Lawnmowers, risks and rebates

If you care about air quality, you also probably cringe every time someone brings up the subject of recreational or utility gas-powered engines. These workhorses are notoriously inefficient and designed with virtually no emission controls whatsoever, although historically they have the odd distinction of being called “less costly” because they pollute more.

According to EPA analysis [reported in 1998], the small engine regulation will increase the cost of equipment by an average of $5-7 per unit, but durability will improve and fuel efficiency will increase for most small engines. These improvements in engine technology may offset the increase in cost.

It all comes back to what you value, right? If raw power is all you are after, then you essentially only measure one type of output — a very artificial test, like measuring the color of a steak but ignoring the taste. Simply put, good engineers are encouraged to factor in common risk (noise, toxins, wear, lost input/efficiency), if they want to measure and report the real output(s).

I think I was first alerted to the problem more than a decade ago when travelling by small-engine rickshaws in Asia that belched plumes of poisonous petroleum exhaust. The inefficiency of these engines was staggering at the macro level, but because the real risk and costs were not properly burdened by the operators the micro level had a “cheap” formula working to their favor. Fortunately the greater good was brought to bear and these monsters were eventually outlawed in some cities, like Kathmandu, because of the obvious noise/air pollution risk to the general population. I also remember a story on NPR about snowmobile engine opponents. A single operator was said to be creating as much pollution as 1,000 automobiles. That’s just compounded by the habit of some to replace their exhaust with race pipes that have “higher output”. Talk about inefficiency!

The most popular area for winter visitors is located around Old Faithful, most accessible from the West Entrance to the park, where as many as 1200 snowmobiles can pass through during any given day. Here the exhaust is so thick that it is considered harmful to the park rangers operating the tollbooths. The tollbooths have been coated in Plexiglas, and fresh-air is pumped inside to protect the rangers from the harmful fumes. Unfortunately, the park’s wildlife does not have a way to escape the fumes, and is constantly subjected to their harmful levels.

Anyway, this came up today because I read about a “lawnmower buyback program” in the Silicon Valley:

In the spring and summer, gasoline-powered lawn mowers create an estimated nine tons of air pollution every day in the Bay Area. Grass trimmings also make up a significant portion of the waste that gets buried in local landfills. By switching to an electric mulching mower or push mower, you can save time and money while cutting down on air pollution and yard waste.

This spring, the Air District is sponsoring mower exchange events in Santa Clara and Contra Costa counties. Rebates of up to $150 are available to those who wish to exchange their old gas-powered mowers for new air pollution-free electric ones.

Interested participants should bring their mowers, drained of gas and oil, to a participating Home Depot store at the date and time listed below. You must turn in your old mower for recycling to get a discount. You can attend either event, provided that you are a resident of the nine-county Bay Area.

May 6th, 8a – 12p
Campbell Home Depot
480 E. Hamilton Ave.
(408) 866-1900

May 20th, 8a – 12p
Pittsburg Home Depot
2300 N. Park Blvd.
(925) 476-1900

Lawn Mower Buy-back events are on a first-come, first-served basis, for as long as supplies last.

Very cool. Such is life that incentives have to be created like this to offset the dynamic of today’s American chic. The “victory garden” seems like some sort of unpalatable fantasy rather than a hot topic in the US. The pride many have in wasteful consumption is tied to individual calculations of short-term expense as well as pleasure; it’s like the cluelessly lavish parties that ran right up to the market crash in 1929. In fact I was at a gathering just last night where a very wealthy woman said she was trying to fight the chilly weather by driving her giant SUV more often and revving the engine whenever possible.

The reality is that it is hard to off-set this kind of idiocy without some kind of carrot because the average American consumers clearly do not desire to think through the big picture implications of their actions. And if you follow the US energy company line of reasoning, consumers and the providers should be allowed to create toxic conditions in order to make a decent living, and the government should then step in to pay for the cleanup. It’s the rickshaw driver model, but in America the rickshaw driver parent corporations have more power over the government than vice versa, so don’t expect the Bush administration to enact the kind of ban on harmful emissions that Asian countries have shown they are willing to make.

Incidentally, I wonder how many people will buy a gas mower on craigslist (about $25-$125 right now) just to get the buyback rebate? I mean if you don’t have any mower at all that’s a chance to prevent someone else from using a gas mower. This seems oddly similar to when large technology companies buy emissions credits in order to support renewable energy innovation as well as block other companies from polluting past their allocation.

And that’s my ramble for today. Now, how do we start setting financial incentives to reduce the number of vulnerable applications that are released to the public?

