Monday, November 26, 2007

I am not a criminal

And my government shouldn't treat me like one

I suffer from allergies. Not just the seasonal, don't play in cut grass/ragweed/etc. allergies. The year round, I must be allergic to oxygen allergies. (Or as a former co-worker in a hospital once told me, I must be allergic to work). Sudafed has, until recently, been one of my very close friends. Back in 2005 the Missouri legislature took any drug containing pseudoephedrine off the shelves and required that anyone purchasing the products to present a state ID. They did this because pseudoephedrine is one of the ingredients in meth, a very addictive drug that does horrible things to people. Two years later and we still have a serious meth problem, and its been spreading.

Now, I know the government has the right to control access to dangerous drugs. And meth is definitely a dangerous drug (people who are on it will ignore everything else just to stay on it, including children, themselves, and their houses, which often burn down in the process of making the drug if the maker is not careful). But pseudoephedrine is not a dangerous drug. In fact it can be one of the only drugs that can help some allergy sufferers like myself. I am not going to use the drug to make another one, I have a perfectly good use for it as it is. I should not have to give my personal information away to some random desk clerk, who in turn gives it to every law enforcement organization that asks for it. My information is not for you to mine.

For the first year and change, I suffered through allergy attacks relying on Benedryl and hoping I didn't have to drive much while on it (great at bedtime though...). This spring I decided that I wouldn't make the rest of my family suffer with me and went down to the local Walgreens to get some Sudafed. Unsurprisingly, I got tons of dirty looks from the pharmacy techs for buying this and grumbling about having to give my information. They probably sent my information to the FBI immediately just for that... The next time we ran out (several months later as I buy the biggest pack possible and ration myself so I don't have to go through that often) my wife got it for me because she knows how I feel. I had to go again today and get it, and again with the dirty looks.

If this system worked, I might have some sympathy for it. It still restricts my rights, but compared to the general benefits it could have brought about ... oh, who am I kidding, people are so desperate to escape this reality that they will drink even fermented deer's blood. Let me live my life peacefully and find a better, more targeted way of stopping meth production. You don't have to worry about me misusing it.

Tuesday, November 20, 2007

Hold some balloons back

I'm sure all of you have heard about the recent stem cell breakthrough. This is great news, if it pans out. My greatest fear, as echoed by Wired, is that we are going to throw away all of the research done so far in other methods for the glimmer of hope these as yet unproven methods promise. Already some organizations are lighting up the lines to kill all research into embryonic stem cell research.

If these techniques turn out to reliably produce quality, pluripotent stem cells, it will greatly, if not completely reduce the need for embryonic stem cell therapies. These techniques have not yet been thoroughly vetted, however, and the experiments haven't yet been reproduced. These are also very new stem cell lines and any mutations or other side effects of the methods have yet to be found.

As one of the scientists working on the project, Junying Yu, has said, "Nobody knows exactly what happens, but when we introduce the genes, it basically changes gene expression inside the cell, and that changes the fate of the skin cells." It is this uncertainty, from the experts themselves, that has me hold back my optimism. There is also the fact that even current pluripotent embryonic stem cells can't always be coaxed into forming certain cells. So far the University of Wisconsin study has been able to grow heart, muscle and brain tissue. Very key tissues, especially in Parkinson's, Alzheimer's, and heart disease studies, but still newly made.

Please, throw these studies more money, but don't stop sending money to other, more proven methods, even if those methods aren't accepted by all.

Tuesday, November 13, 2007

That must be a big number

Alan over at http://www.akbkhome.com/blog.php in a recent post claimed to have an idea for the perfect way to take the P out of LAMP. He proposes the idea of an Apache module that will talk directly to MySQL and return JSON for a JavaScript applet on the requester's computer. I can see a somewhat limited place for such a change, but I don't see it as the PHP killer Alan would like.

The biggest issue will be getting the web content spidered by search engines. Spiders have zero understanding of JavaScript and completely ignore that content. Thus if you want decent ranking in the search engines, you will need some sort of standard HTML delivered to those, as well as being able to deliver the dynamic content to your regular users. PHP fills this need very well.

Using this, you would also need to work with users, such as myself, that browse with JavaScript turned off unless needed. Firefox's NoScript extension is great. It keeps malicious sites (or insecure sites with malicious content added...) from being able to do anything to my computer. Until these security holes are fixed (and I don't expect that to ever be finished), I will continue to browse without JavaScript and ignore sites that require it just to move past the home page.

There is are also the problems of performance and portability. Many things are often quicker for PHP to do after requesting data from MySQL than to run using stored procedures in MySQL alone. As for portability, it can be more complicated to move your applications from one MySQL server instance to the next. There is also the possible problem that such an extension would be a effectively a direct connection to the database server. We all know the issue of SQL injection when user input isn't properly filtered and validated before being sent to the database. Now we would either have to add a new application layer inside Apache to handle this or have the database open to such issues.

If it can overcome the portability, performance, and SQL injection problems, I do see one space where it can be useful. Web services are becoming more and more common. This is a great idea to make the services more accessible. But even there, PHP is already very capable as a web service provider. It will take more than just being the "cool new thing" to draw me away from a language that I am very comfortable using.

Monday, November 12, 2007

From my cold dead hands

Or, Amendment IV, redux

It becomes even more obvious that the executive branch has no comprehension of the privacy implications of the Constitution. The Supreme Court has ruled time and again in support of personal privacy. This has often gone against various national intelligence agencies' agendas, but now they are pushing to throw personal privacy right out. In a recent speech, the principal deputy director of national intelligence has said we shouldn't have privacy from the government and private companies; we should trust them not to misuse private information.

