Well I’m in the process of moving the old Tuesday Night posts from yahoogroups to blogspot. This may take a while… hang on, we’ll get there.

And we’re off…

Ian has asked that I send out a correction to all of you regarding his earlier message. In fact, what he meant to say is that he CAN’T say that he’s a fan of Hitler. He is definitely in the anti-Hitler camp. As punishment, he is right now being held by his ankles and forced to wear lederhosen compensate for his Germanic faux pas. He has also purchased copies of both Mavis Beacon Teaches Typing, and Strunk and White. He promises that he’ll never do it again, and that he really hates Nazis. Especially Illinois Nazis. He also hopes that none of you will ever forward that message in the event that he is nominated for a government post requiring confirmation hearings.

So I am in Austin… again… but while I have nothing interesting to say, check out why secrity guru Bruce Schneier has to say about fighting stupid invasions of privacy and security. i From: Bruce Schneier To: Date: Tue Jul 15, 2003 07:09:25 AM EDT Subject: CRYPTO-GRAM, July 15, 2003 CRYPTO-GRAM July 15, 2003 by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc. schneier@c… A free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. Back issues are available at . To subscribe, visit or send a blank message to crypto-gram-subscribe@c… Copyright (c) 2003 by Counterpane Internet Security, Inc. How to Fight I landed in Los Angeles at 11:30 PM, and it took me another hour to get to my hotel. The city was booked, and I was lucky to get a reservation where I did. When I checked in, the clerk insisted on making a photocopy of my driver’s license. I tried fighting, but it was no use. I needed the hotel room. There was nowhere else I could go. The night clerk didn’t really care if he rented the room to me or not. He had rules to follow, and he was going to follow them. My wife needed a prescription filled. Her doctor called it in to a local pharmacy, and when she went to pick it up the pharmacist refused to fill it unless she disclosed her personal information for his database. The pharmacist even showed my wife the rule book. She found the part where it said that “a reasonable effort must be made by the pharmacy to obtain, record, and maintain at least the following information,” and the part where is said: “If a patient does not want a patient profile established, the patient shall state it in writing to the pharmacist. The pharmacist shall not then be required to prepare a profile as otherwise would be required by this part.” Despite this, the pharmacist refused. My wife was stuck. She needed the prescription filled. She didn’t want to wait the few hours for her doctor to phone the prescription in somewhere else. The pharmacist didn’t care; he wasn’t going to budge. I had to travel to Japan last year, and found a company that rented local cell phones to travelers. The form required either a Social Security number or a passport number. When I asked the clerk why, he said the absence of either sent up red flags. I asked how he could tell a real-looking fake number from an actual number. He said that if I didn’t care to provide the number as requested, I could rent my cell phone elsewhere, and hung up on me. I went through another company to rent, but it turned out that they contracted through this same company, and the man declined to deal with me, even at a remove. I eventually got the cell phone by going back to the first company and giving a different name (my wife’s), a different credit card, and a made-up passport number. Honor satisfied all around, I guess. It’s stupid security season. If you’ve flown on an airplane, entered a government building, or done any one of dozens of other things, you’ve encountered security systems that are invasive, counterproductive, egregious, or just plain annoying. You’ve met people – guards, officials, minimum-wage workers – who blindly force you to follow the most inane security rules imaginable. Is there anything you can do? In the end, all security is a negotiation among affected players: governments, industries, companies, organizations, individuals, etc. The players get to decide what security they want, and what they’re willing to trade off in order to get it. But it sometimes seems that we as individuals are not part of that negotiation. Security is more something that is done to us. Our security largely depends on the actions of others and the environment we’re in. For example, the tamper resistance of food packaging depends more on government packaging regulations than on our purchasing choices. The security of a letter mailed to a friend depends more on the ethics of the workers who handle it than on the brand of envelope we choose to use. How safe an airplane is from being blown up has little to do with our actions at the airport and while on the plane. (Shoe-bomber Richard Reid provided the rare exception to this.) The security of the money in our bank accounts, the crime rate in our neighborhoods, and the honesty and integrity of our police departments are out of our direct control. We simply don’t have enough power in the negotiations to make a difference. I had no leverage when trying to check in without giving up a photocopy of my driver’s license. My wife had no leverage when she tried to fill her prescription without divulging a bunch of optional personal information. The only reason I had leverage renting a phone in Japan was because I deliberately sneaked around the system. If I try to protest airline security, I’m definitely going to miss my flight and I might get myself arrested. There’s no parity, because those who implement the security have no interest in changing it and no power to do so. They’re not the ones who control the security system; it’s best to think of them as nearly mindless robots. (The security system relies on them behaving this way, replacing the flexibility