tag:blogger.com,1999:blog-242638982024-03-13T19:12:00.887+00:00It hurts to not breatheBecause you can't get enough self-indulgence from social mediaI really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.comBlogger74125tag:blogger.com,1999:blog-24263898.post-38971365225799087872018-02-10T21:20:00.001+00:002018-02-10T21:28:56.261+00:00Failure recoveryI've been categorizing distributed system designs into four groups, according to how they recover from the loss of a single critical element (e.g. a piece of server hardware). Recently I realized that there's a fifth category, perhaps more popular than the other four.<br />
<h3>
Fault Tolerance</h3>
<div>
Element deaths and slow responses are expected and tolerated 100% of the time, with no noticeable degradation of service when a single failure happens. Examples: <a href="https://en.wikipedia.org/wiki/Air_data_inertial_reference_unit">ADIRS</a>, <a href="http://www.bailis.org/blog/doing-redundant-work-to-speed-up-distributed-queries/">rpc hedging</a>.</div>
<h3>
High Availability</h3>
<div>
Loss of an element provokes the automatic withdrawal of the dead element from service. Clients which were talking to the now-dead element automatically recover (either by fast keepalive timeout or asynchronous notification), and they replay the lost requests to other in-service elements. Non-idempotent requests are handled correctly, though it takes extra time to ensure that they are not committed twice. The loss of a single service element cannot, on its own, cause the loss of any request. However, significant performance degradation can attend the recovery. Examples: DNS, <a href="https://github.com/prometheus/alertmanager#high-availability">Alertmanager</a>.</div>
<h3>
Failover</h3>
<div>
Loss of an element automatically triggers the withdrawal of the dead element from service, including the promotion of hot standby elements to serving where necessary to restore service. In-flight requests are lost, and some clients may experience full timeouts and errors. Examples: <a href="https://mariadb.com/database/topics/high-availability">MariaDB</a>/<a href="https://www.postgresql.org/docs/9.5/static/high-availability.html">PostgreSQL</a> "high availability", <a href="https://www.nginx.com/products/nginx/high-availability/">NGINX Plus</a> "high availability".</div>
<h3>
Disaster Recovery</h3>
<div>
Loss of an element leads to an urgent automated alert, but no recovery of service happens until a human approves it. The service is partially unavailable until the recovery happens. Examples: NFS, DRBD.</div>
<h3>
Dunning-Kruger Mode</h3>
<div>
Loss of an element leads to an urgent automated alert, but no recovery of service happens until a human figures out how to rebuild the system from scratch. The service is partially unavailable for the next couple of weeks, as service users gradually ask what happened to functionality they had come to rely on. Examples: your email server, your source code repository, your SSO server...</div>
I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-67041100703453989422011-09-02T05:44:00.000+01:002011-09-02T05:44:54.371+01:00Vernor v. Autodesk (or This Car Is Licensed Not Sold)<p><i>Vernor v. Autodesk</i> is an interesting case, but it probably won't be as catastrophic as the EFF <a href="http://www.eff.org/cases/vernor-v-autodesk">makes it seem</a>, unless the US Supreme Court somehow makes it worse.</p>
<p>For many years, software publishers have been trying to impose licence terms on unwilling users.
A relatively recent wheeze is to include a term stating that the user gives up ownership of the software copy entirely and becomes a mere licensee.
The publisher includes this term in the hope of annulling the user's rights as a lawful owner of the copy.
Those rights include the right to run the software (the <b>essential step defence</b>) and the right to sell the software (the <b>first sale doctrine</b>).</p>
<p>But how can publishers force users to agree to license terms that take away their rights and give nothing in return?
In the US, the judgement in <a href="http://soldnotlicensed.blogspot.com/2008/01/procd-in-depth.html"><i>ProCD v. Zeidenberg</i></a> created a legal rule which says that you <em>automatically agree</em> to the shrink-wrap licence terms whenever you don't attempt to return the copy for a refund.
Since that piece of dodgy reasoning is still the law in the US, I recommend attempting to return every piece of software that you buy in the US (after opening it to ensure that the attempt will fail, of course).
This is a good time to point out that I am not a lawyer.</p>
<p>The case of <i>Vernor v. Autodesk</i> hinges on the question of whether Autodesk's customer (CTA) was a copy owner or a mere licensee.
However, it's completely clear to me that CTA agreed to a licensing term that attempted to deprive CTA of any ownership of the software copies.
The US Court of Appeals said that CTA positively agreed to the licence (as part of a settlement with Autodesk), and later agreed to destroy the software copy (as part of a discounted upgrade deal), and that these facts are <q>not in dispute</q>.</p>
<p>So, it seems to me that the <em>Vernor</em> case is distinguishable from the usual shrink-wrap scenario, where you buy the software and then install and run it using your authority as property owner, without agreeing to any licence terms.</p>
<p>But I could be wrong.
Somewhat disturbingly, the judgement of the Court of Appeals concerns itself mainly with <a href="http://soldnotlicensed.blogspot.com/2010/09/vernor-v-autodesk-three-pronged.html">the criteria for deciding whether a licence successfully denies ownership to the purchaser</a>.
This makes it arguable that the real precedent set by the case is validating the publisher's trick of using <q>magic words</q> to revoke the rights of users, if they can only convince those users to actually agree to the license terms.</p>
<p>And so to the car industry.
Car manufacturers would <i>love</i> to kill off the second-hand market, for the simple reason that the supply of second-hand cars drives down the price of new cars.
