Dear Reader,
If you are reading this through an RSS feed you probably didn't see the alert I put in the header: I have folded this blog into Cooking with Charles. This blog will no longer be updated. You are probably a handful of posts behind at this point.
Charles
Thinking with Charles
This blog is no longer being updated. You're looking for Cooking with Charles. |
Tuesday, October 30, 2012
Sunday, September 23, 2012
Art Project!
So, perhaps it's a stretch to call this an art project. I certainly don't consider myself an artist, and in fact the specifics of this project required nearly no artistic skill at all. But I'm pretty sure that there are a lot of people who might mistake it for art, so we'll run with that.
I've taken on several cosmetic projects for my bedroom. During the summer I bought a primed (but unpainted) dresser at a yard sale. I painted it a nice bold blue. More recently I got rid of the old pulls (they were the flappy kind you often see on old furniture); since the screw holes were at such an odd spacing anyway -- 2.25" when the modern standard is 3" -- I ended up just filling those holes, sanding them down, re-painting, and putting on new knobs that I like a lot better. I also sanded, primed, painted, and gave a new knob to an old nightstand that was starting to look a little sad from years of use. Between these, the paint job, and the curtains I felt like the room was really putting together a coherent color scheme.
(Note that despite how it appears in this picture, the wall color is uniform.)
Unfortunately, after looking at it a few too many times, two problems became evident: first, the walls were completely and conspicuously naked; second, the purples were too far away from the blues. I don't even know if that's a real thing, but it was certainly bothering me.
The obvious solution was to track down some art for the wall to bridge the gap and flesh out the color palette of the room. I spent some time on Etsy, eBay, and Craigslist trying to find something to fill the gap. Nothing really was quite what I wanted and everything seemed very expensive. I eventually just about settled on a woman out east somewhere who did mini-paintings, near-monocolored in any color you want, with all sorts of visible brush strokes to make things a little more interesting.
I decided that the nonuniformity was the part of her work I liked the least, given that everything else in the room is very much one flat color. After some sifting around on art supply websites it also became pretty clear that I would be able to produce similar work for much cheaper than buying it.
So I bough some canvas -- twenty six-inch squares -- and I picked out some paint samples at Menards. A few four-square-foot samples was plenty to do what I wanted.
The actual painting was time consuming but certainly not difficult. One color at a time, I laid out a few canvases and painted them each with a few coats of flat uniform color. I also put a layer of clear protective spray coating on them; it was something that artists on Etsy played up and the spray itself (certainly not intended for this purpose) was quite inexpensive.
The most frustrating part was hanging. My initial instinct was to drill a few shallow holes in the back of each canvas's frame and stick those on nails. It turns out that's very time consuming and has a lot of failure points. Eventually I realized that the better solution was just to put a pair of nails in the wall for each canvas (for those counting at home, that's forty nails I now have in the wall over my bed) and set the inner edge of the frame on them. The difference in the thickness of the frame is certainly no larger than my uncertainty in putting in the nails. Because I'm impatient I hung the squares as I went (though in the pictures I think that makes it easier to see what's going on).
They aren't arranged in any particular pattern, other than having one of each of my four colors in each column.
You can judge for yourself, but I feel very good about how this turned out. It seems to me that the room makes more sense now.
I've taken on several cosmetic projects for my bedroom. During the summer I bought a primed (but unpainted) dresser at a yard sale. I painted it a nice bold blue. More recently I got rid of the old pulls (they were the flappy kind you often see on old furniture); since the screw holes were at such an odd spacing anyway -- 2.25" when the modern standard is 3" -- I ended up just filling those holes, sanding them down, re-painting, and putting on new knobs that I like a lot better. I also sanded, primed, painted, and gave a new knob to an old nightstand that was starting to look a little sad from years of use. Between these, the paint job, and the curtains I felt like the room was really putting together a coherent color scheme.
(Note that despite how it appears in this picture, the wall color is uniform.)
Unfortunately, after looking at it a few too many times, two problems became evident: first, the walls were completely and conspicuously naked; second, the purples were too far away from the blues. I don't even know if that's a real thing, but it was certainly bothering me.
The obvious solution was to track down some art for the wall to bridge the gap and flesh out the color palette of the room. I spent some time on Etsy, eBay, and Craigslist trying to find something to fill the gap. Nothing really was quite what I wanted and everything seemed very expensive. I eventually just about settled on a woman out east somewhere who did mini-paintings, near-monocolored in any color you want, with all sorts of visible brush strokes to make things a little more interesting.