and adaptability of human judgment with a three-ring binder of “best practices” and procedures.) It would be different if the pharmacist were the owner of the pharmacy, or if the person behind the registration desk owned the hotel. Or even if the policeman were a neighborhood beat cop. In those cases, there’s more parity. I can negotiate my security, and he can decide whether or not to modify the rules for me. But modern society is more often faceless corporations and mindless governments. It’s implemented by people and machines that have enormous power, but only power to implement what they’re told to implement. And they have no real interest in negotiating. They don’t need to. They don’t care. But there’s a paradox. We’re not only individuals; we’re also consumers, citizens, taxpayers, voters, and – if things get bad enough – protestors and sometimes even angry mobs. Only in the aggregate do we have power, and the more we organize, the more power we have. Even an airline president, while making his way through airport security, has no power to negotiate the level of security he’ll receive and the tradeoffs he’s willing to make. In an airport and on an airplane, we’re all nothing more than passengers: an asset to be protected from a potential attacker. The only way to change security is to step outside the system and negotiate with the people in charge. It’s only outside the system that each of us has power: sometimes as an asset owner, but more often as another player. And it is outside the system that we will do our best negotiating. Outside the system we have power, and outside the system we can negotiate with the people who have power over the security system we want to change. After my hotel stay, I wrote to the hotel management and told them that I was never staying there again. (Unfortunately, I am collecting an ever-longer list of hotels I will never stay in again.) My wife has filed a complaint against that pharmacist with the Minnesota Board of Pharmacy. John Gilmore has gone further: he hasn’t flown since 9/11, and is suing the government for the constitutional right to fly within the U.S. without showing a photo ID. Three points about fighting back. First, one-on-one negotiations – customer and pharmacy owner, for example – can be effective, but they also allow all kinds of undesirable factors like class and race to creep in. It’s unfortunate but true that I’m a lot more likely to engage in a successful negotiation with a policeman than a black person is. For this reason, more stylized complaints or protests are often more effective than one-on-one negotiations. Second, naming and shaming doesn’t work. Just as it doesn’t make sense to negotiate with a clerk, it doesn’t make sense to insult him. Instead say: I know you didn’t make the rule, but if the people who did ever ask you how it’s going, tell them the customers think the rule is stupid and insulting and ineffective." While it’s very hard to change one institution’s mind when it is in the middle of a fight, it is possible to affect the greater debate. Other companies are making the same security decisions; they need to know that it’s not working. Third, don’t forget the political process. Elections matter; political pressure by elected officials on corporations and government agencies has a real impact. One of the most effective forms of protest is to vote for candidates who share your ideals. The more we band together, the more power we have. A large-scale boycott of businesses that demand photo IDs would bring about a change. (Conference organizers have more leverage with hotels than individuals. The USENIX conferences won’t use hotels that demand ID from guests, for example.) A large group of single-issue voters supporting candidates who worked against stupid security would make a difference. Sadly, I believe things will get much worse before they get better. Many people seem not to be bothered by stupid security; it even makes some feel safer. In the U.S., people are now used to showing their ID everywhere; it’s the new security reality post-9/11. They’re used to intrusive security, and they believe those who say that it’s necessary. It’s important that we pick our battles. My guess is that most of the effort fighting stupid security is wasted. No hotel has changed its practice because of my strongly worded letters or loss of business. Gilmore’s suit will, unfortunately, probably lose in court. My wife will probably make that pharmacist’s life miserable for a while, but the practice will probably continue at that chain pharmacy. If I need a cell phone in Japan again, I’ll use the same workaround. Fighting might brand you as a troublemaker, which might lead to more trouble. Still, we can make a difference. Gilmore’s suit is generating all sorts of press, and raising public awareness. The Boycott Delta campaign had a real impact: passenger profiling is being revised because of public complaints. And due to public outrage, Poindexter’s Terrorism (Total) Information Awareness program, while not out of business, is looking shaky. When you see counterproductive, invasive, or just plain stupid security, don’t let it slip by. Write the letter. Create a Web site. File a FOIA request. Make some noise. You don’t have to join anything; noise need not be more than individuals standing up for themselves. You don’t win every time. But you do win sometimes. Privacy International’s Stupid Security Awards: Stupid Security Blog: Companies Cry ‘Security’ to Get A Break From the Government: Gilmore’s suit: Relevant Minnesota pharmacist rules: How you can help right now: Tell Congress to Get Airline Security Plan Under Control! TIA Update: Ask Your Senators to Support the Data-Mining Moratorium Act of 2003! Congress Takes Aim at Your Privacy Total Information Awareness: Public Hearings Now! Don’t Let the INS Violate Your Privacy Demand the NCIC Database Be Accurate Citizens’ Guide to the FOIA

