Saturday, May 30, 2009

Girl Talk

Most of my workout picks were pretty obvious, but Girl Talk deserves a bit of context. Girl Talk is really Greg Gillis, a Pittsburgh biomedical researcher (if he worked with Tara O'Toole, it's time to queue the Twilight Zone theme).

Girl Talk's been doing mashups and concerts for years, and he's got a brilliantly exacting sense of timing and a knack for finding unlikely cuts to mash up. I hear the sixties in there; you'll hear whatever music was popular when you were seventeen. Remarkably, he's sampled dozens of popular artists without being subjected to the large licensing demands that usually come with sampling. It turns out to be easier to make music these days if you're judgment-proof; he just stopped worrying about legal rights and released his music. But the music industry deserves some credit for letting him continue to sample unmolested. (He's apparently offered some small fees that reflect his returns to sampled artists.)

Girl Talk isn't for everyone. You'll like it if you like M.I.A. and have to have a high tolerance for bad language, of both the old school (the seven dirty words) and the new school (ethnic and racial slurs). Even then, some of the material is too hip-hop for me.

I wanted to post a clip or two here, but Blogger only allows the posting of videos, not mp3s -- I assume that's the result of music industry antipiracy scrutiny. But the good news is that you can sample the music free. Girl Talk's album is available (in a Creative Commons license) on a "pay what you want" basis here. So you can pay nothing, download the album, and decide whether it's worth anything to you. Then you can go back and pay -- and they'll throw in bonuses if you pay more than $10. Of course, you'll have to explain to your spouse why there's a charge for "Illegal Art" on your credit card. That's Girl Talk's label.

Evolution of the Cyber "Czar" in Four Easy Steps

Remember the original proposal for a cyber "czar" who would bring coherence to all network security activities across the government? The lines of authority would be crisp and clear. The cyber czar would report directly to the President as a sign of his or her authority. He or she could just walk into the Oval Office all alone and tell it like it is.

Need an organization chart? Piece of cake:Well, on second hand, that may not quite work. Cyber security is a matter of national security, and the departments need to weigh in on cyber issues through existing channels.

But, really, that's no problem. We'll put the cyber czar into the National Security Council. There will still be one voice and one chain of command for all cyber security issues. It will just go up through the National Security Adviser. And, of course, the National Security Adviser will escort the czar into the Oval Office.

Guess we'll have to change the title, though:

Wait! We reckoned without Larry Summers and the National Economic Council. We don't want national security types running amok and wrecking the most innovative sector of the economy with incautious regulation in the name of security.

Anything the cyber czar does really needs to be subject to the full discipline of an economic review. Make the position part of the NEC process too. The czar can report up through both the National Security Adviser and the National Economic Adviser. Once the czar has found a position that both advisers can agree on, well, they'll both go into the Oval Office with him, just to keep him honest.

Okay, with two bosses, perhaps another description of the position is in order:

Hold the presses! NEC isn't the only White House office that wants to assert its prerogatives. What about OMB, which traditionally sets budget standards and measures departmental compliance with White House priorities? What about the CIO and CTO positions that the President just filled with such fanfare? They aren't chopped liver. Cyber security is all about information and technology. Oh, and the Office of Science and Technology Policy -- what is cyber security policy if it isn't science and technology policy?

Better give them a veto over what the cyber czar says to the President, too. We'll have to move the meetings out of the Oval Office, of course, but there's bound to be an auditorium nearby.

With these changes, we'll need a new org chart and a new title, but surely there's a czar who could serve as a role model for the position. ... Um ... hang on ... it'll come to us ...

Yes! We've got it:

Friday, May 29, 2009

Messing with Moblin

Last week, I downloaded the Moblin 2 beta and installed it on an Asus Eee. It's a pretty quick boot, the boot manager is slick, and the beta is reasonably bug free.

But I don't get it.

The interface is willfully different. Navigation requires clicking on utterly uncommunicative icons whose labels only show up with a mouseover. Here's one: oOo. That says it all, eh? Even the mouseover just tells you it is the icon for "zones". Whuh? In fact, it's where active applications are displayed.