I decided that the nonuniformity was the part of her work I liked the least, given that everything else in the room is very much one flat color. After some sifting around on art supply websites it also became pretty clear that I would be able to produce similar work for much cheaper than buying it.
So I bough some canvas -- twenty six-inch squares -- and I picked out some paint samples at Menards. A few four-square-foot samples was plenty to do what I wanted.
The actual painting was time consuming but certainly not difficult. One color at a time, I laid out a few canvases and painted them each with a few coats of flat uniform color. I also put a layer of clear protective spray coating on them; it was something that artists on Etsy played up and the spray itself (certainly not intended for this purpose) was quite inexpensive.
The most frustrating part was hanging. My initial instinct was to drill a few shallow holes in the back of each canvas's frame and stick those on nails. It turns out that's very time consuming and has a lot of failure points. Eventually I realized that the better solution was just to put a pair of nails in the wall for each canvas (for those counting at home, that's forty nails I now have in the wall over my bed) and set the inner edge of the frame on them. The difference in the thickness of the frame is certainly no larger than my uncertainty in putting in the nails. Because I'm impatient I hung the squares as I went (though in the pictures I think that makes it easier to see what's going on).
They aren't arranged in any particular pattern, other than having one of each of my four colors in each column.
You can judge for yourself, but I feel very good about how this turned out. It seems to me that the room makes more sense now.
Monday, September 10, 2012
Punishment and Rehabilitation
Just as two wrongs don't make a right, the idea that criminals must be "brought to justice" through punishment is primitive and even harmful. When we step back from our emotions it's obvious that a rehabilitated criminal is better for society than a punished one. Furthermore, statistics show pretty clearly that those two are not the same thing; two thirds of those released from prison commit another crime within three years and half are back in prison in that same time.
It seems to me that after a crime is committed there are two most important actions: reversing (if possible) the damage done, and using knowledge from that crime to prevent future crimes. Punishment of a wrongdoer may bring emotional closure to the wronged, but if this punishment doesn't actually reduce crime then we need to look for another solution.
And it doesn't -- the United States keeps a higher fraction of its population in prison than any other country on earth. With 5% of the global population we have something like 25% of the inmates. Far more than half of inmates are nonviolent offenders, largely due to mandatory minimum sentencing. But compared to other developed nations the United States has similar overall crime rates.
If a crime is committed for economic reasons -- to feed a family perhaps -- then it's a symptom of a fixable problem. In fact, it ought to be fixable for much less than the cost of punishment. Keeping one person in prison for a year costs the country something like $40,000. You can buy for a lot of community college or job training for that much money. Obviously making training opportunities available as a response to someone committing a crime is awkward positive reinforcement but a proactive approach seems very practical: reduce crime by reducing poverty by investing in social programs that create skilled workers.
Saving the money on prison is great. But it seems reasonable to expect that putting breadwinners to work instead of in prison might decrease the dependence on welfare programs as well.
More extreme than prison time is the death penalty. It is impractical to say the least, and yet another way that the United States is more like a developing country than a wealthy one; the practice is banned in Canada, Australia, and almost all of Europe. Nobody has been executed in South America in the last decade and Africa is moving away from the practice as well. For the most part, capital punishment exists here, in China, in India, and in the Middle East.
Implementing the death penalty gambles that a prisoner will never be exonerated. Furthermore it implies that the prisoner can never be rehabilitated. There is no matter of the rehabilitation being too costly; the cost of implementing the death penalty is comparable to -- and perhaps more expensive than -- the cost of a life sentence without parole. As this paper puts it, "We try to maintain the apparatus of state killing and another apparatus [the preceding legal deliberations] that almost guarantees that it won't happen. The public pays for both sides."
There is significant disagreement as to whether the death penalty is an effective deterrent for crime, and near-consensus that it is an ineffective use of law enforcement funds.
Of course, not all crime is committed out of economic desperation. In fact, there is debate as to the causal relationship between poverty and crime (though it's certainly true that there is a correlation -- the states with the highest poverty rate/lowest average income also tend to exhibit high crime rates). Certainly an example of non-economic crime could be the recent shootings in Aurora, Oak Creek, and the many others that routinely make it into the news. Dealing with criminals who have non-obvious motives is more complicated.