I think I have moss growing in my ears. Here I sit in the home office (yes, I am, in fact, at home in DC) looking at a sunny sky. This is the second day that this is happened. I’m not sure what to make of it. Frankly, I was beginning to forget what DC was actually like. I mean, this cool wet weather was reminding me of my time in the UK and not the hot swampy place we call home. Speaking of homes, it seems that a great number of my friends and List members have just bought new ones. With that comes the compulsive need to completely change them. Mitre saws are purchased. Drills are charged. Butt-cracks are shown. It’s a glorious experience. Here’s a few tips for those of you about to embark on some home improvement tasks: 1) Don’t tug on that - you never know what it is attached to. 2) Working with electricity is fun. Just don’t pee of exposed wires. For that matter, don’t touch them either. 3) Fingers. Keep them clear of the spinning blade at all times. 4) Air-compressed nail guns are not to be used to shoot your brother or significant other… okay maybe once or twice, but no more than that.

Some how I feel that a cycle is complete. While I, a Penn grad, sit next to the Superdome in New Orleans, where Syracuse is in the NCAA finals, Josh, a Syracuse grad, sits at Penn enrolled as a grad student. Now, my beloved Quakers lost to OSU, Sarah’s school, in the first round. The Pokes then lost to Syracuse. (Giving up at 17 point lead, I might add.) So a bunch of us went and saw the Gourds a few nights ago. All I can say is that you have to see these guys in concert. Check out their schedule. Bluegrass, country, disco, hip-hop, all merged into one dirt bag, porch sittin’, gloppy glorious mess. So, another Tuesday night is going to roll by without me in DC. I’m in New Orleans for a conference. Sounds good… but I kinda hate traveling when I really don’t know anyone where I am going. Thankfully, a good friend of mine from Scotland live here; the bad news is… he and his wife are both medical students.

So as of 10:45 am EST: 1) We are not at war. 2) Nothing has blown up yet. 3) Tractor Man , though he mucked up traffic this morning, is my hero. I listened to the monkey last night. What was the whole non sequitur about blackmail? What that a veiled threat against Turkey? Democrats? I am back in town… for nearly a week! I cannot believe it. I find myself staring into the fridge wondering how it got so empty and what is that stuff growing in back… best not to look to carefully. So I new bar opened right near my house: Saint Ex. It’s at the corner of T and 14th. Check it out it is very cool.