I feel the same way about Chrome, the Google browser. Using it, I miss my Firefox tabs and addons, and I sort of resent being told that I have to learn a whole bunch of new conventions with no promise that the system will actually work better. Of course, the interface is more austere and Applish and aesthetically satisfying, so I guess we're supposed to sit down and shut up. It's Design, and Design has only a limited interest in the hoi polloi.

I'm also having trouble figuring out where the repository is for apps like open office. (Contacts and calendar programs come with the install, but not a word processor.)

Oh, and somehow it doesn't seem possible to display websites on the whole screen. There's always a good half-inch of black space at the top of the screen that I can't get rid of. Not sure whether to blame Moblin or Chrome, but it's a good 10% of the screen on a netbook, and I can't afford to lose it.

Ok, I suppose there are some advantages to Linux here, but frankly, I'm using the XP partition on the same machine a lot more than I'm using the Moblin partition. XP is almost as fast to boot, and Firefox over XP is as speedy as Chrome. It finds my Wifi connection automatically as soon as the netbook is turned on. Moblin in contrast just sits there and waits for me to remember to go turn wireless on, usually after I've said, "Hey, how come none of my websites are coming up?" I bet all this is fixable if I tweaked a few settings. But Moblin is too new to have a bunch of support sites to mine for advice.

All in all, an argument for being conservative about computer interfaces. (Of course, for a 20% discount off the price, lots of people would learn a new interface, so the real question is whether netbook makers will pass on Linux's low initial cost to buyers, who will then see a reason to try new interfaces.

New workout music

Current favorites:

Jazmine Sullivan's "Bust the windows out your car" -- Soaring strings. Great beat. Vindictive woman. Hard to resist.

BoA -- K-pop: where Britney's music team went when Britney lost it

Daddy Yankee -- reggaeton with swagger

Mark Ronson's love affair with horns pays off again in "God Put A Smile Upon Your Face"

Maybe best of all: Girl Talk -- mashes and remixes the sixties into a sweet puree

He didn't even have to hear the announcement or read the report

To ask "Who Would Want to Be the Cyber-security Czar?"

And then there's this:
President Obama has made document and information security a priority,
and we’re nearing the end of a 60-day review period. That’s just a
fancy way for the government to say they’ve studied a problem to the
point where they can announce more work needs to be done.

Why you shouldn't get your US domestic news from Australian papers

Instapundit and Slashdot (and probably others) are featuring a story about Homeland Security scanning the fingerprints of travellers leaving the US.

Unfortunately, the story, from an Australian IT outlet, made serious errors. It claimed incorrectly that US citizens would be fingerscanned. It also succumbed to the assumption that any idea that can be made to sound like creepy and dumb security must have been the brainchild of the Bush Administration, accepted only reluctantly by the new administration.

In fact, the requirement for fingerprints on exit was first put in law in 1996, was recommended again by the 9/11 Commission, and was also included in the 9/11 implementation act. Despite this, the Bush administration was always a little ambivalent about the requirement -- mainly because the requirement is not a security measure.

Departing travelers are, well, departing. If they're terrorists, they've had their chance to attack us already.

Plus we already get passport data on departing passengers. Getting fingerprints too just makes the identification a little more certain, so the error rate goes down two or three percent. Since fingerprints are a hassle for everyone, and expensive, the Bush administration was pushed by Congress into gathering prints on exit. Congress has in essence said that Poland and other candidate countries will not be eligible for visa-free travel unless the Administration implements prints-on-exit.

Congress wants the prints because some in Congress believe visa-free travelers overstay their 90-day travel permission and become illegal immigrants. If people must check in and then check out, Congress believes, we could track down the ones who don't check out and deport them. Even if overstays from this group were a big problem, and in the scheme of things it probably isn't (these are travelers from developed countries, after all), it isn't particularly cost-effective to create a big program just so we'll have marginally more accurate check-out records. What exactly will we do with the newly improved list of people who didn't leave on time? It wasn't likely that the Bush administration would find the resources to track down every overstaying backpacker from Japan, and it's even less likely that the Obama administration would treat that as a priority. So we're perfecting a bookkeeping system that probably will never be used in the fashion that Congress envisions.