Risk Homeostasis and the Paradox of Warning

Over the years, people have pointed me to the theory of risk homeostasis, as put forth by Dr. Gerald Wilde, Professor Emeritus of Psychology, Queen’s University.

How do we balance risk and safety? The synopsis of Wilde’s theory is that if you perceive a change will make you safer, then you actually may be prone to take more risk, thus negating the actual risk reduction. However, if you want to be safer than you will make real tangible reductions in risk. I have two thoughts that immediately come to mind when I hear this kind of discussion coming my way:

  1. If the risk reduction is in fact effective, then it is effective, and you might want to take on that additional risk. That is to say that if you increase the capacity of your risk “cup”, so to speak, then you are indeed able to take on more risk beyond the level you were at prior to the increased capacity. It is a misnomer to say “see, I still got hurt” without factoring the level of hurt you would be at without the risk reductions. Soldiers do not wear armor because they want to put themselves more in harms way, they are forced to put themselves in danger and thus desire better protection.
  2. Measuring perception is like measuring taste. Maybe people in one sample group are all accustomed to eating pumpkin and associate it with cool evenings in October with family, while another sample group has never tasted the stuff before and had no idea food could be orange. Which groups perception, when measured, is going to provide a reliable indicator of the next sample group? Both, neither…? Exposure (time) and culture are definitely factors that can skew measures of perception.

At the end of the day it seems Wilde is suggesting that the only accurate measure for reduction of risk is an agent’s personal desire to be safe. The more you want something, apparently, the more likely you will get it in Wilde’s world, and perhaps vice versa. Yet he confesses that the problem with wants is that their definition hinges on proper information and a rational actor who will know how to decipher the data and make a proper decision. We want to eat, not make ourselves ill, but do we have reliable enough data in our hands to know whether a burger will increase our risk disproportionately to other lunch options?

Wilde’s writing is full of insightful examples and anecdotes and definitely worth reviewing. Here’s a sample from chapter six that discusses “Intervention by education“:

Other victims of the “lulling effect” have been reported, e.g. children under the age of five. In 1972, the Food and Drug Administration in the USA ordered manufacturers of painkillers and other selected drugs to equip their bottles with “child-proof” lids. These are difficult to open for children (and sometimes for adults as well) and often go under the name of “safety caps,” a misleading name, as we will see. Their introduction was followed by a substantial increase in the per capita rate of fatal accidental poisonings in children. It was concluded that the impact of the regulation was counterproductive, “leading to 3,500 additional (fatal plus non-fatal) poisonings of children under age 5 annually from analgesics”.[17] These findings were explained as the result of parents becoming less careful in the handling and storing of the “safer” bottles”. “It is clear that individual actions are an important component of the accident-generating process. Failure to take such behavior into account will result in regulations that may not have the intended impact”. Indeed, safety is in people, or else it is nowhere.

If parents can be blamed for the lack of effectiveness of safety caps, does a government that passes such near-sighted safety legislation go guilt-free? Does an educational agency that instills a feeling of overconfidence in learner drivers go guilt-free? Does a traffic engineering department that gives pedestrians a false sense of safety remain blameless; or a government that requires driver education at a registered driving school before one is allowed to take the licensing test? Is it responsible to call a seatbelt a “safety belt”, to propagate through the media such slogans as “seatbelts save lives”, “speed kills”, “to be sober is to be safe”, “use condoms for safe sex”, or others of the same ilk?

In any event, it is interesting to note that accident countermeasures sometimes may increase danger, rather than diminish it. If stop signs are installed at junctions in residential areas and at all railway crossings that have no other protection, if flashing lights appear at numerous intersections, if warning labels are attached to the majority of consumer products, these measures will eventually lose their salience and their credibility. They amount to crying wolf when no such beast is in the area. And in the rare event it is, the warning will no longer be received and there may be a victim.

This is why over-use of warnings may be dangerous. A warning that is not perceived as needed will not be heeded–even when it is needed. “A warning can only diminish danger as long as there is danger.” This is the paradox of warning. It sounds puzzling, but what it means is that warning signs can only make people behave more cautiously if they agree that their behaviour would probably have been more risky if they had not seen the warning sign.

Measuring Success

I’m often asked to help quantify the success of a security program and create incentives. I was recently trying to explain the dangers of measuring the wrong numbers, when I found a book called Measuring and Managing Performance in Organizations. Looks very relevant.