Go ahead. Sing Happy Birthday in a public setting. In order to do so, you’ll have to pay a subsidiary of AOL Time Warner royalty fees. Why? Because AOL Time Warner owns the copyright to Happy Birthday and because today the Supreme Court has ruled that the Sonny Bono Copyright Term Extension Act of 1998 is, in fact, Constitutionally sound. The law extended protection from life of the author plus fifty years to life of the author plus seventy years. This not only applies to newly granted copyrights but also previously granted ones as well. This means you can’t sing God Bless America in public until 2064 without playing a royalty. You can’t sing Happy Birthday until 2010. Disney and other major corporations lobbied very hard to have this bill passed. The earliest images of Mickey Mouse, Steamboat Willey, were set to come out from the monopoly granted by copyright and into the public domain. The real tragedy here is that now a great deal of works set to come into the public domain will no longer be able to do so. Our ability to archive and preserve parts of American culture and history has been severely hampered. We, every single American, has lost out on our own cultural heritage. For more info see… http://eldred.cc/ - the case that was actually decided today. The Majority opinion from the Court Justice Stevens’ dissent Justice Breyer’s dissent This helpful copyright timeline

So I have begun remodeling my kitchen. This is both an exciting and terrifying project. The demolition part, to which Ken and Fitz can attest, is fun. Ian smash. Ian smash bricks. Ian smash… shit, well, guess I’ll need to patch that hole. Demolition is fun. Unfortunately, I am not quite done yet with the demolition. Here’s why: In decreasing order of comfort here are the things that I feel okay about messing with: electrical, plumbing, gas. I’m pretty good with things electric. Putting in a new light fixture isn’t such a big deal. You only get a couple wires. I like working with those fun speed cap thingies. Next come plumbing stuff, and here’s where things get a bit dicey. I am pretty good at replacing parts of toilets. I am vaguely okay at taking sinks apart, but beyond that I need a plumber. Finally, there is gas. I do not work with gas pipes. There’s something extremely low level in my body that says, “Hey jackass, let’s not blow up the house. Get someone in here that knows what they are doing.” Surprisingly I listen to that little voice. Gas appliances are supposed to have cutoff valves. These little jobbers work like shutoff valves for sinks. Cut the valve and gas won’t flow into the appliance. Very simple, very easy. Well, the morons that put together my kitchen did not, seemingly, install a valve for the stove. This means two things: one, I ripped up my basement ceiling hunting for a valve only to find none, and two, I have to shut off gas to the whole house in order to remove the stove. Number two shouldn’t be a big deal but I do want to spend a bit of time on number one. If you come over and go into my basement you’ll see a strip of ceiling missing. I spent a good part of today trying to figure how my gas lines run and where the shutoffs are. In the process I found no gas shutoff valves, but I did find a nice major fire hazard. In the ceiling, drywall-ed in, was a recessed lighting fixture… totally hidden from the basement. It had aluminum wires. This, for those of you who don’t know, is a bad thing. Just ask Fitz why he grew up in a trailer park after his house burnt down. The moral of the story is for those of you who have homes or are looking to get one: though things may look all rosy on the outside, there is almost guaranteed to be some crazy shit behind the walls that a lowest bidder contractor installed. Enjoy.

Summer is slowly fading away. It’s still hot. It’s still humid. But it seems that the intense heat and humidity has given up for a while. This makes me very happy. Every summer I question why I live in DC. Every summer I don’t get an answer. I think, in retrospect, that this was The Summer That Wasn’t. This summer absolutely rocked by leaving only vague memories of extreme heat, malaria, and West Nile virus behind. In other news, Warren Zevon has inoperable lung cancer, in both lungs. He seems to be taking it in a way that I would expect him to: “I’m okay with it, but it’ll be a drag if I don’t make it till the next James Bond movie comes out,” said Zevon. For more info check this out. The List wishes him as well as he can be given the circumstances. Painting and home repair… lots of fun. Presently, the Poo Poo Palace is undergoing a bit of a renovation. Chef-in-the-Dungeon Joe is painting his cave. It’s a very nice yellow gold color. Evil-Landlord Ian has been working on his guest bathroom. I had a two hour conference with IBM’s HR department to give an overview of the benefits that they offer their employees. (In case you didn’t see this, IBM is buying Access360.) Well, two hours of HR fun is just a bit too much for me. I muted the speakerphone and started ripping out old bathroom stuff from my guest bathroom: true homeowner multitasking. If anyone would like to help paint, spackle, or rewire the Poo Poo Palace, please let me know.