Back On Your Heads

The devil, escorting a lawyer to his place in hell, gives him a choice of three rooms in Hell in which to spend eternity. However, the laywer may only examine each room once and either choose it or reject it.

The first room is too huge to see across. Millions of agonized people in business suits are up to their waists in boiling hot shit.

Knowing the devil’s friendship for really smart lawyers such as himself, the lawyer figures this room is not for him and rejects it.

The second room is smaller; you can actually see the far wall. Hundreds of thousands of agonized people in business suits are up to their necks in boiling hot shit.

The lawyer makes a quick calculation. He can see which direction this is heading, but he knows the devil loves trickery and also has a warm spot in his heart for really smart, tricky lawyers such as himself. With a knowing look at the devil, he rejects the second room.

The devil escorts him to the third room. It is only the size of one city block, and populated with people in business suits standing in boiling hot shit about one foot deep, drinking cups of coffee.

The lawyer sees a few of his Manhattan colleagues, who wave and smile. He steps down into the room, gets himself a cup of coffee, and begins to chat with a couple of divorce attorneys.

Then a loud whistle blows. A small army of imps armed with pitchforks collect the coffee cups, and their captain announces, “Okay, coffee break’s over. Back on your heads.”

(go to complete article)

Privacy Risks of Facebook Applications

I was just asked about the privacy risks of what are called Facebook applications. It is well worth looking at, and I had given it only superficial attention.

I will begin with what a Facebook application is. Then I will present the personal data that is at stake. I will share my beliefs about how far you can trust a Facebook application with this data. Finally, I will suggest Facebook settings that I think are safe.

1. What is a Facebook application?

   A Facebook application is an add-on to Facebook. Facebook offers a few of its own, such as Marketplace. The rest are contributed by web programmers all over the world. Whenever you get the message:

   Allow Access?
Allowing (application name) access will let it pull your profile information, photos, your friends' info, and other content that it requires to work.
Allow or cancel

   That is a Facebook application wanting your personal data.

2. What information can a Facebook application get from Facebook?

   Almost everything you were willing to tell Facebook.

   According to Facebook, when you “Allow” an application, the application sees the same personal data that your friends do, except contact data (your address, phone, e-mail, IM, or website). It does not see unshared data such as your password.

   When a friend of yours “Allows” a Facebook application, the application sees limited data about you, too. This limited data can be extensive or it can be nothing at all, depending on your preference.

3. How far can you trust a Facebook application?

   You might as well trust Facebook’s own applications, since you were willing to give the information to Facebook. But what about contributed applications? BBC looked into this in 2008. A BBC web programmer created an innocent looking Facebook application which secretly skimmed personal data from any user who allowed it, plus their friends. (This is called a Trojan horse attack.) It was three hours of effort. I looked into Facebook programming, and saw for myself how easy it would be.

   But BBC knows of no badly behaving Facebook applications (other than theirs). They say Facebook has a team that monitors the site for bad applications. If it is so easy to do, why isn’t Facebook overrun with bad applications? One possibility is that Facebook’s team is doing its job: when a bad application is released into the wild, it is detected and removed. A more grim possibility is that there are bad applications in the wild, but they have avoided detection. BBC did not release their bad application into the wild, so we don’t know if it was detectable.

   I think you can trust contributed applications to keep your personal data private only if you think Facebook is policing them perfectly, and I don’t think that’s been proven.

4. So what do I do about Facebook applications?

   I treat anything I post to Facebook (other than my password and contact information) as if it might be available for anyone in the world to see. If I would be uncomfortable with that, I don’t post it.

   However, that does not work for your birthdate. Facebook requires you to supply it, and it is potentially useful for identity theft. Nevertheless, it is part of the personal data that applications can see.

   For that reason, when an application asks to be allowed, I check it out first. And until I feel pretty sure that it is not more than what it seems to be, I don’t allow it. Also, I have denied my “Basic Info” to applications allowed by friends, because that protects my birthdate from applications which I have not checked out personally.

   Another way to secure your birthdate is to supply the wrong date. The Facebook terms of service only require you to say truthfully whether you are 13+ or 18+. As long as the date you supply does not misrepresent your age category, you are not violating the terms of service. You could save your friends some confusion by supplying the true month and date, and changing only the year.