If they simply switch to a model where car buyers must enter a restrictive contract before taking possession, then the manufacturers can retain ownership of their cars and rely on the <i>Vernor</i> judgement to prohibit second-hand sales.
If it won't work for the cars themselves, then it will work for the software embedded in the cars.</p>
<p>I sincerely hope the car companies try this.
It would outrage enough people that Congress might actually legislate to fix the problem.</p>
I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-37232127737273619152011-06-15T00:17:00.000+01:002011-06-15T00:17:16.798+01:00Loophole Watch: Remove Battery, Defeat Clampers<p>Giant disclaimer: I Am Not A Lawyer.</p>
<p>If you park illegally in Ireland, you're likely to be clamped by people who are <q>authorised persons</q> under section 101B of the Road Traffic Act, 1961.</p>
<p>That section says (emphasis is mine):</p>
<blockquote>
<ol style="list-style-type: decimal">
<li>In this section [...] ‘<b>vehicle</b>’ means a <em>mechanically propelled vehicle</em>.</li>
<li>Where an authorised person finds on a public road a <b>vehicle</b> that is parked in contravention of [parking by-laws], he or a person acting under his direction may [...] fix an immobilisation device to the vehicle while it remains in the place where he finds it, or [move it and then clamp it].</li>
</ol>
</blockquote>
<p>However, the phrase <cite>mechanically propelled vehicle</cite> (which normally includes your car) has a special exception given in section 3(2) (inserted by <a href="http://www.irishstatutebook.ie/2010/en/act/pub/0025/sec0072.html#sec72">s. 72 of the Road Traffic Act, 2010</a>):</p>
<blockquote>
<p>Where a vehicle, which, apart from this subsection, would be a mechanically propelled vehicle, stands so substantially disabled (either through collision, breakdown or the <em>removal of the engine or other such vital part</em>) as to be no longer capable of being propelled mechanically, it shall be regarded—</p>
<ol style="list-style-type: lower-latin">
<li>for the purposes of the Road Traffic Acts 1961 to 2010, if it is disabled through collision, as continuing to be a mechanically propelled vehicle, and</li>
<li>for all other purposes of this Act as <em>not being a mechanically propelled vehicle</em>.</li>
</ol>
</blockquote>
<p>When you put this together, it seems to mean that if you take the battery out of your car, it no longer counts as a mechanically propelled vehicle for the purposes of the Road Traffic Act, 1961, and so it can't be legally clamped.</p>
<p>But I'm not going to try it with my car.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-49532258657995578612011-06-08T19:07:00.003+01:002011-06-08T19:38:24.070+01:00What I Did On World IPv6 DayMostly, I cursed Vodafone (my mobile Internet provider).
First, they blackholed <a href="http://en.wikipedia.org/wiki/6to4">6to4</a> traffic, so the default strategy used by Microsoft Windows Vista reliably timed out.
Second, they suffered 100% packet loss on IPv4 packets through their network. Actually, they did appear to work on this. Traffic to 8.8.4.4 and 8.8.8.8 came back first, then traffic to www.google.com. At 1600Z (two-thirds of the way through World IPv6 Day) IPv4 service was restored.
Third, they use 192.168/16 addresses for their network routers, which should have been a big clue about why IPv6 deployment should be a priority.
Fourth, they drop ICMP, making ping and traceroute useless for customers.
Fifth, they failed to communicate any of this to their customers. Their <a href="http://forum.vodafone.ie/index.php?/forum/8-mobile-broadband/">user forum</a> is the closest thing they have to a dialogue with their customers, and there's nothing that says "we know about this, don't call".
Sixth, they don't answer the phone when you call. I think they might be busy dealing with other unhappy users.
That's 6 ways to fail at IPv6. Thanks, Vodafone. If you can't be a good example, you'll just have to serve as a horrible warning (as Catherine Aird said).I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-75137960642786775762011-03-14T20:05:00.005+00:002011-03-14T22:50:30.167+00:00Notes on Lessons from Chile<p>I attended this morning's Grattan Lecture on the Chilean Fiscal Framework,
delivered by Dr. Andrés Velasco.
The lecture started at 8:30 in the morning and they weren't kidding, so I
missed the first half hour.</p>
<p>Chile has privatised pensions, but there is a public safety net to
supplement very low pension payments.
This means there is no "pay as you go" dynamic [usually referred to here as
the "pensions time bomb"].</p>
<p>In what Chile calls the Structural Balance Approach, a fiscal council
constructs a long-term model for the economy that can be used to predict
future GDP growth trends.
The council examines trends in basic economic drivers (such as the price of
copper) to come up with that model.
They then apply cyclical adjustment methodology close to the OECD
procedure.</p>
<p>The council needs to be independent of the political government.</p>
<p>The council is divided into groups: one group produces estimates of copper
futures, another group does GDP growth.
The output of each group goes into "the blender" to produce estimates of state
revenues.</p>
<p><var>X</var>% of GDP is subtracted as a safety buffer.
<var>X</var> was 1 initially, but then government debt hit zero and the
government was still accumulating assets, so X was revised to 0.</p>
<p>In 2001, the government adopted this arrangement as policy without any
legal obligation.
In 2006, the Fiscal Responsibility Law gave a statutory basis to it, but it
didn't nail down the predictive methodology or the economic targets used.</p>
<p>Initially, copper prices were low and so the council recommended deficits,
which were warmly welcomed by the politicians.
