Saturday, September 30, 2006
Reading List: Little Wars
- Wells, H. G. Little Wars. Springfield, VA: Skirmisher,  2004. ISBN 0-9722511-5-4.
- I have been looking for a copy of this book for more than twenty-five years. In this 1913 classic, H. G. Wells essentially single-handedly invented the modern pastime of miniature wargaming, providing a (tin soldier) battle-tested set of rules which makes for exciting, well-balanced, and unpredictable games which can be played by two or more people in an afternoon and part of an evening. Interestingly, he avoids much of the baggage that burdens contemporary games such as icosahedral dice and indirect fire calculations, and strictly minimises the rôle of chance, using nothing fancier than a coin toss, and that only in rare circumstances. The original edition couldn't have appeared at a less auspicious time: published just a year before the outbreak of the horrific Great War (a term Wells uses, prophetically, to speak of actual military conflict in this book). The work is, of course, long out of copyright and text editions are available on the Internet, including this one at Project Gutenberg, but they are unsatisfying because the text makes frequent reference to the nineteen photographs by Wells's second wife, Amy Catherine Wells, which are not included in the on-line editions but reproduced in this volume. Even if you aren't interested in the details, just seeing grown men in suits scrunching down on the ground playing with toy soldiers is worth the price of admission. The original edition included almost 150 delightful humorous line drawings by J. R. Sinclair; sadly, only about half are reproduced here, but that's better than none at all. This edition includes a new foreword by Gary Gygax, inventor of Dungeons and Dragons. Radical feminists of the dour and scornful persuasion should be sure to take their medication before reading the subtitle or the last paragraph on page 6 (lines 162–166 of the Gutenberg edition).
Tuesday, September 26, 2006
Reading List: The Trouble with Physics
- Smolin, Lee. The Trouble with Physics. New York: Houghton Mifflin, 2006. ISBN 0-618-55105-0.
- The first forty years of the twentieth century saw a revolution in fundamental physics: special and general relativity changed our perception of space, time, matter, energy, and gravitation; quantum theory explained all of chemistry while wiping away the clockwork determinism of classical mechanics and replacing it with a deeply mysterious theory which yields fantastically precise predictions yet nobody really understands at its deepest levels; and the structure of the atom was elucidated, along with important clues to the mysteries of the nucleus. In the large, the universe was found to be enormously larger than expected and expanding—a dynamic arena which some suspected might have an origin and a future vastly different than its present state. The next forty years worked out the structure and interactions of the particles and forces which constitute matter and govern its interactions, resulting in a standard model of particle physics with precisely defined theories which predicted all of the myriad phenomena observed in particle accelerators and in the highest energy events in the heavens. The universe was found to have originated in a big bang no more distant than three times the age of the Earth, and the birth cry of the universe had been detected by radio telescopes. And then? Unexpected by almost all practitioners of high energy particle physics, which had become an enterprise larger by far than all of science at the start of the century, progress stopped. Since the wrapping up of the standard model around 1975, experiments have simply confirmed its predictions (with the exception of the discovery of neutrino oscillations and consequent mass, but that can be accommodated within the standard model without changing its structure), and no theoretical prediction of phenomena beyond the standard model has been confirmed experimentally. What went wrong? Well, we certainly haven't reached the End of Science or even the End of Physics, because the theories which govern phenomena in the very small and very large—quantum mechanics and general relativity—are fundamentally incompatible with one another and produce nonsensical or infinite results when you attempt to perform calculations in the domain—known to exist from astronomical observations—where both must apply. Even a calculation as seemingly straightforward as estimating the energy of empty space yields a result which is 120 orders of magnitude greater than experiment shows it to be: perhaps the most embarrassing prediction in the history of science. In the first chapter of this tour de force, physicist Lee Smolin poses “The Five Great Problems in Theoretical Physics”, all of which are just as mysterious today as they were thirty-five years ago. Subsequent chapters explore the origin and nature of these problems, and how it came to be, despite unprecedented levels of funding for theoretical and experimental physics, that we seem to be getting nowhere in resolving any of these fundamental enigmas. This prolonged dry spell in high energy physics has seen the emergence of string theory (or superstring theory, or M-theory, or whatever they're calling it this year) as the dominant research program in fundamental physics. At the outset, there were a number of excellent reasons to believe that string theory pointed the way to a grand unification of all of the forces and particles of physics, and might answer many, if not all, of the Great Problems. This motivated many very bright people, including the author (who, although most identified with loop quantum gravity research, has published in string theory as well) to pursue this direction. What