You control which applications you allow to access your personal data on these pages:

http://www.facebook.com/editapps.php?v=allowed
http://www.facebook.com/editapps.php?v=additional

You control what personal data your friends’ applications can access on this page:

http://www.facebook.com/privacy/?view=platform&tab=other

Facebook keeps a list of all applications on this page:

http://www.facebook.com/apps/

Facebook documents the personal data available to applications on this page:

http://wiki.developers.facebook.com/index.php/FQL_Tables

Here is the BBC article.

http://news.bbc.co.uk/2/hi/programmes/click_online/7375772.stm

Please comment if you have anything to add or correct in this article. I would like it to be as accurate and useful for Facebook users as possible.

(go to complete article)

Send to (Blogger, Bookmarks, Mail, Wayback, English) in Google Chrome

I have customized Google Chrome to make it simple to send the current page to:

• Blogger (create a post about the page)
• Google Bookmarks (bookmark the page)
• Gmail a.k.a. Google Mail (create an e-mail containing the page)
• Wayback (show the page’s revision history)
• Google Translate (show the page in English translation)

The result of this customization is the “Send to” menu. This is very easy to set up and requires no special technical knowledge. This customization is not original with me but it has worked very well for me. Harry McCracken gets the credit.

1. If the Google Chrome bookmarks bar is hidden, bring it into view with Ctrl-B.
2. Right button click on in the bookmarks bar (but not on an existing folder), then click Add folder…
3. Name: Send to
4. click OK
5. NOTE: If the new folder does not appear on the bookmarks bar, then look in existing folders and in the » folder to see if you accidentally created it there. Then simply drag it with the mouse to the location you desire.

Now you have an empty Send to menu.

To add the Blogger option to the menu, drag the text BlogThis! with the mouse from this page at blogger.com and drop on top of Send to. (So that the name makes more sense with the words Send to, you can change the name from BlogThis! to Blogger by clicking Send to, right button clicking on BlogThis!, choosing Edit, and following the directions.)

To add the Bookmarks option to the menu, drag the text Google Bookmark with the mouse from this page at google.com and drop on top of Send to. (I changed the name to Bookmarks.)¹

To add the Mail option to the menu, drag the text GmailThis! with the mouse from this page at contrapants.org and drop on top of Send to. (I changed the name to Mail.)

To add the Wayback option to the menu, drag the text WayBack with the mouse from this page at gyford.com and drop on top of Send to.

To add the English option to the menu, drag the text English with the mouse from this page at google.com and drop on top of Send to.

A Google search for bookmarklets will turn up many similar options that you can consider adding to the Chrome bookmarks menu, for example at bookmarklets.com.

1. There is a related Chrome customization to make your Google Bookmarks searchable from the address bar (which as far as I know is original with me). The combination of Send to Bookmarks and searchable bookmarks makes Google Bookmarks simple to use in Chrome.

(go to complete article)

Using Google Bookmarks in Google Chrome

I prefer Google bookmarks to Chrome bookmarks because I can access them from anywhere. So I customized Google Chrome to use Google bookmarks. This is an easy customization that requires no special expertise or software add-ons.

First, read how Chrome works with the customization and take a look at the screenshots. Then, if you want the same customization, continue reading to see how it’s done.

To Google bookmark a page in Chrome

To bookmark the current page, I click my Bookmarks button. (You can see in the screenshot that I file it under Send to, but you can put it anywhere.) I optionally edit the title and add tags to make it easy to find later, and click Add bookmark.

At this point, my Google bookmark is saved and I can access it later from anywhere.

To return to a Google bookmarked page in Chrome

To find a Google bookmark page, I use search, naturally. In the address bar (a.k.a. the omnibox), I type gb (for Google Bookmark), press Tab or Space, type search word(s) that match the bookmark name or tags, and press Enter. On the results page, I click the bookmark I wanted.

To add these customizations to Google Chrome

To create the Bookmarks button, drag this bookmarklet to the Google Chrome bookmarks bar: Google Bookmark (or do the same thing from Google’s help page Bookmarks: Using Google Bookmarks, which is where I got it).

You can, of course, add the bookmarklet to a folder, as I did.