It's possible that some individuals are highly predisposed to violent outbursts from birth. If so, even if you had a way to screen them as children, what action would be appropriate before these people have done anything wrong? Similarly, abuse during formative years can lead to acting out violently (for example, see here). Can a person damaged far in the past be rehabilitated effectively?
How do you prevent crime by those who aren't getting the help they need for psychological or emotional issues? How do you handle them afterwards?
If crime is lucrative (for example, dealing drugs), how do you combat it? Marijuana is something I'll talk about in an upcoming post but I'll have to do a lot of reading before I have anything intelligent to say about harder drugs.
And there's likely something to be said for the gun culture we exhibit in this country. We have close to thirty gun homicides per day in the United States, which is close to triple the highest per capita rate you see in any European country. We also have the highest rate of gun ownership in the world, double that of Switzerland at number two. It seems likely that there are systematic and cultural issues at play.
Unfortunately, not only are these issues nebulous, they're probably interrelated. It's a mess.
We can quickly look at Norway's system for comparison, as it draws sharp contrasts to ours. In Norway the maximum prison sentence is 21 years, though it can be extended if the individual is deemed to still be dangerous. Their prisons are notably nicer than ours, in some cases being compared to resorts. There is no capital punishment. Their crime rate is low; per capita our murder rate is about eight times larger than theirs. In Norway there is only a 20% rate of returning to prison within two years of release; in the United States that number is closer to a 50%.
What a socialist hellhole!
It seems to me that after a crime is committed there are two most important actions: reversing (if possible) the damage done, and using knowledge from that crime to prevent future crimes. Punishment of a wrongdoer may bring emotional closure to the wronged, but if this punishment doesn't actually reduce crime then we need to look for another solution.
And it doesn't -- the United States keeps a higher fraction of its population in prison than any other country on earth. With 5% of the global population we have something like 25% of the inmates. Far more than half of inmates are nonviolent offenders, largely due to mandatory minimum sentencing. But compared to other developed nations the United States has similar overall crime rates.
If a crime is committed for economic reasons -- to feed a family perhaps -- then it's a symptom of a fixable problem. In fact, it ought to be fixable for much less than the cost of punishment. Keeping one person in prison for a year costs the country something like $40,000. You can buy for a lot of community college or job training for that much money. Obviously making training opportunities available as a response to someone committing a crime is awkward positive reinforcement but a proactive approach seems very practical: reduce crime by reducing poverty by investing in social programs that create skilled workers.
Saving the money on prison is great. But it seems reasonable to expect that putting breadwinners to work instead of in prison might decrease the dependence on welfare programs as well.
More extreme than prison time is the death penalty. It is impractical to say the least, and yet another way that the United States is more like a developing country than a wealthy one; the practice is banned in Canada, Australia, and almost all of Europe. Nobody has been executed in South America in the last decade and Africa is moving away from the practice as well. For the most part, capital punishment exists here, in China, in India, and in the Middle East.
Implementing the death penalty gambles that a prisoner will never be exonerated. Furthermore it implies that the prisoner can never be rehabilitated. There is no matter of the rehabilitation being too costly; the cost of implementing the death penalty is comparable to -- and perhaps more expensive than -- the cost of a life sentence without parole. As this paper puts it, "We try to maintain the apparatus of state killing and another apparatus [the preceding legal deliberations] that almost guarantees that it won't happen. The public pays for both sides."
Of course, not all crime is committed out of economic desperation. In fact, there is debate as to the causal relationship between poverty and crime (though it's certainly true that there is a correlation -- the states with the highest poverty rate/lowest average income also tend to exhibit high crime rates). Certainly an example of non-economic crime could be the recent shootings in Aurora, Oak Creek, and the many others that routinely make it into the news. Dealing with criminals who have non-obvious motives is more complicated.
It's possible that some individuals are highly predisposed to violent outbursts from birth. If so, even if you had a way to screen them as children, what action would be appropriate before these people have done anything wrong? Similarly, abuse during formative years can lead to acting out violently (for example, see here). Can a person damaged far in the past be rehabilitated effectively?
How do you prevent crime by those who aren't getting the help they need for psychological or emotional issues? How do you handle them afterwards?
If crime is lucrative (for example, dealing drugs), how do you combat it? Marijuana is something I'll talk about in an upcoming post but I'll have to do a lot of reading before I have anything intelligent to say about harder drugs.
