DocBug

Kennedy on the vaccine/autism link 

Robert F. Kennedy Jr. has a good overview on the potential link between mercury-based preservatives used in vaccines from 1981 to 2003 and the simultaneous huge increase in autism. I'd sort of bunched this theory in with fluoridation paranoia, but it looks like there's a lot of concern among level-headed people who have looked at the data and have the expertise to understand it. If what this article implies is accurate, this whole thing could blow into another Thalidomide.

Spark Fun Electronics 

Quick resource tip: Spark Fun Electronics is a cool little online electronics & prototyping-supply shop. Good descriptions & spec sheets with the hardware hacker in mind. (Thanks to Thad for the link!)

Grokster glass half full? 

I'm feeling very "glass is half full" about today's Supreme Court decision in MGM v. Grokster, which essentially says a technology company can be guilty of contributory copyright infringement if it induces others to violate copyright (e.g. through advertising). Sure it leaves open lots of questions hanging, which no doubt will be clarified after much more blood on the field. On the whole I'm still optimistic for where this might lead us in the long run:

1. Peer-to-peer sharing of copyrighted files will continue unabated, that was a given regardless of the decision. I think this is a good thing not because I've some anarchist itch than needs scratching, but because the content cartel have been abusing their government-granted limited monopoly for decades, and they've become damaging to society. Congress is a part of the problem, so there's no remedy there. Monopolies don't change willingly, and the only two forces I see moving the cartel to serve their customers instead of abuse them are files-sharing on the one hand and empowered artists eliminating the middleman on the other. My big hope is that somehow these two stakeholders figure out the right way to join forces.
2. The decision makes it harder for companies like Grokster to profit from copyright violations with a wink and a nod. That makes it less likely that we trade one set of market-masters and gatekeepers for another, and it also makes it a little easier for the cartel to survive as they (hopefully) reform into good corporate citizens. The message I'd take from this decision if I were MGM would be "OK, we'll still have our clock cleaned if we don't offer our customers something better than free, distributed, somewhat undercover, all-volunteer-provided infrastructure, but at least we don't have to compete with funded commercial versions as well." Or at least they'll have a reprieve until legal alternatives like voluntary collective licensing or Creative Commons start to take their market-share.
3. It'll make P2P technologies even more decentralized and distributed. We'd never have seen the P2P technology explosion if the RIAA had embraced the posting of MP3s on the Web back in the mid-90s. Like a weakened virus that trains the immune system to later fight off a full-strength disease, we're building the technology and mindset that will one day help protect us against far worse threats than the Disney Secret Police. Which leads my to my last hope...
4. Maybe this will encourage businesses and technologists working with P2P to raise public awareness of the P2P applications that don't involve copyright violations, like load-balancing, wireless ad-hoc networking, store-and-forward networks for the third world, and censorship-resistant communication.

You know it's a housing bubble when... 

...sites like condoflip.com start popping up. As my friend Sasha put it, "Do all new condos come with airbags now?"
(Thanks to Omri for the link.)

Owning David 

The cover story of this month's Communications of the ACM is a mostly technical paper called Protecting 3D Graphics Content. In it, Stanford graduate student David Koller and professor Mark Levoy describe a method for copy-protecting 3D graphical models such as the ones generated in the Stanford Digital Michelangelo Project. Most copy-restriction schemes are snake oil — they rely on a mythological "trusted client" that prevents the user from accessing the raw bits being displayed on his own monitor by his own CPU. The Stanford team has gotten around this problem for 3D models by keeping the high-resolution model on their own server and only sending 2D images to the client. The client uses a much lower resolution 3D model for the interface to choose new camera angles. The method sounds sound, though the authors admit it might still be possible to reconstruct the 3D model using machine-vision techniques on their 2D images.

Scholarly researchers are often faced with difficult ethical trade-offs, especially when developing new technology. The authors state their own particular quandary in the second paragraph:

These statues represent the artistic patrimony of Italy's cultural institutions, and our contract with the Italian authorities permits distribution of the 3D models only to established scholars for noncommercial use. Though everyone involved would like the models to be available for any constructive purpose, the digital 3D model of the David would quickly be pirated if it were distributed without protection: simulated marble replicas would be manufactured outside the provisions of the parties authorizing creation of the model.

Michelangelo's David (image courtesy of and © Mary Ann Sullivan)

In other words, as academics Koller and Levoy understand how the free sharing of history, art and scholarly data contributes to society as a whole, but they also recognize that without some assurance that this data is not shared freely, the authorities who control access to the original works won't allow any sharing. The museum would also like to see the data shared with fellow researchers, but don't want to see it used to make replicas without their approval and license fees. Unfortunately, I think Koller, Levoy and the museum all fall the wrong way on this question.