is difficult for an outsider to comprehend, however, is how a theoretical program which, after thirty-five years of intensive effort, has yet to make a single prediction testable by a plausible experiment; has failed to predict any of the major scientific surprises that have occurred over those years such as the accelerating expansion of the universe and the apparent variation in the fine structure constant; that does not even now exist in a well-defined mathematical form; and has not been rigorously proved to be a finite theory; has established itself as a virtual intellectual monopoly in the academy, forcing aspiring young theorists to work in string theory if they are to have any hope of finding a job, receiving grants, or obtaining tenure. It is this phenomenon, not string theory itself, which, in the author's opinion, is the real “Trouble with Physics”. He considers string theory as quite possibly providing clues (though not the complete solution) to the great problems, and finds much to admire in many practitioners of this research. But monoculture is as damaging in academia as in agriculture, and when it becomes deeply entrenched in research institutions, squeezes out other approaches of equal or greater merit. He draws the distinction between “craftspeople”, who are good at performing calculations, filling in blanks, and extending an existing framework, and “seers”, who make the great intellectual leaps which create entirely new frameworks. After thirty-five years with no testable result, there are plenty of reasons to suspect a new framework is needed, yet our institutions select out those most likely to discover them, or force them to spend their most intellectually creative years doing tedious string theory calculations at the behest of their elders. In the final chapters, Smolin looks at how academic science actually works today: how hiring and tenure decisions are made, how grant applications are evaluated, and the difficult career choices young physicists must make to work within this system. When reading this, the word “Gosplan” (Госпла́н) kept flashing through my mind, for the process he describes resembles nothing so much as central planning in a command economy: a small group of senior people, distant from the facts on the ground and the cutting edge of intellectual progress, trying to direct a grand effort in the interest of “efficiency”. But the lesson of more than a century of failed socialist experiments is that, in the timeless words of Rocket J. Squirrel, “that trick never works”—the decisions inevitably come down on the side of risk aversion, and are often influenced by cronyism and toadying to figures in authority. The concept of managing risk and reward by building a diversified portfolio of low and high risk placements which is second nature to managers of venture capital funds and industrial research and development laboratories appears to be totally absent in academic science, which is supposed to be working on the most difficult and fundamental questions. Central planning works abysmally for cement and steel manufacturing; how likely is it to spark the next scientific revolution? There is much more to ponder: why string theory, as presently defined, cannot possibly be a complete theory which subsumes general relativity; hints from experiments which point to new physics beyond string theory; stories of other mathematically beautiful theories (such as SU(5) grand unification) which experiment showed to be dead wrong; and a candid view of the troubling groupthink, appeal to authority, and intellectual arrogance of some members of the string theory community. As with all of Smolin's writing, this is a joy to read, and you get the sense that he's telling you the straight story, as honestly as he can, not trying to sell you something. If you're interested in these issues, you'll probably also want to read Leonard Susskind's pro-string The Cosmic Landscape and Peter Woit's sceptical Not Even Wrong.
Thursday, September 21, 2006
Reading List: They Thought They Were Free
- Mayer, Milton. They Thought They Were Free. 2nd. ed. Chicago: University of Chicago Press,  1966. ISBN 0-226-51192-8.
The author, a journalist descended from German Jewish
immigrants to the United States, first visited Nazi Germany
in 1935, spending a month in Berlin attempting to obtain,
unsuccessfully, an interview with Hitler, notwithstanding
the assistance of his friend, the U.S. ambassador, then
travelled through the country reporting for a U.S. magazine.
It was then that he first discovered, meeting with ordinary
Germans, that Nazism was not, as many perceived it then and
now, “the tyranny of a diabolical few over helpless
millions” (p. xviii), but rather a mass movement
grounded in the “little people” with a broad
base of non-fanatic supporters.
Ten years after the end of the war, Mayer arranged a one year
appointment as a visiting professor at the University of Frankfurt
and moved, with his family, to a nearby town
of about 20,000 he calls “Kronenberg”.
There, he spent much of his time cultivating the friendship of
ten men he calls “my ten Nazi friends”, all of whom
joined the party for various reasons ranging from ideology,
assistance in finding or keeping employment, to admiration of
what they saw as Hitler's success (before the war) in restoring
the German economy and position in the world. A large part
of the book is reconstructed conversations with these people,
exploring the motivations of those who supported Hitler (many
of whom continued, a decade after Germany's disastrous
defeat in the war he started, to believe the years of his rule
prior to the war were Germany's golden age). Together they
provide a compelling picture of life in a totalitarian
society as perceived by people who liked it.