To add Google Bookmark search to the Chrome address bar, right-click in the address bar, choose Edit search engines…, click Add, fill out the form as follows, and click OK:

Name:

Google Bookmarks

Keyword:

gb

URL:

http://google.com/bookmarks/find?&q=%s

(In the Search Engines window there is also an option to make this the default search, if you wish.)

Comments on your experiences with this customization (and on the way it is presented above) would be most welcome!

(go to complete article)

Obama Because He Is Black

I voted this morning to make Sen. Barack Hussein Obama our next President. I have been endorsing him because:

He is not white.

He has an “Arab sounding” name.

He is otherwise qualified to serve as President.

I want to write today about racism. And if Sen. Obama had not won a very close primary race, I would have endorsed Sen. Clinton because she is a woman. So I want to write about sexism, too—about prejudice.

People keep telling me that age, ethnicity, religion, parentage, sex, and sexual preference are not what qualify someone to be President, therefore I should not consider them.

I have been told that voting for Sen. Clinton or Gov. Palin as women is sexist (as much as voting against them as women would be). That voting for Sen. Obama as a black is racist. That voting against Sen. McCain as a senior is ageist.

In short, I have been told that I should vote without prejudice. But I cannot, and pretty much nobody else can.

Almost all people have prejudice and believe that they don’t. America prefers whites, men, Protestants, straights, and tall, pretty, young people. We prefer them in daily, practical ways that matter: acts of friendship, trust, pay, and performance evaluation. And we act this way not realizing that we do. These facts have been so well proven that even a habitual skeptic like myself cannot really doubt it.

There is a test for automatic bias, developed at Harvard, called the Implicit Association Test. You can go to <https://implicit.harvard.edu/> and measure your own automatic bias for race, skin lightness, sex, sexual preference, age, weight, and political party. Even if you are black, your test will probably show an automatic bias for whites, and if so, the smart money says you have been giving whites preferential treatment, whether or not you believe it.

But it has also been proven that we are not born with these biases. We take them from our culture, and we can relearn them pretty easily once we know the trick. You cannot beat the Harvard race test by mere will power or wishful thinking. Even the authors of the test cannot beat it that way. But they learned, it turns out, that you can beat the race test by thinking about black heroes—Dr. Martin Luther King, Jr., for example, or Olympic athletes—black people who achieved great things.

Here is another example. The proportion of women hired to play in orchestras is steadily rising. It was 10% in the 1970’s, and more than 35% in the 1990’s. The cause was a screen put up between the judges and the performer during the audition. Judges no longer knew if women were auditioning. But the screen itself is responsible for only a third of the difference. The other two thirds is due to a change in bias. The experience enlightened judges. Now, when they audition women, they are not made deaf by their bias. They can see greatness.

There is no screen hiding the candidates from us. We cannot pretend we do not know that Sen. Obama is black, Sen. Clinton is a woman, and Sen. McCain is a senior. It is too late. Our biases are already in play. But like the orchestra judges, our biases are shifting. Every time we gain a new hero who contradicts our culture’s automatic bias, we change. Every time a schoolteacher introduces a new generation to one of these heroes, we change.

A President is more than an executive officer and a diplomat. A President is a hero.

So, thanks to courageous activists who blazed a trail, and thanks to our teachers who preserved it for us, we are at the point of recognizing a new hero. A hero who will challenge our false implicit biases about people with dark skin and “Arab sounding” names. Who will help us see more clearly the greatness of all people. Who will help us to act more like we mean it when we say that we are created equal.

I am grateful for my small role in this as a voter, but I do not take any credit. It was the American thing to do.

I just wish he weren’t a lawyer.

(go to complete article)

The Ballad of RSTS/E

Writing and performing this video is not the nerdliest thing I’ve done—so that alone should scare you. It probably also violates the principle that what happens at DECUS stays at DECUS.

(go to complete article)

A Thirty Year History Of Google Chrome … Continued

Evolution of Personal Computers

When I talked yesterday about thirty years of personal computers, I did not mean IBM compatibles. I meant all PCs (including, for example, the Mac, the TRS-80, and the Amiga.) I did not make that clear, and I apologize.