My guess is that the Obama administration is setting up fingerscan pilots for the same reason that the Bush administration probably would have -- to preserve the option of bringing new countries into the visa-free travel program. But the idea that this is some Bush administration plot foisted on the new guys is a figment of Aussie media imagination.

Tuesday, May 12, 2009

O'Toole hit job, part 2

Milton Leitenberg, the author of the "Army War College report," has asked me to put up a few points that he'd like to make about my Tara O'Toole post. Leitenberg's points are below, followed by my comments.

1. Leitenberg says that, in fact, the Army War College did not pay for the study:

There was NO "contract", neither to the University of Maryland, to the institute at which I sit, the Center for International and Security Studies , nor to me. Nor, as is implied by the word "contract", was there any payment for the work, which took about six months to complete. Instead, the editor of the publication series produced by the Strategic Studies Institute at the US AWC solicited the study from me after seeing an earlier conference paper that was published in another book.... In fact the University does not provide me with a salary either. I have been working that way for some years now. (I am 75.5 years in age ....) But I have been working on CBW issues since the mid-1960's. Some of my recent and current work is funded by Foundation grants ( a book about the history of the Soviet BW program) , but some is not , and this was not. In this case, it didn't even occur to me to ask the AWC/SSI if they could provide any funds because I simply assumed that they didn't do that."
2. Leitenberg says it's not unusual for an AWC study to include a disclaimer that it doesn't reflect the views of the Army:
"[T]hat statement and the rest of that page appears in precisely the same format in every AWC publication, even ones written by members of the Army War College faculty, which is the great majority of the cases, and even if those AWC faculty have been there 10 and 20 years. The statement therefore denoted no specific disengagement by the AWC/SSI from my text in any way different from that of any other author whose work they publish . "
3. Leitenberg also feels that I did not do justice to the length and heft of his work:

"Finally, other reviewers have referred to that study as a "book" , but in any case, 115 pages is most certainly not an "op-ed"."
My responses:

1. Leitenberg is correct but off point. The point of my original post was that the Leitenberg report was not "an Army War College report" because it was not written or endorsed by the Army War College. That's true. It was written by Milton Leitenberg, and it reflects his views, not those of the Army War College. Does it matter that Leitenberg was not paid, which is the error Leitenberg is complaining about? I don't see how. It's still a personal opinion piece; indeed, not being paid for the report separates it even further from the Army War College. (Usually, research you pay for is likely to be something you value; getting a research paper for free doesn't imply the same level of interest or commitment.)

2. This is not really a correction but an objection to something I didn't say. I didn't say that the AWC has repudiated Leitenberg, simply that they haven't endorsed him, and thus that it's misleading to call his very strong views, as Wired does, an "Army War College report." Leitenberg's point isn't wrong; it's just not relevant to my post.

3. Again, he's right but off point. The report is long; I'd be happy to call it a short book. A short and highly opinionated book. Which was my point. This is not a careful, even-handed government report, it's the work of a man with a very definite point of view.

And a very particular style of argument. Remember Leitenberg's complaint that the 2002 exercise was unrealistic because one of al-Qaeda's main bioterror researcher's had already been arrested? It was correct but irrelevant to the purpose of the exercise, which was to focus on things al-Qaeda might be able to do, not things it had a verified capability to do on a particular day.

His notes to me are very similar in style. You can't say the criticisms are wrong, exactly; they just sort of miss the point, or bury it in an avalanche of literalism. And they're accompanied by much the same misplaced passion. At one point he calls my original post "completely concocted disinformation," which seems a little overwrought given the irrelevance of the correction.

Now that I've corresponded with Milton Leitenberg, I have more sympathy than ever for Tara O'Toole.

Monday, May 11, 2009

RIM: hopeless

I thought I might download a few apps from the BlackBerry apps store.  Bad idea.  RIM seems determined to discourage customers.  You can't use its apps shop if you run Firefox; IE is required.  You also have to run ActiveX, a remarkably unsafe product to enable.  And you have to open a PayPal account.  All just to browse the store. 

Good luck with that, RIM.