This is simultaneously a profoundly enlightening and disturbing
book. The author's Nazi friends come across as almost completely
unexceptional, and one comes to understand how the choices they
made, rooted in the situation they found themselves, made perfect
sense to them. And then, one cannot help but ask, “What would
I have done in the same circumstances?” Mayer has no truck with
what has come to be called multiculturalism—he is a firm
believer in national character (although, of course, only on the
average, with large individual variation), and he explains how
history, over almost two millennia, has forged the German
character and why it is unlikely to be changed by military defeat and
a few years of occupation.
Apart from the historical insights, this book is highly topical
when a global superpower is occupying a very different country,
with a tradition and history far more remote from its own
than was Germany's, and trying to instill institutions with no
historical roots there. People forget, but ten years after
the end of World War II many, Mayer included, considered the
occupation of Germany to have been a failure. He writes (p. 303):
The failure of the Occupation could not, perhaps, have been averted in the very nature of the case. But it might have been mitigated. Its mitigation would have required the conquerors to do something they had never had to do in their history. They would have had to stop doing what they were doing and ask themselves some questions, hard questions, like, What is the German character? How did it get that way? What is wrong with its being that way? What way would be better, and what, if anything, could anybody do about it?Wise questions, indeed, for any conqueror of any country. The writing is so superb that you may find yourself re-reading paragraphs just to savour how they're constructed. It is also thought-provoking to ponder how many things, from the perspective of half a century later, the author got wrong. In his view the occupation of West Germany would fail to permanently implant democracy, that German re-militarisation and eventual aggression was almost certain unless blocked by force, and that the project of European unification was a pipe dream of idealists and doomed to failure. And yet, today, things seem to have turned out pretty well for Germany, the Germans, and their neighbours. The lesson of this may be that national character can be changed, but changing it is the work of generations, not a few years of military occupation. That is also something modern-day conquerors, especially Western societies with a short attention span, might want to bear in mind.
Saturday, September 16, 2006
Your Sky, Home Planet, and Sky Screen Saver UpdatedThere seems to be a rule that the more times you copy a piece of code into different programs, the more probable it is that you'll eventually find a bug which requires you to update all of them. That's what happened with the star map projection algorithm I've been using in Home Planet ever since 1992, which eventually made its way into the Sky Screen Saver and the Web planetarium Your Sky. When plotting items like the boundaries of constellations, which are logically “straight lines” between celestial co-ordinates expressed in right ascension and declination, the charts created by these programs may have to render them as curves depending on the map projection being used and their location in the sky. The code which does this used a recursive “divide and conquer” algorithm which continued to divide the line into sub-segments until the midpoint was within a specified tolerance of the correct location or a fixed limit was reached. Unfortunately, the logic didn't consider the case where, due to round-off, the computed midpoint fell outside the chart, which caused the clipper to return meaningless co-ordinates, resulting in the plotting process looping effectively forever. The fix is quite literally a one-liner, but of course it has to be applied to each of the five programs (since Your Sky contains separate programs for Sky, Telescope, and Horizon views). The corrected version of Your Sky is now in production, and versions 3.3a of Home Planet and 3.1b of Sky Screen Saver which incorporate the fix are available for downloading from their respective pages. The update to Home Planet also includes two additional fixes. Microsoft can change the name of their C compiler as many times as they like, gussy up the integrated development environment with toolbars, floating panels, bouncing buttons, and flashing mouse-sticking hobble-help all they like, but it's like putting lipstick on a monkey—it's still a monkey, and it's still Monkey C. It was the experience to trying to get Home Planet working in the face of egregious and inexcusable code generation and optimisation flaws in what was then called Microsoft Visual C++ which first brought home to me just how shoddy Microsoft's standards of quality were and how low a priority they seemed to put on delivering products to their customers which got the right answers. (For example, there was a bug in the C library tan function which caused it to return results with the incorrect sign for one quarter of its entire domain. This went unfixed for an entire release cycle of the compiler and library.) Many things have changed since 1992, but not the quality of Microsoft development tools. The “Visual Studio .NET” C compiler contains a hideous bug in code generation for expressions in which multiple subexpressions use the comma operator to evaluate one item and then return another. This caused the specification of latitude and longitude for a user-defined observing site, code which has been working without problems for fourteen years on earlier Microsoft compilers, to break in a way which would be humorous if not so pathetic: the expression is evaluated as if the variables in the subexpressions were written in reverse order. An additional, unrelated fix corrects a problem which caused the Sky window to fail to be redrawn after being resized when an animation was in progress but paused. This bug has been present since the first release of Home Planet but was not apparent until logic was added in version 3.3 to eliminate unnecessary updates of the Sky window.