And there's likely something to be said for the gun culture we exhibit in this country. We have close to thirty gun homicides per day in the United States, which is close to triple the highest per capita rate you see in any European country. We also have the highest rate of gun ownership in the world, double that of Switzerland at number two. It seems likely that there are systematic and cultural issues at play.
Unfortunately, not only are these issues nebulous, they're probably interrelated. It's a mess.
We can quickly look at Norway's system for comparison, as it draws sharp contrasts to ours. In Norway the maximum prison sentence is 21 years, though it can be extended if the individual is deemed to still be dangerous. Their prisons are notably nicer than ours, in some cases being compared to resorts. There is no capital punishment. Their crime rate is low; per capita our murder rate is about eight times larger than theirs. In Norway there is only a 20% rate of returning to prison within two years of release; in the United States that number is closer to a 50%.
What a socialist hellhole!
Wednesday, July 25, 2012
Football Scoring
I guessed some time ago that football games would have the same outcome if touchdowns were worth ten (or even a hundred) points and field goals only a single point; now that I have done some research I can actually discuss the problem in some more detail. It turns out that in American football, for practical purposes, field goals, safeties, and two-point conversions do not matter. They serve only as tiebreakers for touchdowns.
I of course am speaking only from a practical reading of games that have happened in the past. I'm sure having field goals be worth almost half of a touchdown makes them feel relevant while watching a game. I'm sure it's exciting to imagine catching up to a touchdown incrementally through field goals and conversions.
But it doesn't happen.
Without a good way of accessing game history data I was limited by my patience in looking up final game scores and, more importantly, the scoring patterns that make them up. I ended up looking up the past twenty Super Bowls on Wikipedia. Each one supports my hypothesis, though some more obviously than others.
First, a quick overview of the types of scoring we see.
Two-Point Conversions (±1 point) -- In some cases a team will choose to attempt a two-point conversion instead of kicking the extra point for a touchdown. This essentially amounts to gambling a point since the kick is almost never missed. In most games no team will attempt a two-point conversion, though in some games they will be attempted several times. According to Wikipedia, these succeed about half the time.
Field Goal (3 points) -- If a drive is unsuccessful at reaching the end zone for a touch down, the team can choose to kick a field goal instead. The kick takes place from the current field position, so the rate of success of the field goal depends on the penetration of the drive into opposition territory.
Safety (2 points) -- Sometimes the team in possession of the ball will be driven backwards and tackled in their own end zone. In this case the defense is awarded two points. This almost never happens.
It was my hypothesis that seven points, being more than double three points, might as well be infinitely more. In order to make up a deficit of a single touchdown, a team has to attain a three field goal surplus, or two field goals plus a successful two-point conversion. Since possession changes hands after each scoring event (meaning that the team that's behind must also prevent the other team from scoring on multiple drives) this seems unlikely to happen.
In thirteen of the past twenty Super Bowls, one team has scored more touchdowns. All thirteen of those teams have won.
In six of the remaining seven, the teams have earned the same number of touchdowns, but one team has had more field goals. The team with more field goals has won all five of these. There was a safety and a two-point conversion attempt here and there, but none changed the outcome of the game.
The final game was the 2004 Super Bowl, in which the Panthers and the Patriots each scored four touchdowns and a single field goal. The Panthers attempted a pair of two-point conversions, failing both; the Patriots attempted only one and got it.
The same winners would result in each case if, for example, touchdowns were worth ten points, safeties and field goals were worth a point each, and after each touchdown a team had the option of wagering a single point on a conversion.
This would perhaps be less of a tease on the viewer, who can no longer reasonably imagine that you can make up a touchdown deficit, but my (admittedly small) sample does not show that the outcomes of games would change. I do not intend to continue researching this topic, but would be interested to hear of a game that defies this rule.
EDIT: Alex found an easily-processed play-by-play list of every football game played in the NFL since 2002 on http://www.advancednflstats.com/. More thorough analysis will follow but our preliminary estimate is that field goals matter in about 5% of games (one in twenty). This holds up pretty well for each of the past ten years. We are not able to comment on years before 2002.
I of course am speaking only from a practical reading of games that have happened in the past. I'm sure having field goals be worth almost half of a touchdown makes them feel relevant while watching a game. I'm sure it's exciting to imagine catching up to a touchdown incrementally through field goals and conversions.