Because people often react with unanticipated sophistication when they are being measured, measurement-based management systems can become dysfunctional, interfering with achievement of intended results. Fortunately, as the author shows, measurement dysfunction follows a pattern that can be identified and avoided.

The author’s findings are bolstered by interviews with eight recognized experts in the use of measurement to manage computer software development: David N. Card, of Software Productivity Solutions; Tom DeMarco, of the Atlantic Systems Guild; Capers Jones, of Software Productivity Research; John Musa, of AT&T Bell Laboratories; Daniel J. Paulish, of Siemens Corporate Research; Lawrence H. Putnam, of Quantitative Software Management; E. O. Tilford, Sr., of Fissure; plus the anonymous Expert X.

Have you just hired the Mafia?

CNET reports from a conference that the Mafia are now known to be capitalizing in on weak human resource controls in order to get agents installed inside companies:

Speaking on Tuesday at the Infosecurity 2006 conference in London, Tony Neate, e-crime liaison for the Serious Organised Crime Agency (SOCA), said insider “plants” are causing significant damage to companies.

“We have fraud and ID theft, but one of the big threats still comes from the trusted insiders. That is, people inside the company who are attacking the systems,” he said.

“(Organized crime) has changed. You still have traditional organized crime, but now they have learned to compromise employees and contractors. (They are) new-age, maybe have computer degrees and are enterprising themselves. They have a wide circle of associates and new structures,” he added.

Information assets are now so valuable that “trusted” takes on a whole new meaning. Who is in charge of a database with tens of thousands of credit cards? It does not take a mafia boss to realize the opportuntities. But on the flip side, you can’t expect a business to do a six month clearing period and background check on everyone they hire…or can you?

Unfortunately, if a company doesn’t practice defense-in-depth or make use of layers of controls, the cost/slowdown of a thorough background checks on everyone just might be the reality they have to face today. It might have been less costly to run a high level of vulnerability in the past, but as the asset value and threats both increase the total risk becomes untenable.

Boxer on Earthquakes

Senator Barbara Boxer has posted an online guide to earthquake preparedness. I like the fact that she is trying to help people prepare for disaster, but I find it curious that she does not point people to the FEMA pages, or use the same content with localized additions. FEMA has about 45 states classified as earthquake prone; is there anything special about California that they need their own “how to prepare” site? I noted that the navigation bar on the left side of Boxer’s page has “California” links, but nothing that points to the rather helpful FEMA information. I wonder how many other states have decided to create this information (stockpile water and food, keep a radio and flashlight ready, etc.) instead of sharing.

I thought Garrison Keillor did a particularly poetic job when he put the 1906 quake in perspective:

A San Francisco journalist named James Hopper said, “The earthquake started … with a direct violence that left one breathless. … There was something personal about the attack; it seemed to have a certain vicious intent. My building quivered with a vertical and rotary motion and there was a sound as of a snarl. … My head on the pillow, I watched my stretched and stiffened body … springing up and down and from side to side like a pancake in the tossing griddle of an experienced French chef.”

That must be a reflection of the period. It seems to me that pancakes are the last thing anyone today would expect from an experienced French chef. Anyway, Keillor continues:

A policeman said, “[The streets] began to dance and rear and roll in waves like a rough sea in a squall, [then] sank in places and vomited up car tracks and the tunnels that carried the cable. These lifted themselves out of the pavement, and bent and snapped.”

Evidence of literate policemen? I am a firm believer that poetry was the norm in 18th and early 19th century America and it was not uncommon for every sector of society to try and find a perfect turn of phrase; a favorite passtime. Keillor moves from the policeman’s prose to a different voice:

The world-famous tenor Enrico Caruso had performed at San Francisco’s Grand Opera House the night before, and he woke up in his bed as the Palace Hotel was falling down around him. He stumbled out into the street, and because he was terrified that that shock might have ruined his voice, he began singing.

There was a loud sound of an explosion as the city gas plant blew up. Wooden structures caught fire from overturned stoves and immediately began to burn. The fire department went out to fight the fires, only to find that the city had lost all of its running water. Firemen attempted to stop the spread of fire by dynamiting whole city blocks, but despite their efforts the fire raged for three days and most of the city burned to the ground.

More than 500 city blocks and more than 28,000 buildings were in ruins. Some 250,000 people were left homeless. Nearly 3,000 people died. Americans mourned the loss of San Francisco, one of the country’s greatest cities. The journalist Will Irwin wrote in the New York Sun, “The old San Francisco is dead. The gayest, lightest-hearted, most pleasure-loving city of this continent, and in many ways the most interesting and romantic, is a horde of huddled refugees living among ruins. … San Francisco is the city that was.”