But soon copper prices rose and the fiscal council started demanding surpluses
(i.e. spending cuts), which wasn't so popular at all.</p>
<p>The Fiscal Responsibility Law said that surplus funds must be divided as
follows:</p>
<ul>
<li>Between 0.2% and 0.5% of GDP goes into pension reserves;</li>
<li>0.5% of GDP goes into recapitalising the Central Bank; and</li>
<li>The rest goes into the Stabilisation Fund (explained later).</li>
</ul>
<p>It's important to prepare the politicians and the public for the large
surpluses that this scheme can produce.
They reached 8% of GDP in Chile and they threatened to go higher.
The Minister for Finance (Dr. Velasco) was "the most widely hated person in
the country".
Effigies of him were frequently burned.
He often appeared on morning TV, taking 30-second slots between the aerobics
and the cookery, to explain it.
He learned to explain it like this: "We're doing what you do at home: saving
money aside for a rainy day."
The operation of the Fiscal Responsibility Law was "very controversial stuff".</p>
<p>The 2009 budget followed the crash, and it turned an 8% surplus into a 4%
deficit.
However, the 2009 budget was successful at turning the economy around.
The 2010 budget was balanced.</p>
<p>Chile's net public debt was 40% of GDP in 1991.
By 2006 it had been reduced to zero.</p>
<p>The government must be willing to live with the political pressure to
increase spending during the boom years.
The Stabilization Fund reached its maximum size (US$20 billion, or 11% of GDP)
in January 2009.
Dealing with the crisis involved drawing US$8 billion from the fund.</p>
<p>Chile's output stability (roughly the standard deviation of the economic
output, reckoned over a reference period of about a decade) fell dramatically
over the years.
Chile's ability to cushion changes in the "real exchange rate" [something to
do with trade imbalances, I think] was the subject of a graph.
The real exchange rate was a damped oscillation, converging on its long-term
average.</p>
<p>The January 2009 stimulus package amounted to 2.8% of GDP and it consisted
of infrastructure investment, extra support for poorer households, and
<em>temporary</em> tax cuts.</p>
<p>An odd scatterplot rated several countries on two axes: the size of their
interest rate adjustments versus the size (in US$) of their fiscal stimulus
packages.
Most countries were bunched together in the low-size area, and a few countries
with small fiscal adjustments had high interest rate adjustments, but Chile
was the only country on the graph with both a high fiscal response and a high
monetary response.
[I suppose this indicates that Chile's Stabilization Fund gave it the freedom
to deal with the crisis by virtue of having more than enough resources on
standby.]</p>
<p>To make the rules optimal, there are four main questions:</p>
<ol>
<li><p>What to correct for?</p>
<p>Chile's two criteria were GDP growth and copper.
Dr. Velasco would have liked to include the real exchange rate and the stock
of government assets, but they were excluded in order to keep the criteria
simple to understand.
"You want the rule to be something a taxi driver can understand."
Also excluded were: expenditure-led activity, sectoral booms, and movements in
asset prices.
Essentially, you should distinguish permanent from temporary income.
For Ireland, you should also exclude revenue driven by the cycle, such as VAT
returns.</p></li>
<li><p>Cyclical adjustments should be getting you close to Milton Friedman's
<a href="http://econpapers.repec.org/RePEc:nbr:nberch:4405">Permanent Income Hypothesis</a> (PIH).</p>
<p>There were big fights over how the adjustments' effects should be accounted
for in the fiscal rules.
The adjustments <em>must</em> be temporary.
Chile's law dictated that the stimulus tax cuts must be temporary.
Otherwise there would have been huge pressure to keep the tax low after the
crisis was over.</p></li>
<li><p>Degree of counter-cyclicality</p>
<p><a href="http://www.bcentral.cl/eng/conferences-seminars/annual-conferences/2010/Engel.pdf" type="application/pdf">Engel, Neilson and Valdés (2010)</a> studied this.
You need a "switching regime" to decide when to switch from the counter-boom
strategy to the counter-bust strategy and vice versa.
The challenges here are simplicity (the taxi-driver standard) and legitimacy
(meaning free from political interference).</p></li>
<li><p><i xml:lang="la">Ex ante</i> versus <i xml:lang="la">ex post</i>
conflict</p>
<p>Fiscal targets (<i xml:lang="la">Ex ante</i>) are never going to exactly
match the actual outcomes (<i xml:lang="la">ex post</i>).
There are too many significant variables to be able to predict things exactly.
It's necessary to fudge the predictions just like central banks do with
inflation figures.
That is, specify a range of values for the target, and a range of time in
which the target can be met.
Alternatively, you can let a (non-political) fiscal council decide to activate
an escape clause in order to meet unexpected external crises.</p></li>
</ol>
<p>Finally, he offered two caveats about the whole approach.
Legislating it is not enough; it must be seen as politically legitimate.
There are a lot of variables in how to do it, and we could really use
experience from trying the approach in more countries.</p>
<p>In answer to questions from the floor, he pointed out that he was appointed
to the Minister for Finance position from outside the electoral system (it's a
presidential system), so he didn't have to face angry voters on election
day.
He also said that the biggest fight was in September 2006 when the proposed
budget contained a surplus of 5%.</p>
<p>So there we go.
This was a very interesting lecture on its own merits, but I was struck by one
thing.