But it doesn't happen.
Without a good way of accessing game history data I was limited by my patience in looking up final game scores and, more importantly, the scoring patterns that make them up. I ended up looking up the past twenty Super Bowls on Wikipedia. Each one supports my hypothesis, though some more obviously than others.
First, a quick overview of the types of scoring we see.
Touchdowns (7 points) -- These make up by far the bulk of points scored in Super Bowls. A touchdown is achieved by running the ball to the end zone or throwing it to a receiver there. Strictly speaking a touchdown is worth only six points, the seventh being a kick through the goalpost immediately following the touchdown. |
One million points to Gryffindor! |
Two-Point Conversions (±1 point) -- In some cases a team will choose to attempt a two-point conversion instead of kicking the extra point for a touchdown. This essentially amounts to gambling a point since the kick is almost never missed. In most games no team will attempt a two-point conversion, though in some games they will be attempted several times. According to Wikipedia, these succeed about half the time.
Field Goal (3 points) -- If a drive is unsuccessful at reaching the end zone for a touch down, the team can choose to kick a field goal instead. The kick takes place from the current field position, so the rate of success of the field goal depends on the penetration of the drive into opposition territory.
Safety (2 points) -- Sometimes the team in possession of the ball will be driven backwards and tackled in their own end zone. In this case the defense is awarded two points. This almost never happens.
It was my hypothesis that seven points, being more than double three points, might as well be infinitely more. In order to make up a deficit of a single touchdown, a team has to attain a three field goal surplus, or two field goals plus a successful two-point conversion. Since possession changes hands after each scoring event (meaning that the team that's behind must also prevent the other team from scoring on multiple drives) this seems unlikely to happen.
Don't bother, kid. | It turns out that this is true; touchdowns seem to always determine the winner of the game, with all other scoring methods being only important as tiebreakers. It doesn't even really matter how exactly we rate conversions, field goals, and safeties with regard to one another. From the past twenty Super Bowls, we see the following: |
In thirteen of the past twenty Super Bowls, one team has scored more touchdowns. All thirteen of those teams have won.
In six of the remaining seven, the teams have earned the same number of touchdowns, but one team has had more field goals. The team with more field goals has won all five of these. There was a safety and a two-point conversion attempt here and there, but none changed the outcome of the game.
The final game was the 2004 Super Bowl, in which the Panthers and the Patriots each scored four touchdowns and a single field goal. The Panthers attempted a pair of two-point conversions, failing both; the Patriots attempted only one and got it.
The same winners would result in each case if, for example, touchdowns were worth ten points, safeties and field goals were worth a point each, and after each touchdown a team had the option of wagering a single point on a conversion.
This would perhaps be less of a tease on the viewer, who can no longer reasonably imagine that you can make up a touchdown deficit, but my (admittedly small) sample does not show that the outcomes of games would change. I do not intend to continue researching this topic, but would be interested to hear of a game that defies this rule.
EDIT: Alex found an easily-processed play-by-play list of every football game played in the NFL since 2002 on http://www.advancednflstats.com/. More thorough analysis will follow but our preliminary estimate is that field goals matter in about 5% of games (one in twenty). This holds up pretty well for each of the past ten years. We are not able to comment on years before 2002.
Wednesday, May 30, 2012
Personal Identification
Identity is so crucially important to our society that it's surprising we haven't come up with a better way to handle it. Current systems are awkward while existing technology could offer a dramatic increase in security and cleanliness.
Let's start with computers. Each person has usernames and passwords -- sometimes dozens of each. Usernames must be unique to the user. Passwords must be gibberish according to whatever standards the website chooses to require (mix of capital and lowercase letters, must have numbers, must/must not have special characters). Security is decreased if the same passwords are used on multiple websites, and some mandate that passwords be changed periodically.
Some websites (Facebook, for example) conveniently allow you to use your email address as a username in order to decrease by one the number of strings you need to remember. The browser can do some of the work as well by remembering information. But these just mitigate a few problems in a system which fits our needs in the most basic way possible.
Because passwords can so easily be forgotten the system necessarily includes a way for people to prove their identities through "security questions" and social security numbers. Unfortunately those questions rely on information which isn't really a secret -- with a little knowledge about someone even their social security number can often be guessed.