So, get that food and water ready.

Can pirates lead a pricing revolution?

Who else? The number of multi-media “pirates” seem to be growing in number so fast that within the next five years a vast majority of media consumers will have joined their “revolution”. Is this really what it means to be a pirate? Yes, although I doubt the title matters, actually, other than to describe the phenomenon of the public resisting price-fixing and over-charging by giant media companies.

The big problem was that everyone, except the media companies themselves, seemed to know that manufacturing and distributing music and video was far below the graft-full $15 to $50 that the moguls want to charge. But for some reason the guys making all the money weren’t about to let the market function rationally (similar to petroleum companies?) since they knew that they had crafted “exclusive distribution rights” to the source material — a giant stick called digital rights and copyright law that they could beat consumers over the head with. Imagine a king saying to the peasants “what do you mean I don’t deserve to own all this land by virtue of birth?” Well, the essential problem is that the labels, even with their giant lobby groups and lawyers, are essentially working against human nature. Remember when American politicians used to say that the USSR could never survive because it was an artificial construct that could never overcome human nature? Yeah, well, when everyone in the world thinks your model is ready to be torn apart, I guess the king had better start thinking about letting the castle walls down before the crowds become unruly — find a way to form their own system of self-rule.

From that perspective I give you news that Warner Brothers has decided to sell DVDs for $1.50:

Warner Home Video has begun trial sales in China of a movie DVD priced at just Rmb12 ($1.50), a move likely to anger consumers in developed markets such as Europe and the US, who typically pay $20-$30 for a recently released film on DVD.[…] “This is a first step to see if the consumer can accept this product at this price,” Ms Hu said, adding that it was too early to judge the results of the experiment.

The article blames “loose enforcement of intellectual property laws” in China, but that’s just another way of saying that the life of pirates has become more popular than a life of the indentured servant. My guess is that the surveys say 10 out of 10 people do not want to have to pay an excessive use-tax without representation for everything they do and enjoy, whether that money goes to a king or a company.

Suicide before death

Did Clausewitz really say that? An author quoted him this morning in reference to blowback from US intervention and the fact that directed foreign regime change is often said to have disasterous consequences. It’s an interesting comment with regard to international security and conflict, but it brings Masada and the Roman empire to mind more than Clausewitz.

Anyway, here’s a thrilling essay by Colonel Harry G. Summers, Jr., USA (Ret) titled Clausewitz: Eastern and
Western Approaches to War
.

the American Vietnam-era military did not “know itself.” Within its ranks a vacuum existed on Western approaches to war. The American military has never been noted for its attention to the theories and philosophies of war. If there ever was an American philosopher of war, it was Antoine Henri, Baron de Jomini, who was particularly influential in the Civil War. His concentration on fixed rules and geometric and algebraic formulas became so pervasive that in 1869 then Commanding General of the Army William Tecumseh Sherman warned the graduating class at the United States Military Academy against the “insidious and most dangerous mistake” that one could “sit in ease and comfort in his office chair and … with figures and algebraic symbols, master the great game of war.”

Seems to be working in Iraq though, no? Summers goes on to conclude, with regard to the Vietnam War, “It was not so much that American commanders read the wrong book on the art and science of war as it was that, in too many cases, they had read no such book at all.”

Of contract negotiation, cryptography, and camels…

Saudi Aramco has a fascinating review of the history and significance of poetry in the Horn of Africa:

Somalia did not possess a written language until 1973, when the Latin alphabet was put to Somali phonetics; until then, people who wanted songs and words in their heads had to either memorize someone else’s or compose their own. […] The verses are learned by ear, for a Somali proverb says that “he who looks at paper never becomes a memorizer,” and the skills of listening and repeating are gradually applied to the creation of poetry. Part of the training thereafter is informal.

“I can remember the evening bonfires around which the children would gather,” says Dr. Ahmed Artan Hanghee, dean of the Institute of Arts under the Somali Academy of Science and Arts. “The storytellers would come and start recounting the past history of the clan. Then the poets would take over and entertain. The rules of poetry have never been written; they are just absorbed and understood.”