Here was a politician from a far-away, non-English-speaking country who didn't
have to collect popular votes to be elected; and he was far more eloquent,
more relaxed and more organised in his address than any of the 165
recently-elected TDs.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-38502132075919046002011-03-14T18:02:00.004+00:002011-03-14T19:59:28.120+00:003D Secure coming to Bank of Ireland credit cards<p>My credit card statement warned me today that</p>
<blockquote><p><span style="font-family:arial;">3D Secure is launching at the end of March. This free, automatic online security service will make spending online safer than ever!</span></p></blockquote>
<p>The <a href="http://www.anpost.ie/pushtheenvelope">promotional insert</a> contained more reassuring messages:</p>
<ul><li><q>as secure as possible</q></li>
<li><q>verify your identity by answering four questions</q> [name, <a href="http://usa.visa.com/personal/security/visa_security_program/3_digit_security_code.html">CVV2</a>, date of birth and mother's maiden name]</li>
<li><q>we will also display your personal greeting giving you added comfort that it is Bank of Ireland who are asking you to enter your 3D Secure Password</q></li>
</ul>
<p>Of course, from <a href="http://www.lightbluetouchpaper.org/2010/01/26/how-online-card-security-fails/">Murdoch and Anderson's paper</a> we know that 3D Secure is worse than ineffective. So I have questions for Bank of Ireland:</p>
<ol><li>Do the terms and conditions move the burden of losses by fraud onto the cardholder?</li>
<li>Is the Access Control Server outsourced? If so, to whom? What are their practical incentives to maintain high security standards?</li>
<li>What is the official policy on selecting a <abbr title="certificate authority">CA</abbr> for the <abbr title="access control server">ACS</abbr> <abbr title="secure sockets layer">SSL</abbr> certificate? If there isn't one, how can cardholders protect themselves against <a href="http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html">compelled certificate creation attacks</a>?</li>
<li>What will happen if a fraudster with my card details uses the <q>forgot password</q> procedure in an attempt to negate the benefit of 3D Secure? Will I still be stuck with the cost of the fraud?</li>
<li>Can I be authenticated by something better than a password, for example a <a href="http://www.cartes-bancaires.com/spip.php?article79"><abbr title="dynamic data authentication">DDA</abbr></a> card reader?</li>
<li>Can I get an automatic notification every time there is an authentication attempt on my card number?</li>
</ol>
<p>I couldn't find any information about this on <a href="http://www.bankofireland.com/">www.bankofireland.com</a>, so I'll phone them tomorrow and post the result. I'm sure it will be comforting.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-12149060992838383842011-02-20T23:17:00.003+00:002011-02-20T23:28:40.363+00:00Lookalike<p><img src="http://img.thesun.co.uk/multimedia/archive/00372/Vladimir-Putin_280_372413a.jpg" title="Mícheál Martin" width="280" height="390" />
<img src="http://i.ytimg.com/vi/9CINaza20dU/0.jpg" title="Vladimir Putin" width="480" height="360" /></p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-12347534269568742372011-02-03T16:52:00.001+00:002011-02-03T16:54:30.924+00:00IPv4 breathes its lastThe good news: every member of RIPE can get a /22.
The bad news: you'll never get any more IPv4 allocations, ever.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-89345435275761257512011-01-30T16:40:00.021+00:002011-01-30T18:37:50.200+00:00Woodall Free Riding<p>or <span style="font-family:arial;font-size:130%;">How to Cheat in the Irish Election</span></p>
<p>There's a way to exploit a minor security hole in the rules for counting votes in Ireland's general elections. It isn't new but for some reason it isn't fixed. The upshot is that if you know what to do, you can increase your voting power at the expense of some other voter without breaking the law.</p>
<p>It's called <strong>Woodall Free Riding</strong>, and it was discussed in an article by Markus Schulze in <a href="http://www.votingmatters.org.uk/ISSUE18/INDEX.HTM">issue 18 of Voting Matters</a>. It takes advantage of the following simplifications in Ireland's electoral law:</p>
<blockquote><p>Where the votes credited to a candidate deemed to be elected whose surplus is to be transferred consist of original and transferred votes, or of transferred votes only, the returning officer shall examine the papers contained in the <em>sub-parcel last received</em> by that candidate and shall arrange the transferable papers therein in further sub-parcels according to the next available preferences recorded thereon.</p></blockquote><p>(<a href="http://www.irishstatutebook.ie/1992/en/act/pub/0023/sec0121.html#s121_p2">Section 121(3) of the Electoral Act, 1992</a>; my emphasis.)