Humans are uniquely identified in enough natural ways that we shouldn't need to rely on artificial means such as usernames and passwords. Voice patterns, signature dynamics, fingerprints, and retinal blood flow patterns are all unique identifiers but even a photograph of your face will get very close to unique identification. Some of these can be forged (for example your voice can be recorded) but a combination of several identifiers quickly becomes harder to hack than a text password.
Furthermore, it is increasingly common to see webcams and microphones built right in to monitors, laptops, phones, and tablets. If you're online, odds are that the device you're using has all the hardware it needs to verify your identity. Analysis of a voice is easy enough, as is taking a picture of a face or an eye. Signature dynamics could certainly be captured on a touch screen (and note that smartphones and tablets are a rapidly growing share of the computing market). And fingerprint scanners can already be built into laptops or even USB sticks.
You may be concerned that this essentially amounts to using the same login information everywhere -- one sketchy website and suddenly your bank accounts are empty. There are several ways around this problem.
One solution is to have a different phrase for each website. Since your voice is the identifier this does not need to be a secret (that is, forgettable) password; to log in to Google you could say "Google." This means that even if your voice is lifted by www.stealmycash.com, they haven't got enough information to log in anywhere else. This only works to a certain extent, though, as with enough samples they can interpolate your entire voice (as was done for the hologram Tupac).
The more secure option is to have verification done by a central authority, something like an OpenID. Rather than logging in with each website individually, you hit the "Log in with Google" button and let Google, which you trust, handle the verification.
Of course there's no way to make it completely foolproof -- identity theft will always exist -- but to me it seems that the entire premise of a login could be significantly more convenient and intuitive without losing security.
Real life presents a similar situation. Just about everything you carry on your person serves the same purpose. Your drivers license, passport, credit cards, bus pass, and even keys have no function other than to explain who you are in a very specialized way. Replacing all of these with visual, auditory, or fingerprint identification is perhaps unrealistic, at least in the foreseeable future. Airports and other large establishments certainly have the resources to implement fingerprint or voice recognition software but mom and pop shops may not have the means to acquire so much new hardware. At the very least, however, we can do some consolidating.
For example, it would be logistically trivial to combine your drivers license and passport into a single card and eliminate the booklet altogether. In fact passport cards already exist, though they are not approved for air travel (this is a bureaucratic problem, not a technological one I'm sure).
Any sort of membership card or pass can easily be added as well, since this passport/license both uniquely identifies you and contains an RFID chip; any door that could be opened with your work ID can be programmed to accept your passport code instead.
RFID credit cards exist as well, though there are concerns over security. But whether or not the RFID technology is linked to financial information, it's increasingly the case that no more than one card is necessary to access your money (and why not combine that into your passport as well?).
Banks already allow you to set up default accounts; my old check card was linked to two checking accounts and a savings account. At the ATM I was able to specify where I wanted a withdrawal to come from and online I set one account to be the default that would be accessed when the card was swiped. A credit line could in principle also have been added to that card, even multiple lines, with no additional problem.
And online settings could even allow conditional default accounts; it would not be complicated to set it up so that making an airline purchase would automatically be charged to your SkyMiles card while groceries would go on your other card which gives better rewards for those.
This could even be done across multiple banks!
These specific options are not available but the technology to implement them is. None of this is more complicated than moving money between accounts, which can already be done online in real time.
As with any credit card/passport/identification, this super-card is not something that you would want stolen. A giant picture on the front of the card can impede fraudulent use. And as long as we're making use of technology we might as well include a GPS chip small enough to fit within the card.
(If this is getting a little too Orwellian for you, keep in mind that you probably already have GPS functionality in your phone.)
Of course the most secure solution would just be to eliminate the card entirely in favor of something which cannot be lost, such as an RFID implant (not so different from what they use in animals). This of course requires RFID readers anywhere you need to use your credit card, though in principle that's no different from a card scanner. The final step would be one past that where you actually use biometric identification everywhere, not just online; the hangup here is that it requires the distribution of a LOT of hardware.
Let's start with computers. Each person has usernames and passwords -- sometimes dozens of each. Usernames must be unique to the user. Passwords must be gibberish according to whatever standards the website chooses to require (mix of capital and lowercase letters, must have numbers, must/must not have special characters). Security is decreased if the same passwords are used on multiple websites, and some mandate that passwords be changed periodically.