Real poetry is so common that it can fly completely below the radar of our daily lives. It is subtle yet significant and we sometimes only notice its role and complex structure after it is gone. I’ll spare you my ramblings on poetry as a form of language ecology for now, though. The article continues:

But that doesn’t make them easy. Classical poetry, considered the domain of the nomads and the purest form of the language, is lengthy in presentation and strict in style. There are stringent rules of meter and of alliteration, compounded by metrical counts that vary with the length of syllables. Thus the length of its vowel determines whether a syllable counts as either one or two moras, or units. Classical poetry must have 20 to 22 moras per line, as well as a pause after the 12th unit and two words per line that share the same initial letter. In Somali, the first two lines of the poem on page 33 are:

Inta Khayli dhuugyaha cas iyo, dheeh wiyil ah qaatay.

E dhallaanka Aadnigu u baxo, sidatan lay dhawray.

A second style of poetry, called anigarar, has 17 to 18 moras per line, and four other genres employ successively decreasing numbers of units, down to five per line. Woman poets compete in a separate genre of their own called buranbur, with similarly precise rules.

The words are metaphorical, rarely direct, Hanghee says. Most poetry contains the symbol of the camel, which can embody the notions of beauty, woman, provider of life, food, fragile temperament or freedom, or the ideal of nationhood.

“Somali poets talk in the abstract,” says Hanghee. “You’ll find one describing the beauty of a camel, but what he really means is Somali liberty and independence. Or the subject of the poem might be a horse, but he’s really describing the woman he loves. The waves of the Indian Ocean become the waves of decolonization and the freeing of Africa.”

This might seem like a stretch, but I don’t see a lot of dissimilarity to negotiating terms of engagement with giant companies.

We all hunch around the conference bridge using words that are rarely direct. We banter about or offer competing visions of security that can only be described metaphorically. And perhaps like working with nomadic herdsmen in the Horn of Africa, it is a perpetual challenge to bring security experts to agree on single sheet of paper that they feel does not restrict their future desire(s) while still honors their pride and heritage. You’ll find one describing the beauty of a control, but what s/he really means is consumer liberty and independence…

Door skating (unexpected friends)

The Mercury News reported on a case in the Silicon Valley that was solved due to a memory-chip sale gone bad. Apparently a man was commuting all the way from Vegas, stealing hardware from large tech companies, and then selling the goods online:

An irate woman traced two faulty $75 memory chips she had been sold on eBay to a seller and complained to the chip makers. Police with the Rapid Enforcement Allied Computer Team traced the name. Using a search warrant to go through the logs of an airline passenger clearinghouse service, they found Young had been flying in and out of the Bay Area for three years around the times of the thefts. They also saw he was scheduled to fly into the San Francisco airport two days later. He was arrested on the jet bridge.

I guess even the common thief needs quality control…

We all think it’s polite to hold doors open for people, and some insist that a failure to follow this tradition is a sign of rudeness. However, on the other hand, our politeness becomes our weakness as attackers find it a convenient way to “skate” their way into secure facilities without hassle.

As Emily Dickinson once said:

    “Remember me” implored the Thief!
    Oh Hospitality!
    My Guest “Today in Paradise”
    I give thee guaranty.

    That Courtesy will fair remain
    When the Delight is Dust
    With which we cite this mightiest case
    Of compensated Trust.

    Of all we are allowed to hope
    But Affidavit stands
    That this was due where most we fear
    Be unexpected Friends.

Expect the unexpected?

Update: I soon found myself pondering in/out access points in the Silicon Valley. Where have the designated “in” and “out” doors gone? That would at least cut down on the folks skulking around or trying to find a common exit to exploit, since they would be obviously acting spuriously unless entering through an “entrance”. Virtually every door I have seen lately, even in some “high-security” datacenters, has been bidirectional. Odd.

Stanislav Evgrafovich Petrov Day

I agree with Cosmic Variance that there should be an international Stanislav Evgrafovich Petrov Day to celebrate human reasoning. Those with the most compassion and experience (call it intelligence, if you must) seem the least likely to jump to false conclusions, and therefore are worthy of recognition for the hugely beneficial role they play in modern society. The Wikipedia explains:

Stanislav Evgrafovich Petrov (Russian: СтаниÑ?лав Евграфович Петров) (born c. 1939) is a retired Russian Army colonel who, on September 26, 1983, averted a potential nuclear war by refusing to believe that the United States had launched missiles against the USSR, despite the indications given by his computerized early warning systems. The Soviet computer reports were later shown to have been in error, and Petrov is credited with preventing World War III and the devastation of much of the Earth by nuclear weapons. Because of military secrecy and international policy, Petrov’s actions were kept secret until 1998.

It only stands to reason that if President Bush were really interested in the study of history, a compassionate person, or a seasoned leader, he probably never would have invaded Iraq based on flimsy and falsified evidence.

the poetry of information security