used to mind-control and so
willing to act against his own beliefs from time to time? This escape
clause is there to make it harder to change a player’s character
without his agreement, so it doesn’t have an easy translation to the
imagined world.

Over time, repeated losses of this Social Combat system can edit a
character’s sheet, contradicting a player’s original intent for his
character.

Dungeons and Dragons v3.5

This game has a Diplomacy skill, not often rolled. Most GMs drift
this to require player roleplay, use this to judge "plausible
reactions," and let dice adjust a bit within that.

There’s an entirely different mechanic around the Bluff and Sense
Motive skills. A contest of skill rolls lets one character lie to
another. There’s not a lot of opportunity given for a player to let
his character fail one of these tests, or insist that one particular
test is important.

It’ll be in Emacs 22, but the Organizer Of The Future is
here today and
works with GNU Emacs 21 and XEmacs.

Emacs Org Mode is for taking notes and organizing thoughts. I find it
excellent for rapid note-taking. It supports HTML, plain text, iCal, or
LaTeX export, a Markdown-like markup system, and simple links. It
also has the best Emacs table editor I’ve ever seen. This is
amazingly good elisp. This was the missing feature for me to take
notes during many meetings.

Apparently,
PayPal is about to deploy a SecurID-like system.
SecurID is a two-factor authentication scheme: a little widget
generates a new code every minute or so. When you log in, you
concatenate your password and the magic code. These are sent to the
machine on the other side, which can compare the code against a known
sample.

Notice that no challenge-response is involved, and at no point does
the server authenticate to you. Further, no shared secret is
established for use as a session authenticator. In practical terms,
that means that there must be attacks against this. Here’s one:
perform your normal phishing scheme. At exactly the moment you
receive the secret code, log in to the user’s account and transfer
money away from him.

The real problem here is not just users giving away their passwords:
it’s weak authentication in general.

Jelton at Slashdot asks:

If digital media was available for sale at a reasonable price, but
subject to a DRM scheme that allowed full legitimate usage (format
shifting, time shifting, playback on different devices, etc.) and only
blocked illicit usage (illegal copying), would you support the usage
of such a DRM scheme? Especially if it meant a wealth of readily
available compatible devices? In other words, if you object to DRM
schemes, is your objection based on principled or practical
concerns?

But this distinction doesn’t exist. Such perfect DRM is impossible,
and we’ve known it is for decades. Perfect DRM would have to allow
use of devices and technologies not yet conceived. It would have to
allow all fair such devices, but no unfair devices. It would have to
allow me to make a copy for backup, then make another after the first
was destroyed—but we know it’s impossible to prove destruction of a
copy.

Consider a program composed of three stages, A, B, and C, run in
sequence. A does something legal. C does something illegal. Can the
whole program run? It depends on whether B terminates. Perfect DRM
has to solve the halting problem.
There’s an equivalent proof using incompleteness.