Some websites (Facebook, for example) conveniently allow you to use your email address as a username in order to decrease by one the number of strings you need to remember. The browser can do some of the work as well by remembering information. But these just mitigate a few problems in a system which fits our needs in the most basic way possible.
Because passwords can so easily be forgotten the system necessarily includes a way for people to prove their identities through "security questions" and social security numbers. Unfortunately those questions rely on information which isn't really a secret -- with a little knowledge about someone even their social security number can often be guessed.
Humans are uniquely identified in enough natural ways that we shouldn't need to rely on artificial means such as usernames and passwords. Voice patterns, signature dynamics, fingerprints, and retinal blood flow patterns are all unique identifiers but even a photograph of your face will get very close to unique identification. Some of these can be forged (for example your voice can be recorded) but a combination of several identifiers quickly becomes harder to hack than a text password.
Furthermore, it is increasingly common to see webcams and microphones built right in to monitors, laptops, phones, and tablets. If you're online, odds are that the device you're using has all the hardware it needs to verify your identity. Analysis of a voice is easy enough, as is taking a picture of a face or an eye. Signature dynamics could certainly be captured on a touch screen (and note that smartphones and tablets are a rapidly growing share of the computing market). And fingerprint scanners can already be built into laptops or even USB sticks.
You may be concerned that this essentially amounts to using the same login information everywhere -- one sketchy website and suddenly your bank accounts are empty. There are several ways around this problem.
One solution is to have a different phrase for each website. Since your voice is the identifier this does not need to be a secret (that is, forgettable) password; to log in to Google you could say "Google." This means that even if your voice is lifted by www.stealmycash.com, they haven't got enough information to log in anywhere else. This only works to a certain extent, though, as with enough samples they can interpolate your entire voice (as was done for the hologram Tupac).
The more secure option is to have verification done by a central authority, something like an OpenID. Rather than logging in with each website individually, you hit the "Log in with Google" button and let Google, which you trust, handle the verification.
Of course there's no way to make it completely foolproof -- identity theft will always exist -- but to me it seems that the entire premise of a login could be significantly more convenient and intuitive without losing security.
Real life presents a similar situation. Just about everything you carry on your person serves the same purpose. Your drivers license, passport, credit cards, bus pass, and even keys have no function other than to explain who you are in a very specialized way. Replacing all of these with visual, auditory, or fingerprint identification is perhaps unrealistic, at least in the foreseeable future. Airports and other large establishments certainly have the resources to implement fingerprint or voice recognition software but mom and pop shops may not have the means to acquire so much new hardware. At the very least, however, we can do some consolidating.
For example, it would be logistically trivial to combine your drivers license and passport into a single card and eliminate the booklet altogether. In fact passport cards already exist, though they are not approved for air travel (this is a bureaucratic problem, not a technological one I'm sure).
Any sort of membership card or pass can easily be added as well, since this passport/license both uniquely identifies you and contains an RFID chip; any door that could be opened with your work ID can be programmed to accept your passport code instead.
RFID credit cards exist as well, though there are concerns over security. But whether or not the RFID technology is linked to financial information, it's increasingly the case that no more than one card is necessary to access your money (and why not combine that into your passport as well?).
Banks already allow you to set up default accounts; my old check card was linked to two checking accounts and a savings account. At the ATM I was able to specify where I wanted a withdrawal to come from and online I set one account to be the default that would be accessed when the card was swiped. A credit line could in principle also have been added to that card, even multiple lines, with no additional problem.
And online settings could even allow conditional default accounts; it would not be complicated to set it up so that making an airline purchase would automatically be charged to your SkyMiles card while groceries would go on your other card which gives better rewards for those.
This could even be done across multiple banks!
These specific options are not available but the technology to implement them is. None of this is more complicated than moving money between accounts, which can already be done online in real time.
As with any credit card/passport/identification, this super-card is not something that you would want stolen. A giant picture on the front of the card can impede fraudulent use. And as long as we're making use of technology we might as well include a GPS chip small enough to fit within the card.
(If this is getting a little too Orwellian for you, keep in mind that you probably already have GPS functionality in your phone.)
Of course the most secure solution would just be to eliminate the card entirely in favor of something which cannot be lost, such as an RFID implant (not so different from what they use in animals). This of course requires RFID readers anywhere you need to use your credit card, though in principle that's no different from a card scanner. The final step would be one past that where you actually use biometric identification everywhere, not just online; the hangup here is that it requires the distribution of a LOT of hardware.