Here is a time-line of major events in the evolution of PC reliability. Technically speaking, I mean protected memory, preemptive scheduling, and allied protection features which keep an error in one application from crashing other applications or the whole system.

1982. P/OS, Digital Equipment Corporation

DEC miniaturized an existing data center architecture having protection features (RSX-11M), to compete with the IBM PC.

1987. OS/2, IBM

IBM developed this Windows competitor from the ground up, incorporating protection features they knew to be important from their data center experience.

1993. Windows NT, Microsoft

Microsoft started to catch up in 1990, with limited memory protection in Windows 3.0. They only really got it right when they released Windows NT 3.1. NT was a rewrite of Windows by ex DEC developers.

2001. Mac OS, Apple

Apple tried to rewrite their own operating system, but what ended up working well for them was a merger of their original Mac OS with the UNIX operating system.

(It is hard to know if and when to put Linux on the time-line. Linux had protection features from its inception in 1991 because its design was based on UNIX, but it only now beginning to make any inroads into the personal computer mass market.)

The time-line is based on a bit of research and what remains of my memory, so please correct me if you know better.

Advantages Of The Data Center

A family computer is used for business and personal records. On a family PC you will find a whole lot of correspondence in the form of saved e-mail. There will be various kinds of record keeping, from family histories to monthly budgets. Many people are storing photos and music collections on the computer. Any number of personal projects—greeting cards, posters, newsletters.

People put too much faith in PC hard drives, discs, and memory cards to preserve their family records. These devices break, and they get stolen. Migrating away from local applications is advantageous. Data center equipment breaks too, but data centers have parallel secondary systems that take over until the primary systems are restored, with no loss of data and little or no interruption of service. Security against physical theft of the storage devices is much better.

How Risky Is It to Migrate?

On the other hand there are some new things to worry about. What is the risk of unauthorized, undetected use of family records by data center personnel or by the government? Google has a strict privacy policy, but what enforces it, and, for that matter, what keeps Google from changing its mind? The risk is not easy for the mass market to assess. This fact leads them to imagine that it might be a high risk, and avoid it. Similarly, they find it hard to assess the risk that Google will close its facilities unexpectedly. And the very fact that Google provides free service creates a fear that Google has no incentive to provide a reliable service.

There are real risks here, but I think they are often hugely overestimated. The incentives to Google are being looked at the wrong way. Google is like television in an important respect.

You (the user) are not the customer.
Google is not your supplier.
The advertiser is the customer.
You are the product.

Google earned $1.35 billion in the last quarter and has $14.4 billion in cash. There is plenty of incentive to continue attracting users by creating and maintaining a reputation for ethical behavior and reliability. If Google offends its users, they will go elsewhere and Google’s revenue will go with them.

Google doesn’t only run public services. It also runs the same services at private data centers for paying corporate customers. But corporate demand for high availability causes improvements which carry over to the public services.

When a bank goes bankrupt, its operations do not stop. Another bank buys its operations and its customers. My login screen for WaMu now mentions JPMorgan Chase in passing; it’s the same bank under new management. If Google goes bankrupt, its operations and its user base are too valuable to be discarded. Another player in the cloud computing market will buy them, add their name, and go on. The real risk is that at that point I will be offended by a logo reading “Microsoft Google”, and take my files and go elsewhere.

Supposing I am wrong, and one day Google is simply not there. How will I get my family records back? Well, Google actually stores my documents in an open, non-proprietary format. Google also keeps copies of all my documents on my personal computer if I wish. (And, of course, I have opted to do this.) Google offers this option so that I can continue working if my network connection goes down, but I can actually continue working if Google goes down and stays down, until the open source community takes over for them. I think this is really why Google does so much to support open source software. By making themselves non-proprietary, they eliminate risks that I would otherwise be taking by using them.

This is not to say that people should not keep their critical family records in printed form. Nobody should think of keeping their will in Google Docs. And even paper has its problems. We have a printer with archival quality, pigment based ink. The family photos we print with it ought to last many, many years, long after the plastic compact discs gas out enough plasticizer to self-destruct. But it is still true that a fire, a flood, or a plague of insects can destroy them, and I am glad enough to have copies of them stored in digital form at a data center.

(go to complete article)