Saturday, May 9, 2009

Ka-boom! Can't get enough

Just because, really, you can't get enough pix of exploding buses, here's the best story yet on the "black box camera" that DHS Policy drove through the bureaucracy. CNN Tech - Big boom economics

A hit job on Tara O'Toole

Wired Magazine has smeared the new DHS nominee for Science and Technology, Tara O'Toole, as a “bioterror disaster.” I may have met O'Toole, and I certainly know her work, which left me impressed, so the attack on her seemed unfair. Even the first piece recognized that O'Toole is “a doctor, the CEO of the University of Pittburgh’s Center for Biosecurity, the former chairwoman of the Federation of American Scientists, and the brains behind a series of influential disaster response exercises that woke Washington up to the threat of terrorists with weapons of massive destruction.” In a remarkable display of support, the comment section of the article was immediately flooded by signed statements from prestigious scientists rebutting the claim, forcing the publication of a second, slightly more balanced article. (I apologize the lack of hyperlinks to this and other web accessible documents, but Scribefire, which is very convenient for some things, such as linking to a single article, is pretty much unbearably clunky for others, such as inserting new links or removing doublespacing from quotes.)

Even taken together, though, the Wired articles add up to a hit job designed to slow her confirmation. They are not even-handed journalism.

Why do I think that? Well, to take one example, Wired claims in both articles that O'Toole's war game scenarios in 2002 and 2005 were criticized in “an Army War College report” for “grossly misleading assumptions.”

The problem with that claim is that the reporter doesn't seem to have actually read the front pages of the report. The report was, it's true, paid for by the U.S. Army. But it says at the start that The views expressed in this report are those of the author and do not necessarily reflect the official policy or position of the Department of the Army, the Department of Defense, or the U.S. Government.”

In this case, that's not boilerplate. The contract was apparently given to a Maryland research institute, which in turn subcontracted it to Milton Leitenberg, who is listed as the sole author. That's as it should be, because the report is clearly a personal op-ed in support of the proposition that, as he says, “Bioterrorism may or may not develop into a serious concern in the future, but it is not 'one of the most pressing problems that we have on the planet today.'” (Emphasis in original.) Leitenberg's candidate for the planet's “most pressing problem” seems to be getting ready for pandemic flu, which he (a bit anomalously) seems to think is not related to preparing for biological terrorism.

So the whole point of the Leitenberg study is to debunk bioterrorism as a risk. In that cause, he attacks the 2002 and 2005 bioterrorism exercises for what he thinks are unrealistic assumptions. That criticism boils down to the assertion that al-Qaeda is not (quite) ready to launch (exactly) the attack set forth in the exercises. Below, I quote a sample of the criticism; see how persuasive you find it.

First, Leitenberg explains the scenario's backstory:

The scenario posits that the al-Qaida group’s scientists received microbiological training at Indian and U.S. universities. These scientists received additional training when the group hired a scientist who was part of the former Soviet Union’s offensive biological weapons program. ... Then, with their own microbiology training, the terrorist group was able to acquire all the required laboratory equipment to grow and process the Variola major seed stock they had acquired into a relatively high-quality dry powder that was then used in the attacks.

Then he explains why this backstory is unrealistic:

In the real world, Al-Qaida had one single individual who had received a BS degree in Biology “with a clinical concentration” at a U.S. college. He could in no way be described as a “scientist.” Furthermore, he was arrested in December 2001. The individual with more advanced training who supplied al-Qaida with its microbiological literature was unwilling to himself do any laboratory work for them. The few pieces of standard equipment obtained by the group in Afghanistan were rudimentary in the extreme.

I find this utterly unpersuasive. Does Leitenberg really believe that we should only prepare for attacks that al Qaeda could carry out with exactly the personnel they had in 2001? Since the only real proof of al Qaeda's capability is likely to be an attack, that's not a recipe for being prepared. That's also not a lesson you'd expect government to learn from 9/11, which featured tactics and capabilities al Qaeda hadn't used before. And finally, that's not the usual basis for exercises, which ought to stretch the participants to respond to a range of possible disasters.