Tuesday, May 29, 2012
Sangria
Rather than have two blogs I'm absorbing Cooking with Charles into Thinking with Charles. This blog exists for me to write about whatever. Sometimes I want to write about food, but probably not often enough to maintain an additional space to do so. You'll also notice that old Cooking with Charles posts have been imported here.
One of my goals for this summer is to figure out how to make a good sangria. I perused several recipes online until I found one I liked the look of, though I did not adhere to it particularly closely. Here's the recipe I used, which is a half batch due to the size of my pitcher. To use the whole bottle of wine, double this.
As the recipe recommends, I let the fruit and sugar sit in the rum and triple sec for a few hours before adding the wine. I mad to mush the fruit down a little bit to get it all to be covered. Before serving I poured in the wine and stirred it up. I did not serve it over ice, though all of the ingredients were cold.
When I fished out a piece of pear later in the evening it wasn't particularly boozy so I don't know that letting the fruit sit in the rum had much of an effect. In the future I'll probably just combine all of the ingredients at the same time then let it sit for at least an afternoon, maybe overnight, to really let the flavors blend.
I used the sugar because it appears in most recipes but I don't think it belongs. Most of it did not even dissolve (you can see it at the bottom of the pitcher) but the drink was plenty sweet. It's hard to tell how sweet it would have been had I followed the recipe more closely; I left out the orange juice but did use triple sec which is very sweet.
This drink was good, but I intend to experiment more with sangrias this summer to really get a feel for them. There are a lot of potential ingredients -- fruits, beverages, herbs, and so on -- to try out. At the very least I'd like to have in my repertoire a good recipe for red wine and another for white.
UPDATE: After drinking the first batch (short work with so many helpers) I repeated this with the second half of the bottle. I used the same recipe, minus the sugar, and reused the same fruit. All ingredients were added at once. The mix sat in the fridge for about 24 hours before being tasted. The sangria itself was about the same -- still plenty sweet -- and the pear chunks were very boozy and delicious.
One of my goals for this summer is to figure out how to make a good sangria. I perused several recipes online until I found one I liked the look of, though I did not adhere to it particularly closely. Here's the recipe I used, which is a half batch due to the size of my pitcher. To use the whole bottle of wine, double this.
|
As the recipe recommends, I let the fruit and sugar sit in the rum and triple sec for a few hours before adding the wine. I mad to mush the fruit down a little bit to get it all to be covered. Before serving I poured in the wine and stirred it up. I did not serve it over ice, though all of the ingredients were cold.
When I fished out a piece of pear later in the evening it wasn't particularly boozy so I don't know that letting the fruit sit in the rum had much of an effect. In the future I'll probably just combine all of the ingredients at the same time then let it sit for at least an afternoon, maybe overnight, to really let the flavors blend.
I used the sugar because it appears in most recipes but I don't think it belongs. Most of it did not even dissolve (you can see it at the bottom of the pitcher) but the drink was plenty sweet. It's hard to tell how sweet it would have been had I followed the recipe more closely; I left out the orange juice but did use triple sec which is very sweet.
This drink was good, but I intend to experiment more with sangrias this summer to really get a feel for them. There are a lot of potential ingredients -- fruits, beverages, herbs, and so on -- to try out. At the very least I'd like to have in my repertoire a good recipe for red wine and another for white.
UPDATE: After drinking the first batch (short work with so many helpers) I repeated this with the second half of the bottle. I used the same recipe, minus the sugar, and reused the same fruit. All ingredients were added at once. The mix sat in the fridge for about 24 hours before being tasted. The sangria itself was about the same -- still plenty sweet -- and the pear chunks were very boozy and delicious.
Wednesday, April 11, 2012
A Break
All,
I'm taking a break from blogging to take my preliminary oral exams. I need to write a paper, put together a talk, and study furiously in preparation for getting grilled by four professors for two hours about any physics they feel like asking me about.
Expect updates to resume soon after May 3rd.
Thanks for reading!
Charles
I'm taking a break from blogging to take my preliminary oral exams. I need to write a paper, put together a talk, and study furiously in preparation for getting grilled by four professors for two hours about any physics they feel like asking me about.
Expect updates to resume soon after May 3rd.
Thanks for reading!
Charles
Subscribe to:
Posts (Atom)