</p><p>where:</p>
<blockquote><p>“next available preference” means a preference which, in the opinion of the returning officer, is a second or subsequent preference recorded in consecutive order for a continuing candidate, the preferences next in order on the ballot paper for candidates already <em>deemed to be elected</em> or excluded <em>being disregarded</em>;
</p></blockquote>
<p>(<a href="http://www.irishstatutebook.ie/1992/en/act/pub/0023/sec0118.html#s118_p14">Section 118</a> of the same Act; still my emphasis.)</p>
<p>This is unfair in two ways:</p>
<ol><li>When a candidate is elected, the lottery which decides which ballot papers get to be transferred is biased. Only the ballot papers in the last received sub-parcel are considered for transfer. The original ballots, and all previous transfers, are unfairly disqualified from this lottery.</li>
<li>Whenever a ballot is transferred, but the next preference is for a candidate who has already been elected, then fairness demands that the transferred ballot be subjected to the same surplus-lottery as the other ballots for the elected candidate. But in Ireland's rules, the transferring vote moves on to the next preference 100% of the time, at the expense of the ballots that were in the lottery.</li></ol>
<p>How you take advantage of this is simple: you give your #1 preference to a no-hoper, your #2 preference to your real #1, your #3 preference to your real #2, and so on.</p>
<p>Let's say that your real preferred candidate is Bicycle Repair Man, and that your selected no-hoper is Mr. Creosote. If you vote honestly, then Bicycle Repair Man gets your #1. If you engage in free-riding, then Mr. Creosote gets your #1 and Bicycle Repair Man gets your #2. Let's see how this changes the outcome.</p>
<p>First, consider the case where Bicycle Repair Man reaches the quota on the first count. If you vote honestly, your ballot paper has a small chance of being randomly selected for transfer as part of the surplus, but it has a large chance that it will sit idly in the Bicycle Repair Man pile. But if you vote #1 for Mr. Creosote, then your ballot paper will almost certainly transfer when he is eliminated — so you get your favourite guy elected <em>and</em> your vote continues on to your second choice. It's like getting a free extra vote.</p>
<p>The other case is where Bicycle Repair Man fails to reach the quota on the first count. If you vote honestly, then your ballot paper will never transfer anywhere, even if Bicycle Repair Man gets elected through transfers later. But if you vote #1 for Mr. Creosote, then your ballot paper will transfer to Bicycle Repair Man as soon as Mr. Creosote is eliminated. In that case, you're still helping your favourite to get elected, and your ballot paper has a good chance of transferring further (because it's now in Bicycle Repair Man's last received sub-parcel).</p>
<p>There is a small danger with this technique. If too many people pick the same candidate as their no-hoper, he might get elected! Mostly, however, it's worth the risk.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-31905499487770775272010-11-25T16:57:00.002+00:002010-11-25T17:00:29.283+00:00Lame duck modeI'm quitting Google. I have a couple of offers already, but I'm looking for a promising Ireland-based startup that could benefit from having someone like me around. Who wants to interview an ex-SRE?I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-48028704384231577942010-05-08T01:28:00.007+01:002010-05-08T04:12:36.412+01:00The Single Transferable Vote in four easy pieces<p>It wasn't long before pointy-haired talking heads appeared on the BBC to bad-mouth proportional representation. Here's a simple guide to explain proportional representation by the single transferable vote (the style mentioned in the UK Liberal Democrats' manifesto). It assumes that you're already familiar with plurality voting (<q>first past the post</q>) as it's practised in the UK and the USA.</p>
<p>Start with plurality voting. Each voter marks a ballot in support of a candidate, and the candidate with the most ballots wins.</p>
<h4>First reform: If nobody gets 50%, eliminate the bottom candidate and try again.</h4>
<p>If someone gets more than half the vote, they've won.
But what happens when nobody gets there?
In plurality voting, the candidate who's furthest ahead gets elected anyway — this can elect a massively unpopular candidate if the opposition is split among several candidates!
In STV, when nobody gets enough votes to be elected, you eliminate the candidate with the fewest votes.
Then you start all over again as if that candidate hadn't been on the ballot paper.
You can think of this as getting your vote refunded to you so you can cast it again if the election didn't produce a proper result the first time.</p>
<h4>Second reform: Preference voting.</h4>
<p>It would be a major pain if everyone had to keep coming back day after day to vote again as candidates get eliminated.
A much better idea is to get each voter to rank all the candidates in order of preference.
That is, you mark a <b>1</b> (not an X) by the candidate you want to vote for, then you mark <b>2</b> by the candidate you'd vote for if your first preference was eliminated, then mark <b>3</b> by the candidate you'd vote for if 1 & 2 were both eliminated, and so on until you don't care any more.
Now, when a candidate is eliminated, the ballot papers for that candidate can be re-examined so that each one is transferred to the voter's second choice.
This is quick and simple to administer but it relies on voters' ability to write down a sequence of numbers in ascending order — a test failed by about 1% of voters in Ireland in every election.</p>
<p>So far, these two reforms have given us the Alternative Vote system, sometimes called the Instant Runoff Vote system.
It eliminates the need for voters to <q>hold their noses</q> and vote for the lesser of two evils.
Instead, you can cast your first-preference vote for a candidate you genuinely support, and use your second preference to arrange for your vote to transfer to someone who will probably have a chance of being elected.
No more tactical voting, and you don't ever have to worry about wasting your vote on an also-ran.
Now, let's do something about proportional representation.</p>
<h4>Third reform: Multi-member constituencies.</h4>
<p>Plurality voting systems are not proportional because everyone who didn't vote for the winner goes unrepresented in parliament.
With only two parties (or an alternative-vote system) this can be up to 50% of the voters — in the UK, it's usually more.
As a general rule, the more people are unrepresented, the more seats are disproportionately allotted to the larger parties.
In STV, this fraction is kept low by returning 3–5 members of parliament from each constituency.
This limits the unrepresented fraction to 17-25%, which is a great improvement.</p>
<p>To be elected in a 3-member constituency, you need to get over 25% of the vote. In a 4-member constituency, you need over 20%. In a 5-seater, you need more than 16 2/3%.
The formula giving this winning threshold (called the <b>quota</b>) is 100% / (1 + number of seats).
(There are variants that use different formulae, but I'm describing the simple system used in Ireland.)</p>
<p>Now you have several local MPs, and they have to compete with each other for voter approval throughout their term.
They hate this.
It's great.</p>
<h4>Fourth reform: Transfer surplus votes.</h4>
<p>This is the tricky bit.
If a party gets 50% of the vote in a 4-seat constituency, they should win 2 of the seats if the result is to be proportional.
But if one of their candidates gets 45% of the vote and the other gets 5%, it's unlikely that second candidate will get elected.