Leitenberg's criticisms of the exercise scenarios are such a stretch that they suggest he has a pretty big policy axe to grind. And Wired's credulous citation of his personal views as an “Army War College report” suggests that Wired is holding the grindstone.

That's not the only time Wired slants its coverage. Wired gives loving attention to this quote from Rutgers researcher Richard Ebright:

“O’Toole is as out of touch with reality, and as paranoiac, as former Vice President Cheney. It would be hard to think of a person less well suited for the position. ... She was the single most extreme person, either in or out of government, advocating for a massive biodefense expansion and relaxation of provisions for safety and security. She makes Dr. Strangelove look sane.”

OK, we're all aware of the Hitler rule -- the first debater to compare his opponent to Hitler has already admitted he's losing on the merits. I think we can update it a bit; in academic debate, it should be prima facie evidence that you've lost your sense of balance if you invoke both Richard Cheney and Dr. Strangelove in talking about a colleague.

Does Wired ask whether Ebright might also have his own axe to grind, something that would account for this peculiar passion? Nope.

But you don't have to dig far into Google before you discover that Dr. Ebright is a biological researcher who has received NIH funding – and who has argued passionately that research projects like O'Toole's have improperly shifted NIH funding away from traditional biological projects and toward the kind of research Ebright doesn't do.

Here's an excerpt from an undated Ebright slide show criticizing NIH for foolishly funding bioterror research in heavily secured labs. It's a heartfelt point of view; Ebright even puts it in red font so no one will miss it:

“[S]ub-par research has been funded. As a further result, an incentive structure has been created that has diverted scientists out of highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research (where funding is tight and competitive) into less promising bioweapons-agents research (where funding is loose and easy).”

Now I'm not competent to judge whether Ebright himself has asked for funding to do “highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research (where funding is tight and competitive).” But I think any reader of the Wired article would want to know just how personally Ebright thinks he's been affected by O'Toole's success in attracting funds.

At a minimum, even without a personal interest on Ebright's part, it seems clear that Wired has wandered into a medical researchers' food fight of epic proportions, with billions in funding at stake. Ebright is probably right to worry that O'Toole's appointment makes it less likely we'll see a return to the good old days of lavish funding for the “highly promising, biodefense-relevant, model-microorganisms and non-bioweapons-agents-pathogens research” that Ebright likes.

But descending to personal smears to shift NIH funding priorities is unworthy of him and of Wired.

Wednesday, May 6, 2009

Hey, this is good news

Tara O’Toole for Science and Technology.  Tara O'Toole is smart and has a clear focus on biological weapons risks.  Can't do better than that.

Tuesday, May 5, 2009

"The standards we had in this country"

The list of people banned from the UK tells us something we may not want to hear. The Home Secretary released 16 names precisely to send a public message: "I wanted to make the names of those people we had excluded public so that others understood the standards we had in this country."

If you think the Home Office wasn't counting the origins of these folks, you don't know much about politics, especially for something as symbolic as this list. So let's take a look at the numbers:

8 Islamic extremists (a couple of actual terrorists and lots of preachers)
5 Americans (a neo-Nazi, two "God hates fags" crusaders, a KKK grand wizard, and ... a right-wing talk show host)
2 Russian gangsters (2 racially motivated killers)
1 Israeli settler

So let's see if we can "understand the standards" the UK government is applying. It's actually pretty clear.

First, there's the balanced ticket. Muslim extremists are bad; nearly as bad are those right-wing Americans. Oh, and their Israeli sidekicks.

Here's another way to slice the list: killers v. talkers. The Americans and the Israelis are the only groups that don't include actual killers. The six Western talkers are treated as equivalent to a mix of ten killers and talkers from the East.

And one more cut: politics. Unless, like some on American campuses, you think that Islamic extremism must be leftist because it hates America, everyone on the list would be characterized as "right wing" or "fundamentalist," certainly by The Guardian. Environmental, anti-genetic-modification and animal rights extremists may have caused more damage in Britain recently than rightists, but they don't make the list. Neither do apologists for leftist violence on a mass scale. Raul Castro? Cambodian mass murderers? Don't be so twentieth century. There just wasn't room for them, given the threat posed by American talk show hosts.