Just focusing on his speech for a moment, he brings in a number of non-sequiturs:

  • "Those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs." - There is a very big difference between a person talking about their private information and private information being taken without one's consent.
  • "[People are] perfectly willing for a green-card holder at an (Internet service provider) who may or may have not have been an illegal entrant to the United States to handle their data." - Where do I begin? What does privacy have to do with the immigration debate? Are illegal immigrants the only people ISPs employ? What is an ISP doing monitoring my traffic? As for that last one, I know there is no binding net neutrality legislation (yet), but as has been shown in the recent Comcast and AT & T kurfluffles, ISP customers expect traffic agnostic internet connections.
  • "Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety. I think all of us have to really take stock of what we already are willing to give up" - Not a non-sequitur, its actually a false dichotomy. My privacy and other rights are independent of my and this nation's security. "Those who are willing to give up their civil liberties to preserve their safety, deserve neither and will lose both." - Ben Franklin.

If our founding fathers knew that this would happen after all of their sacrifices, we would still be part of England. There are hundreds of issues with these statements. The biggest issue is the call to "just trust us." I'm sure the veterans, the TSA workers, and who knows who else trust the government's handling of private information. I also don't trust what the government will do with that information: a) I don't know how they will sift through it all, b) I don't want to pay someone to do that sifting, and c) what will keep the false positive (whatever constitutes a positive...) rate down?

Thus I will keep my anonymizing and encryption tools, and, as Charlton Heston was known to say in defense of another Constitutional amendment (although I don't completely agree with his views on that): You can pry my software from my cold dead hands.

Tuesday, November 6, 2007

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Now, I know this whole Constitution thing has already been sent through the shredder a couple times in the past 7 years (well, and before that too, but I'm not going to go into it right now), but this is becoming ridiculous. The government has been saying for a long time that internet communications should have no expectation of privacy. This case is being fought currently in the federal courts to determine that fact for sure.

The way I see it. Anything I post on a bulletin board, blog, forum, or any other publicly read webpage is fair game. Read it all you want, thats why I put it there. If it is sent in a "private" email however, I expect it to be treated the same as any snail mail envelope. You can read who its from and who it is to, but without a court's approval, you should not be allowed to read the contents.

The government argues, however, that email, for the most part, is sent as plain text and that if they look at the full packet, they didn't really open it... Personally I believe that the headers constitute the envelope and the content is inside it, but if thats the way you want to play it, I am not waiting for a court to give the government a blank check. I have just recently downloaded and installed GNU Privacy Guard on my system. I already had Thunderbird (a great mail client, for anyone out there looking for one, a good replacement for Outlook or hopping between web mail clients). I also downloaded the engimail extension for Thunderbird. Now all of my email is signed (so no one can mess with it and anyone can tell I sent it), and if anyone wants to send me their public key (see sidebar links for more information on what these are and for my public key) I will send them only encrypted emails. Trianglman is the address, gmail is the domain.

Protect your rights. Demand that the Constitution be upheld. Don't sell your rights for a false sense of safety.

Those who would sacrifice their liberty for security deserve neither and will lose both.

Monday, November 5, 2007

Yay Uber-geekiness

Thank you Make for pointing me at this:

According to the post, the music you hear is completely created by the sparks, no speakers were used in the production of this video.

Friday, November 2, 2007

JavaScript incompatibilites

It was just brought to my attention that Mozilla is beginning work on a new version of JavaScript (aka ECMAScript). Microsoft, however, would rather web technologies move forward their way, with an entirely new language. As a web developer, I have to side with Mozilla on this one.

We currently have a glut of web programming and scripting languages: from server side languages like PHP and ASP, to client side languages like JavaScript and Flash. Adding more ways to do things to your users' computers, without fixing the issues currently present is not the right way to go. The original ECMAScript was designed by Netscape to be simple and allow an improved user experience on a given page. This originally was mostly sandboxed to only affect the current page or guide users to new pages. With the addition of the DOM and XMLHTTPRequest this has greatly increased the scope of what a page can do, even to the point of allowing some malicious scripts to turn your browser into a zombie bot like regular malware would do to your computer.

Every new web technology has added its own issues and vulnerabilities. From PDF cross site scripting holes, to Quicktime and Flash user input vulnerabilities. Creating an entirely new language will just create more surface area for browser vendors to need to protect (or more likely not protect). However, in upgrading a current technology, Mozilla is only adding a little more surface area (only the new features) and possibly closing up old holes through bug fixes. After glancing over the white paper, many of the new features in JavaScript may lead to better, easier to manage code, with fewer user space bugs.

Microsoft's main argument is that by upgrading the language, rather than creating a new one, old scripts could break and backwards compatibility will be lost. While this could be true, one of the main goals of the ES4 Working Group is to maintain backwards compatibility. This means that, barring a few edge cases, and if all goes as planned, the barrier to entry for ES4 will be minimal, potentially only requiring a browser update (only for previously unsupported features) and, if the developer feels the need for it, training on the new features. However, uptake of a new language will be slow, both on the consumer end where users will have to upgrade their browser or download new plug-ins (anyone want another active-x situation?) and on the developer end where they will need to learn a new language, potentially buy new development tools, and still need to support the users who don't have this new software.

There is also the question of how open Microsoft wants to make it's new language. If history is any indicator, they may try to use it as a wedge to push people back to their browser. Mozilla, however, is an open source company; ECMAScript is an open standard.