This needs to be corrected.</p>
<p>The solution is to transfer elected candidates' <b>surplus</b> votes (the extra ones they had after reaching the quota) in the same way that eliminated candidates' votes are transferred.
The trouble is this: which ballot papers get transferred, and which ones don't?</p>
<p>The simplest thing is to pick them randomly: if the quota is 10,000 votes and a candidate gets 12,000 votes, then 2,000 ballot papers are randomly chosen to be the lucky ones that are transferred as the surplus; the unlucky remainder sit out the rest of the election.</p>
<p>The best thing is to apply a fractional <b>discount</b> to the ballot papers and transfer them all.
Using the same numbers, each of the 12,000 ballot papers would be marked (for example, with a sticker) to indicate that each one was worth only 1/6 of a vote, and they would all be transferred.
Together their value is (12,000 × 1/6) votes, which equals 2,000 votes.</p>
<p>(In Ireland, we do something which is neither simple nor right. You probably don't want to know. If you really <i>do</i> want to know, search for <tt>last received subparcel</tt> and <tt>Woodall free riding</tt>.)</p>
<p>Recounting in this system is much simpler than you might imagine.
As the count progresses and votes are transferred and discounted or sampled, the physical ballot papers are bundled and piled separately.
Recounting means checking each bundle to make sure that it contains the number of papers it's supposed to and that it contains no miscategorized ballots — the rest is simple arithmetic.</p>
<p>There is some dispute over what should happen to transferred votes when the next preference is a candidate who has already been elected.
It isn't important which exact system is used so long as those votes don't get a free onward transfer without being subject to the same discounting or random selection that the other ballots for that elected candidate had to suffer.
(Ireland, again, does this wrong.)</p>
<p>One final warning about STV: If you end up with a government who ruins the economy, you can no longer blame your antiquated, easily-abused voting system. There is therefore no easy way to avoid the unpleasant conclusion that you got the government that you deserved, good and hard. Cognitive dissonance will keep people searching for a more palatable explanation, which might not be a healthy one for the nation.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-67814273897362250642010-03-01T06:01:00.003+00:002010-03-01T06:15:58.789+00:00PoS3<p>As an owner of a Sony Playstation 3 console and a user of the Playstation Store, I have recently joined the <q>Registration of the trophy information could not be completed. The game will quit. (8001050F)</q> club.
When this first appeared, the system time reset to Dec 31 and a decade ago.
Now I can't sign in to the Playstation Network or even run Assassin's Creed 2 (a game with no network features).
Sadly, resetting the time manually and trying again didn't fix anything.
Neither did disabling the Internet connection setting.
So it looks like the major symptoms are not causes.
Something else is broken.</p>
<p>The timing (2010/03/01) and the clock-reset have led to widespread speculation that it's a Y2.01K event, which seems plausible.
It's reinforced by the news that this doesn't affect newer ("slim") PS3.</p>
<p>I have a horrible feeling that Sony is trying to put off confirming another rumour: that the clock-reset has tripped a DRM wire, and that the PS3s are now defying their rightful owners in the mistaken belief that we are all freeloaders.
Part of me hopes this is the case, because it will be a large stake in the heart of this trespass-on-owner's-property DRM that has become popular in recent years.
We might even get a judicial precedent out of it.</p>
<p>Another part of me just wishes the best of luck to my unknown colleagues in Sony who are doubtless trying desperately to save the product line. Good luck, guys.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-57135152732344599582009-11-26T22:27:00.004+00:002009-11-26T22:39:00.348+00:00Open link in Google Docs<p>Since hearing about the way to <a href="http://googlesystem.blogspot.com/2009/11/link-to-page-in-googles-document-viewer.html">link to a page in Google's Document Viewer</a>, I've been using it enough that I want a quick way to do it. So I added this to the end of the <code>[Link Popup Menu]</code> section in the <code>menu/standard_menu (1).ini</code> file that Opera created when I <a href="http://my.opera.com/Tamil/blog/edit-menu-setup">made a custom menu setup</a>:</p>
<pre>
Item, "Open link in Google Docs"= Go to page, "http://docs.google.com/viewer?url=%l"
</pre>
<p>Very handy for browsing Government websites, where most of the useful information is hidden inside Word files.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-49160471860744157132009-11-16T00:05:00.006+00:002009-11-16T23:29:04.066+00:00Mark Coughlan on political donations in IrelandThis is a wonderful article, although the content is somewhat sickening. I can add this to my short list of political litmus tests, along with support for the Taoiseach's Eleven (e.g. <a href="http://docs.google.com/viewer?url=http://www.oireachtas.ie/documents/committees29thdail/subcomonseanadreform/Report_on_Reform_of_the_Seanad.pdf#:0.page.46">pages 47-48 of the 2004 Report on Seanad Reform</a>), the <a href="http://docs.google.com/viewer?url=http://debates.oireachtas.ie/Xml/29/DAL20040408.PDF#:0.page.11">Voteless Dáil</a> (moved by Mary Hanafin), and the Unnumbered Envelopes.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-35492528515112590482009-11-11T21:19:00.006+00:002009-11-11T21:53:46.295+00:00Job titles<p>During this morning's Leader's Questions in the Dáil, Éamon Gilmore accidentally coined the fortuitous phrase <dfn>back bensioners</dfn>, a portmanteau of <q>back benchers</q> and <q>pensioners</q>. Sadly, the official transcript only records his immediate correction of <q>back benchers</q>.</p>
<p>In case it isn't obvious: Government back benchers arrive in the Dáil chamber long enough to press a button according to the Chief Whip's direction. Once upon a time they would have insisted that they know what they're voting for, but that's untenable now that the Order of Business routinely include orders to have a single vote on <a href="http://debates.oireachtas.ie/DDebate.aspx?F=DAL20091105.xml&Node=17#N17">whichever amendments a Minister wants</a>.</p>
<p>So, Government backbenchers do no work but they continue to get paid well. Back bensioners indeed.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-54539057254146551612009-09-17T20:45:00.002+01:002009-09-17T20:48:13.223+01:00Simplified Software ProcessAfter I raved a bit about the joy of test-driven development, a coworker pointed me at <a href="http://weblogs.java.net/blog/chet/archive/2008/01/crystal_methodo.html">this tongue-in-cheek review</a>, and I nearly ruined my keyboard when Figure 3 loaded.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-42211795982715810402009-08-25T06:27:00.002+01:002009-08-25T06:54:02.825+01:00Performance-based rewards considered harmful<p>One of this year's <a href="http://www.ted.com/talks">TED talks</a> was seriously counterintuitive but extremely well-founded.