So, from the European government that is closest in viewpoint to ours, internal politics requires treating the U.S. (and Israel) as morally equivalent to people who justify the 9/11 attacks, and ignoring the difference between talk and murder -- all in pursuit of "balance."

OK, thanks. That's what we needed. Now we understand the standards the UK government is applying.

Sunday, May 3, 2009

Border closure or border enforcement?

Sec. Napolitano is right, of course, that there's no point in closing the border to reduce swine flu risk.  It would be more effective to impose distancing and disinfecting requirements on planes and buses, domestic as well as international. 

I'm more concerned about the first U.S. cases.  They're described as having been in the border community.  Does that mean illegal immigrants?  Because if the earliest US cases were illegal immigrants, CDC should have notified CBP about the risk of exposure arising from border enforcement measures. 

So, was there a border enforcement risk of infection, and if so, did CDC properly warn CBP?

Jack Kemp

Jack Kemp Dies.  Right to the end, he was a 'bleeding heart conservative,' pushing DHS and me in particular to grant humanitarian parole to several surviving relatives of 9/11 victims who had been in the US illegally.  We did, but only for a year.  Surprisingly, Congress has done little or nothing to make that legalization permanent, and the one-year parole will soon expire.

Friday, May 1, 2009

Cyber security testimony

For those who want to read the whole thing, it is here.

Video summary can be found here.

If you're a glutton for punishment, the whole hearing can be found here.

Cyber security and the story of my life

In preparing for testimony about how the government should be organized for protecting Internet communications, I suddenly realized how foolhardy I had been to join the launch of two out the three most recently created Cabinet departments. At this excerpt from the testimony shows, new government startups are nearly always doomed to years of disappointment before even partial success is likely. Since joining new government startups is pretty much the story of my life, it's fair to question my judgment.

Without intending it, I’ve become something of an expert in the process of creating new government organizations, having worked to establish two of the three most recent Cabinet departments. I helped Shirley Hustedler start the Education Department in the late 1970s, and at DHS, I started the DHS Office of Policy. That was a startup within a startup. The more I’ve seen of government reorganizations, the more skeptical I’ve become about their value, and I’m especially skeptical about the recommendation to create a NOC.

Let me explain why. There is a kind of lifecycle to proposals for new governmental organizations. In the first stage, proposals for organizational change begin to gain momentum -- almost always because the existing organization of government is flawed. After all, no one suggests changes when things are going well. Sometimes there’s been a shocking failure, such as the 9/11 attacks that led to the creation of DHS. Sometimes the flaw is a lack of governmental focus on a mission that seems more important than before, as with the Education Department. But we always begin with an existing organization whose flaws have suddenly become especially prominent.

The second stage, when proposals for organizational change become concrete, requires an exercise of imagination. The new organization has to be envisioned. Since the whole point of the new organization is to cure the failings of the old organization, I think it’s fair to say that the proponents of change never imagine an understaffed, overworked agency that drops balls. No. More or less by definition, an organization that does not exist does not have any flaws. So there’s a great temptation to give this new organization great responsibility. After all, the old agencies have sometimes failed, and the new agency has not.

Unfortunately, that’s only the second stage. In the third stage, the new organization actually begins work. In the glare of publicity it takes up its new responsibilities. But as a brand-new agency, it has to hire staff, find space, let contracts, arrange for IT support, and lease copiers, all before it can begin to carry out the missions that it has been assigned. Meanwhile, the agencies that lost ground in the reorganization snipe from the sidelines or make a bid to recapture their old turf. Six months after it’s been created, the new agency is still struggling to put in place the basic capabilities that any agency needs to function. Instead of the ideal organization imagined by lawmakers and commission members, the new agency is all too flawed. Only after years of effort does the reorganization begin to produce improvements that the outside world can see.

I’ve lived that cycle. I’ve helped write reports that called for the creation of new organizations to respond to existing agencies’ flaws. I’ve joined new organizations full of enthusiasm for the newly imagined perfection that they will embody. And I’ve labored to deliver perfection in offices that had no light bulbs, no staff, and no way to move paper around the office. It’s that experience that makes me dubious about creating a National Office for Cyberspace.