Tuesday, September 12, 2006
Earth and Moon Viewer UpdatedAt 20:00 UTC on 2006-09-12 I put a new version of Earth and Moon Viewer into production on the primary Fourmilab server. This is the first update to this interactive Web resource since the “stateless” version (which refers to its ability to run on a load-balanced server farm without session persistence, as opposed to absence of allegiance to this or that petty tyrant and their tawdry turf) was released on 2005-08-15. Like that update, this release should be completely transparent to the overwhelming majority of users: only those who parse the output from Web requests with sloppy programs will be affected (and almost all of them ought to have been using dynamic image requests for years anyway). This release is a major clean-up of the code and efficiency improvement. Earth and Moon Viewer was the first interactive resource at Fourmilab, open to the public since December 1994. Since then, it has “just grown”, not only becoming far and away the most popular area on the site, but usually appearing on the first page of Google search results for both of the terms “Earth” and “Moon”. In the process, it has had to cope with the realities of being such a high profile page in today's Internet slum, including denial of service attacks and fire drills when a war breaks out and every computer-empowered idiot on the planet tries to zoom in on the war zone and watch the battle, notwithstanding explicit statements that the high resolution imagery is completely static, having been captured by Earth satellites years before. Anyway, with all of these alarums and diversions, and the quickly cobbled-up kludges to mitigate them, the processing of each and every Earth and Moon Viewer request became embarrassingly inefficient—not incapacitating—the server farm actually loafs along at less than 10% capacity most of the time, but that's the most propitious time to clean things up and, besides, every little bit of complexity is somewhere a security problem might be lurking, and the fewer the better. Vanity makes me hesitant to mention this figure, but prior to this update, each Earth and Moon Viewer request required nine Unix process forks to service, and passed the request form arguments to the program which generated the reply via a shell script and command line arguments, which runs the risk of somebody constructing a request which spoofs the shell into doing something destructive (although I believe the script in question was not vulnerable to such attacks, and the absence of evidence of them in a world in which this site is subjected to tens of thousands of attacks per day is plausible evidence of absence—still, one sleeps better knowing there is not even a potential vulnerability). The updated version requires only two process forks per request, which is is the irreducible minimum to handle such transactions in a stateless manner (one to create the reply page, the second to generate the image which is embedded within it). All existing URLs which request Earth and Moon Viewer results should continue to work, even if generated before this update; if you have one which appears to be broken, that's what the “Feedback” button is for. Although this update is transparent to the user, it is a major structural change to the Web application, involving changes in almost every static HTML document and even scheduled jobs which retrieve information such as orbital elements for Earth satellites. I will let it run for a few days, keeping an eye on the error log and an ear to the ground for reports of problems (which makes it difficult to use the mouse!) and, if all goes well, post the source code for the new version and begin propagating the changes to the other interactive Web resources: Solar System Live and Your Sky.
Sunday, September 10, 2006
One-Place Do-it-Yourself Helicopter KitNow this is cool!
Saturday, September 9, 2006
Reading List: 19 Deadly Sins of Software Security
- Howard, Michael, David LeBlanc, and John Viega. 19 Deadly Sins of Software Security. Emeryville, CA: Osborne, 2005. ISBN 0-07-226085-8.