<a href="http://www.ted.com/talks/dan_pink_on_motivation.html">Dan Pink's talk on extrinsic and intrinsic motivation</a> illustrates the scientific conclusions that high financial incentives for success increase the length of time taken to solve a cognitive problem.</p>
<p>The research establishing this result is clearly referenced (<a href="http://scholar.google.com/scholar?as_q=&as_epq=Large+stakes+and+big+mistakes&as_occt=title&as_sauthors=Ariely+Gneezy+Loewenstein+Mazar">“Large stakes and big mistakes”</a> and <a href="http://scholar.google.com/scholar?as_q=&as_epq=Incentives%2C+Decision+Frames%2C+and+Motivation+Crowding+Out&as_occt=title&as_sauthors=Irlenbusch">“Incentives, Decision Frames, and Motivation Crowding Out — An Experimental Investigation”</a>).
The implications are huge: higher bonuses don't lead to higher performance when the problem is nontrivial (don't tell your local bean-counter).
Pink's alternative motivators (autonomy, mastery and purpose) aren't as well-founded, but they have a certain intuitive appeal.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-28274597055712383722009-08-22T20:28:00.003+01:002009-08-22T21:10:10.605+01:00Dutiful plug: Google Code University<p>Google has collected and published a compendium of useful computer science courseware, and given it the slightly dramatic name of <a href="http://code.google.com/edu/">Google Code University</a>.
I normally avoid plugging my employer's various offerings, mainly because there's no way to be unbiased about it.
But after the disappointment of <a href="http://www.ocwconsortium.org/">Open Courseware</a>, this actually looks useful.</p>
<p>(Not that Open Courseware doesn't deliver a lot, by the way.
It just promises far, far more.)</p>
<p><kbd>code.google.com/edu</kbd> seems to have substantial content for each title, and (with the possible exception of the occasional Powerpoint data file) the content looks pretty good.
I'd have found that stuff useful during the summer before I started college.
Even when you correct for the fact that most ef it hadn't been invented way back in 1990.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-79318812509066530542009-08-17T00:14:00.003+01:002009-08-17T01:20:35.824+01:00Socializing the Weather<p>I came back to Ireland from the US in 2000, and was immediately disappointed by the weather service.
I don't mean the perpetual overcast (though I <em>was</em> also disappointed to see I hadn't imagined it after all).
I mean the way Met Éireann tries to sell the forecast information it compiles, in spite of the fact that it is paid by the taxpayer to do its work — it is part of the Department of Environment, Heritage and Local Government.</p>
<p>In the US, the forecasts are similarly funded but then they're made publicly available.
They're on <a href="http://www.weather.gov/forecasts.php">the NOAA website</a>; they're broadcast regularly on <a href="http://www.nws.noaa.gov/nwr/">dedicated radio channels</a>, and (if you're a pilot planning a flight) you can even make a free call to 1-800-WX-BRIEF and get a customized in-person professional weather briefing.
My favourite was the <a href="http://www.erh.noaa.gov/box/discussions.shtml">technical brief</a> which gave fascinating insights into the levels of certainty of the forecast.</p>
<p>Now look at Ireland's <a href="http://www.met.ie/">Met Éireann</a>.
The <a href="http://www.met.ie/forecasts/regional.asp?Prov=Dublin">most detailed forecast</a> available from their website (a site which is useless without Javascript, by the way) is actually less detailed than the text on <a href="http://www.rte.ie/aertel/161-01.html">Aertel page 161</a>.
There's a <a href="http://www.met.ie/about/weatherdial/default.asp">phone service</a> too, but it's a premium-rate telephone number, and I suspect it's a prerecorded message rather than an in-person briefing (and no, I won't pay to find out).
For pilots, there are Self Briefing Units installed at major airports — no trained weather briefers for you, and you're SOL if you want a briefing when not at one of those places.</p>
<p>In the US, this would be a hideously-embarrassing way to run a government service.
It indicates inadequate funding without implying cost controls, and it combines the inefficiency of the government budgetary process with the costs of collecting money from service users and of investing in measures to stop those users getting that service for free.</p>
<p>And it's all for nothing, because the information is quickly exported and aggregated with the free information available in the rest of the world.