One of the things that jars me in reading this piece is the liberal sprinkling of the words "theft" and "piracy," as in "For the digital representations of valuable 3D objects (such as cultural heritage artifacts), it is not sufficient to detect piracy after the fact; piracy must be prevented." Here the authors are making a fundamentally false assumption. I cannot speak to Italian law, but under U.S. law (and thus for any viewer of the data in the U.S.) exact models of works that are in the public domain are not themselves copyrightable. To quote the 1999 decision by the US District Court SDNY in Bridgeman Art Library, LTD. v. Corel Corp.:

There is little doubt that many photographs, probably the overwhelming majority, reflect at least the modest amount of originality required for copyright protection. "Elements of originality . . . may include posing the subjects, lighting, angle, selection of film and camera, evoking the desired expression, and almost any other variant involved." [n39] But "slavish copying," although doubtless requiring technical skill and effort, does not qualify. [n40] As the Supreme Court indicated in Feist, "sweat of the brow" alone is not the "creative spark" which is the sine qua non of originality. [n41] It therefore is not entirely surprising that an attorney for the Museum of Modern Art, an entity with interests comparable to plaintiff's and its clients, not long ago presented a paper acknowledging that a photograph of a two-dimensional public domain work of art "might not have enough originality to be eligible for its own copyright." [n42]

What Koller and Levoy are protecting are not the museum's property — the 3D models of David belong to the public at large. What they are protecting is a business model, one that is based on preventing the legitimate and legal sharing of information. Their opponents in this battle are neither thieves nor pirates, they are merely potential competitors for the museum's gift shop, or customers the museum fears losing.

It is understandable that museums want to protect an income stream they've come to rely on to accomplish their mission. It is also understandable that Koller and Levoy are willing to help museums maintain their gate-keeper status in exchange for at least limited access to the treasures they hold. After all, isn't partial access to the World's greatest artwork in digital form better than no access at all?

In this case I fear the short-term gain will be outweighed by long-term loss. Information technology and policy is in a state of incredibly rapid flux, with new systems constantly building on top of what came before like a giant coral reef. This project takes us another step down the path of information gate-keepers and toll-road bandits, a path that rewards the hoarding of information and the blockade of communication rather than the promotion of the useful arts and sciences. It also reinforces the message that we are all cultural sharecroppers, that education and the arts are reserved for those with the money to pay for them, and that the public domain is just a myth that thieves tell themselves to assuage a guilty conscience. This is the exact opposite of what our universities and museums represent, and it undermines the project participants' legitimate desire to share these treasures with the world. We can do better, and we should.

Update 6/21/05: A longer version of the CACM article (published in SIGGRAPH 2004) can be found here, and includes a video demonstration (Quicktime MPEG-4, 20MB).

Star Wars: Revelations 

I know it's been out for a couple months, but I finally watched Star Wars: Revelations, the all-volunteer fan film set in the Star Wars universe. Man, this ain't your father's fan flick!

No iPod settlement for me... 

I tested the battery on my iPod yesterday to see if I qualified for the $50 store credit Apple's offering to settle a class-action lawsuit. No dice for me — my 3-year-old first-generation 10 Gig iPod (specced to last 10 hours) does, in fact, still last around 9.5 hours continuous play from a full charge.

Downing Street Memo slow burn? 

The Times Online has just released a transcript of an official Cabinet Office brief that presumably was the basis for the discussion later detailed in the Downing Street Memo they released last month. Unlike the previous leak, this transcript is missing the last page and has been anonymized by the Times to protect the source.

Given that the Downing Street Memo story is just now getting traction in the US media (a month after being leaked) it'll be interesting to see how this new story is handled here, especially given how understandably gun-shy the US media is right now about criticizing the administration without being damn sure the sources can be verified. According to an interview USA Today's Mark Memmott gave On The Media (MP3), the main reason they delayed so long in talking about the first leak was that they couldn't verify the memo themselves.

The Party Party 

About a year ago I mentioned how the "virtual band" The Bots had put up a public-domain database of G.W. Bush audio clips to help would-be remixers get started. Their own rap Fuzzy Math is fun, but IMO succeeds mostly on the novelty of hearing GW saying things he'd never cop to in real life. The mixes over at The Party Party (by the band (me)™)) take GW mixing to the next level. The music stands on its own, and they turn the inherent choppiness of the mixing process into an advantage by fitting it with the natural rhythm of the music. (Be sure to especially check out My name is RX, a cross between Bush, Sympathy for the Devil and Slim Shady.)