- During his brief tenure as director of the National Cyber Security Division of the U.S. Department of Homeland Security, Amit Yoran (who wrote the foreword to this book) got a lot of press attention when he claimed, “Ninety-five percent of software bugs are caused by the same 19 programming flaws.” The list of these 19 dastardly defects was assembled by John Viega who, with his two co-authors, both of whom worked on computer security at Microsoft, attempt to exploit its notoriety in this poorly written, jargon-filled, and utterly worthless volume. Of course, I suppose that's what one should expect when a former official of the agency of geniuses who humiliate millions of U.S. citizens every day to protect them from the peril of grandmothers with exploding sneakers team up with a list of authors that includes a former “security architect for Microsoft's Office division”—why does the phrase “macro virus” immediately come to mind? Even after reading this entire ramble on the painfully obvious, I cannot remotely guess who the intended audience was supposed to be. Software developers who know enough to decode what the acronym-packed (many never or poorly defined) text is trying to say are already aware of the elementary vulnerabilities being discussed and ways to mitigate them. Those without knowledge of competent programming practice are unlikely to figure out what the authors are saying, since their explanations in most cases assume the reader is already aware of the problem. The book is also short (281 pages), generous with white space, and packed with filler: the essential message of what to look out for in code can be summarised in a half-page table: in fact, it has been, on page 262! Not only does every chapter end with a summary of “do” and “don't” recommendations, all of these lists are duplicated in a ten page appendix at the end, presumably added because the original manuscript was too short. Other obvious padding is giving examples of trivial code in a long list of languages (including proprietary trash such as C#, Visual Basic, and the .NET API); around half of the code samples are Microsoft-specific, as are the “Other Resources” at the end of each chapter. My favourite example is on pp. 176–178, which gives sample code showing how to read a password from a file (instead of idiotically embedding it in an application) in four different programming languages: three of them Microsoft-specific. Like many bad computer books, this one seems to assume that programmers can learn only from long enumerations of specific items, as opposed to a theoretical understanding of the common cause which underlies them all. In fact, a total of eight chapters on supposedly different “deadly sins” can be summed up in the following admonition, “never blindly trust any data that comes from outside your complete control”. I had learned this both from my elders and brutal experience in operating system debugging well before my twentieth birthday. Apart from the lack of content and ill-defined audience, the authors write in a dialect of jargon and abbreviations which is probably how morons who work for Microsoft speak to one another: “app”, “libcall”, “proc”, “big-honking”, “admin”, “id” litter the text, and the authors seem to believe the word for a security violation is spelt “breech”. It's rare that I read a technical book in any field from which I learn not a single thing, but that's the case here. Well, I suppose I did learn that a prominent publisher and forty dollar cover price are no guarantee the content of a book will be of any value. Save your money—if you're curious about which 19 “sins” were chosen, just visit the Amazon link above and display the back cover of the book, which contains the complete list.
Friday, September 8, 2006
Web: Floating Links in Internet Explorer 7 RC1There is a nasty bug in Microsoft Internet Explorer Release Candidate 1 which torpedoes hundreds of valid XHTML pages at Fourmilab and doubtless millions of pages elsewhere on the Web. A document which contains links within objects such as tables which are floated to the left or right of the document will be displayed as if they were links but will not, in fact, be clickable. This is the same regardless of whether the link target is text or an image. The following links demonstrate this problem in both XHTML 1.0 Transitional and Strict documents, stripped down to the minimum required to manifest the bug. W3C validation server and, indeed, it does so with almost every other browser (including Internet Explorer 6). With Internet Explorer 7 RC1, despite showing the link as clickable, you can click until Pluto is once again closer to the Sun than Neptune and nothing happens. Yes, I have reported this bug to Microsoft, but I shall not repeat the experience, which was as humiliating as embarking on a domestic airline flight in the United States: the process required me to download “file transfer” software (as if I didn't have far more competently implemented alternatives already installed), then it wanted to me log in with a “Microsoft Passport” (yeah, right) account, and finally allowed me to submit the bug report anonymously, voluntarily disclosing my E-mail address since I take responsibility for all of my actions on the Internet.
Thursday, September 7, 2006
Astronomy: Partial Lunar Eclipse
Saturday, September 2, 2006
HotBits: Proxy Server and randomX Updates, Password GenerationThe first installment in what I expect to be a series of updates to the HotBits radioactive random number generator is now in production. This phase updates the HotBits proxy server software running on the server farm machines to a new release which is much more robust in recovering from failure of HotBits generator machines, and has the ability (although this is not yet enabled) to talk to any number of redundant generator machines and also obtain inventory from other proxy servers if no generator is accessible. The HotBits Secure Server Request page and all of the sample output pages are now XHTML 1.0 Strict documents. (The hexadecimal format result page remains a classic HTML format document to avoid torpedoing applications which parse it with a program, although I have added quotes to the arguments in the logo image at the top of the page.) The secure request form now allows you to request, in addition to random bytes in hexadecimal, binary, or C language formats, the generation of one or more random passwords with user-specified length, which may be composed of all lower case letters, mixed case letters, alphanumeric characters, or alphanumerics plus generally safe punctuation. Password generation is permitted only on the secure request form—it doesn't make sense to generate genuinely random passwords and then deliver them across an insecure Internet connection on which all the usual suspects and probably some you don't know about are snooping.
Finally, the Java randomX package has been updated for compatibility with present-day Java implementations (tested with Java 2 Runtime Environment build 1.5.0_06-b05) and a few long-standing bugs have been fixed, including the typographic error which led to the negative array subscript in the randomLEcuyer pseudorandom generator when called with a seed greater than 231−1. The randomX document is now compliant XHTML 1.0 Transitional, and all of the class documentation has been rebuilt with a modern version of javadoc.