A search for <a href="http://www.google.com/search?q=eidw+taf">[eidw taf]</a> (even <a href="http://www.bing.com/search?q=eidw+taf">on the Bing engine</a>) immediately shows links to places like <a href="http://en.allmetsat.com/metar-taf/ireland.php?icao=EIDW">all met sat</a> which not only report the current Terminal Area Forecast, they decode it into English so you don't even need the <a href="http://www.alaska.faa.gov/fai/afss/metar%20taf/mettaf.htm">TAF Decoder Ring</a>.</p>
<p>Ha, ha, etc.</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com2tag:blogger.com,1999:blog-24263898.post-87193076871734742722009-08-10T22:29:00.003+01:002009-08-10T22:54:40.125+01:00Aughts, Teens, Twenties, Thirties, ...<p>It really annoys me to hear people refer to this decade as “the noughties”. Even <a href="http://www.bbc.co.uk/blogs/newsnight/fromthewebteam/2009/08/what_have_the_noughties_done_f.html">the BBC</a>, who should know better.</p>
<p>I recall seeing recorded interviews with some right old codgers who talked about “the aughts” and “the teens”, meaning the first decades of the 20th century. These are good solid woody words. There's no reason to resort to inferior neologisms.</p>
<p>However, by the end of this year, I fully expect to sit nervously twitching as otherwise-sensible people look forward to the Teenies, or the Tenties, or the Naughtiers, or something equally saccharine and unforgiveable.</p>
<p>By the way, if you got here by searching for [<kbd>naughty teens</kbd>], then I'm sorry. As a sort of apology, please accept this link to a popular destination for [<kbd><a href="http://wargle.blogspot.com/2009/04/infantile-coprophagia-and-numerical.html">coprophagia video</a></kbd>].</p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-38575815308035067992009-07-23T13:38:00.002+01:002009-07-23T13:41:49.251+01:00Leaving Cert English selected answers<blockquote><p>The themes in <cite>Macbeth</cite> are juicy and addictive like opal fruits with nicotine.</p></blockquote>
Some of the most appalling prose (and, rarely, some of the most appealing) is making the rounds in the form of the smuggled answers to Leaving Cert English papers from this year.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-10167737507023519442009-01-07T00:49:00.002+00:002009-01-07T01:01:23.063+00:00Plug: a Browser Security HandbookMy employer has published a <a href="http://code.google.com/p/browsersec/wiki/Main">Browser Security Handbook</a> advising authors of web applications about the various security risks involved, a subject that is ridiculously complex.
Yay.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-21124573715650913642008-12-05T20:37:00.005+00:002008-12-09T15:46:05.002+00:00POSIX time_t is not UTC<p>For years, I've been pretending that <code>time_t</code> is a better representation of time than any combination of year, month, day, etc. That's because it's a linear representation of time that can be subjected to arithmetic. In particular, it's monotonically increasing.</p>
<p>Well, that's not true on POSIX systems. On POSIX, time_t is said to be based on UTC, but it ignores leap seconds! Considering that UTC is defined as TAI minus accumulated leap seconds, that's one giant opt-out.</p>
<p>The official line (from SuS v3) on leap seconds is "applications which do care about leap seconds can determine how to handle them in whatever way those applications feel is best". OK, quick question: your application, which cares about leap seconds, calls <code>time()</code> and gets 915148800; what time is it? If you need to know, you're out of luck; compliant POSIX systems stepped their clocks back a second during the leap second. If you have a drug-delivery system that's based on POSIX, don't use it if a second's too much drug will harm the patient.</p>
<p>In fact, POSIX <code>time_t</code> is an encoding of a Gregorian calendar time (year, month, day, hour, minute, second). The POSIX committee considers it more important that <code>time_t</code> is consistent between machines, than that it should be correct. Consequently, the description in the man pages and standards of <code>time_t</code> as "seconds since the Epoch" is a lie.</p>
<p>It violates POSIX to set your system clock to return the actual number of seconds since 1970-01-01T00:00:00Z! Right now (2008-12-05) it should be the number of seconds since 1970-01-01T00:00:23Z; from the start of 2009 it should be the number of seconds since 1970-01-01T00:00:24Z. If you try to use <code>difftime</code> to compare a time from 2008 with a time from 2009, you'll get the right answer minus one.</p>
<p>This is clearly crazy. If you want to ignore leap-seconds, use TAI and accept the drift. If you want to ignore leap-seconds but stay close to UTC, stick to year/month/day/hour/minute/second (i.e. <code>struct tm</code>). If you want accurate intervals and not necessarily accurate calendar times, use a monotonically-increasing count of seconds since some definite time in the past. Unix made its choice clearly and precisely; POSIX is wrong to change it, and STUPID BAD WRONG to change it while pretending it's the same.</p>
<p><i>[Edited: I had the wrong offsets in the fifth paragraph.]</i></p>
<p><i>[Update: Someone pointed me at an old message titled <a href="http://www.mail-archive.com/leapsecs@rom.usno.navy.mil/msg00109.html">History of IEEE P1003.1 POSIX time</a> which explains a lot.</i></p>I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com1tag:blogger.com,1999:blog-24263898.post-85989603684091623082007-11-19T13:06:00.000+00:002007-11-19T13:08:00.695+00:00Crayon PhysicsThe most awesome game ever.I really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0tag:blogger.com,1999:blog-24263898.post-69122519283358573242007-08-22T12:51:00.000+01:002007-08-22T12:52:11.637+01:00Security Excuse BingoI really didn't want to make a new blog but Blogger insistedhttp://www.blogger.com/profile/05716252940701655380noreply@blogger.com0