MD5 collision for two meaningful documents 

Researchers at RUB and the University of Mannheim have a nice demonstration of how the recently discovered attack on the MD5 hash function can be used to fool someone into signing one document when they think it's another:

Recently, the world of cryptographic hash functions has turned into a mess. A lot of researchers announced algorithms ("attacks") to find collisions for common hash functions such as MD5 and SHA-1 (see [B+, WFLY, WY, WYY-a, WYY-b]). For cryptographers, these results are exciting - but many so-called "practitioners" turned them down as "practically irrelevant". The point is that while it is possible to find colliding messages M and M', these messages appear to be more or less random - or rather, contain a random string of some fixed length (e.g., 1024 bit in the case of MD5). If you cannot exercise control over colliding messages, these collisions are theoretically interesting but harmless, right? In the past few weeks, we have met quite a few people who thought so.

With this page, we want to demonstrate how badly wrong this kind of reasoning is! We hope to provide convincing evidence even for people without much technical or cryptographical background.

Their method is simple and clever. They use the newly discovered attack to generate two random strings that have the same hashed value (say R1 and R2). Then they put those at the start of a "high-level" document description language like PostScript and tack on something along the lines of "if the previous value was R1, print an innocuous message I can get signed, otherwise print the real message I want signed." A well-known weakness to the MD5 algorithm is that if R1 and R2 have the same hash values then R1+some text will have the same hash value as R2+the same text here, so depending on whether they use R1 or R2 as their preamble they get two very different messages with the same hash value.

Fun with Google Maps & Posters 

A couple fun tools that've crossed my path the last few days:

• GMapTrack: Make your own paths and waypoints in Google Maps (via Nivi)
• Rastorbator: Rastorize images into PDF files, for printing wall-sized posters (via Jofish)

(I was going to post GMerge as well, but it's been taken down after receiving what has to be the most friendly cease-and-decist letter I've ever read...)

UPS wearables & barcodes vs. RFID 

Symbol's WSS 1000 (the non-wireless, old version)

This month's Technology Review has a brief article on how UPS has upgraded their Symbol Technology ring-scanner wearable computers to use Bluetooth and Wi-Fi instead of a wire to an arm-mounted computer. The article is missing a few details (most notably it makes it look like Symbol came in to oust some other vendor's system, when in fact Symbol made the old system too), but it is a nice update on one of the early commercial wearable computer success stories.

One bit in the article that I found interesting was UPS's comment on barcodes vs. RFID:

Robert Nonneman, a manager of industrial engineering at UPS, says the company has watched RFID for 15 years but doesn't see it as an imminent solution to the problem of parcel tracking. In test runs, he says, RFID tags did not surpass the accuracy rate of bar code scanners. And an RFID rollout--including tags and a new technological infrastructure--would be costly. "You can't simply replace optical scanners with an RFID reader and expect an improved return on investment," he says. "There have to be process changes to leverage the technology."

I remember years ago Dick Braley from FedEx talking about the possibility of using RFID to ping a room full of packages and determine which (if any) need to be shipped out that day. That sort of room-flooding is a very different application than scanning a single package, and is one that barcode-readers will have a hard time performing, but it sounds like it's either not what UPS needs, would require a huge upgrade path or just not available yet from RFID technology.

Just as long as you're not good enough to compete... 

The Union-Tribune reports that Wal-Mart and other digital-photo printer services are refusing to print pictures that, in their opinion, look "too good" and thus might be copyrighted by a professional photographer. This is likely in response to guidelines drawn up by the Photo Marketing Association International, which among other things instruct "If there is not a clear lawful basis to make the copy, the safer course is to decline to copy." While not legally binding, following the guidelines are a good hedge against being nailed for copyright infringement by the PMAI, as Kmart Corp. learned when it was sued in 1999.

I suspect these guidelines came out of a genuine desire to "protect our members' legal rights," but I can't help but notice how well suited they are for stifling legitimate competition. If you're a crappy photographer then no problem, go ahead and use the online photo-processing site. But if you're good at using Photoshop and your high-end consumer digital camera then you're going to get harassed. Next time leave it to a professional, or better yet become one yourself and join the PMAI. I'm sure flashing a membership card would be more than enough to convince the clerk at Wal-Mart that you're legit.

(Link via Copyfight)

Update: I should point out it's not just Wal-Mart that's being hard-nosed here. On various blogs people are talking about trouble with a variety of other services, including Kinkos and Kodak's Ofoto.

Borrowed Ladder 

Today's NYT article Social Security: Migrants Offer Numbers for Fee seriously reminds me of the "borrowed ladder" concept from the movie GATTACA:

Mr. Luviano, 39, obtained legal residence in the United States almost 20 years ago. But these days, back in Mexico, teaching beekeeping at the local high school in this hot, dusty town in the southwestern part of the country, Mr. Luviano is not using his Social Security number. So he is looking for an illegal immigrant in the United States to use it for him — providing a little cash along the way.

UbiComp Gaming Workshop 

This year's UbiComp 2005 conference will include a one-day workshop on Ubiquitous Computing, Entertainment and Games:

The theme of this workshop is ubiquitous computing entertainment, playful social networking, and games. Our goals are to provide a productive forum in which international researchers, members of the entertainment industry, game players, game designers, and game publishers can discuss key issues in ubiquitous gaming, present and future uses of ubiquitous computing that create compelling, playful and socially beneficial gaming experiences, and to facilitate an exchange of ideas that will allow ubiquitous games to break out of their current “niche” and into the mainstream.

The workshop will be September 11th, 2005 in Tokyo.

Trapped Christmas Presents 

For over a decade my friend Jay and I have exchange trapped presents at Christmas. When I say trapped I mean it in the classic Circle of Death game style — if you open the present carelessly a buzzer will sound or explosive cap will trigger. It all started when we were designing traps for live-action role-playing games, but quickly became a challenge to one-up each other each year. These days we open all the other presents first and then settle down with our flashlights, dentist tools and wire clippers to work on opening each other's presents while the rest of the family eats pie and enjoy themselves making unhelpful comments.

Jay and I each have our own style of trap-making. Jay has become a master of secreting traps in places that you'd think he couldn't access. His high-point is probably the time he gave me a deck of gaming cards that he had somehow unsealed, hollowed out, rigged with a cap-popper trap, then resealed and reshrinkwrapped such that it looked like new again. (That's rivaled by two years ago, when he managed to plant an explosive inside a cut-then-resealed chocolate egg.) I'm always trying a new angle on things — my favorite is still the time I gave him a "special" version of Looking Glass' PC game System Shock, which included a specially-included candy red button in the second room of the game that when pressed would berate him for not checking closely for traps as it dropped powerful monsters on his head. (It always helps to know the programmers...)

This past Christmas I wanted to try a trap where the mechanism was plain to see but a puzzle to disarm. The result is the magnet trap shown bottom left. The metal plates at the bottom are sold in joke shops as Exploding Toilet Seat gags. They're spring-loaded to lift up and set off a cap, but in this case the magnets attached to the top of the popper are being pressed down by the magnets attached to the top of the lid. On one side is a north-polarity magnet being pushed down by another north-polarity magnet, on the other side is a south-polarity magnet pushed down by another south-polarity magnet. The whole system is quite stable — until you try to turn the lid to open the jar. Then the north and south magnets on the lid switch positions and pull the poppers up, setting off the caps. You can see the whole thing in action by clicking on the picture below. Jay tried using magnets underneath the jar to counteract the ones on the lid, but that wasn't enough force to fight both the magnets and the mechanical spring. I'll leave the right way to disarm the trap (and the way I originally set it) as an exercise to the reader (and will probably eventually put it in an update).

Jay had two traps this year — the first was a buzzer trap held down by a Borg Teddy Bear that he had gotten at the Star Trek Experience in Los Vegas. It was rigged so if I moved the bear or pulled the wrong wire first it would go off. Remembering my MacGyver lore, I pulled the red one (or was it black?) and disarmed it. The main trap, however, was the bear itself — he had taken it to a teddy-bear factory and had them sew in a voicebox that played his own message. I didn't set it off (I learned long ago never to press something from jay that says "press me" on it), but am still impressed. You can see it in action from the other movie linked below.

Magnet trap explained (Quicktime, 3.1M)	Borg Teddy-bear trap (Quicktime, 750K)

Update (7/24/05): explanation of how to disarm below the fold.

Honestly, leaving this as a riddle without giving everyone the benefit of being able to play with the trap itself is a little unfair. The key is that the magnets pushing down from the metal lid were not actually glued on, but were just stuck on using their own magnetic force. (They consisted of a magnet stuck to the lid, a bunch of steel nuts to give them the right length, and then another magnet at the end.)

To disarm the trap, you open the lid just a bit, then use a strong magnet to slide the magnet towers back to their original position through the lid. Keep opening it a little and sliding the towers back until the lid can be opened enough to stick a (nonmetallic) chopstick into the jar to hold down the poppers.

To set the trap, just reverse the procedure.

Sign of the times 

I took this photo last week at the entrance to MARTA, Atlanta's subway system.

It wasn't so long ago that I would have taken a picture like this one in a foreign country as a reminder of how different life would be without our Bill of Rights. It's amazing how quickly we're letting it slip away from us...

Sheep