Eternal sunshine of the innocent mind

Photo copyright The Rat BatWell, India has set itself a goal of being the most screwed up country in the world, and they are well on their way to achieving that goal.

This is the country where monkeys invaded a city, and the city people couldn't kill the monkeys because other people worshipped them, so they hired bigger monkeys to take care of the smaller monkeys.

This is the country where a girl was force to marry a dog in order to lift a curse.

So I shouldn't be surprised that this is the country that did an MRI of a defendant in a court case, and based on the results concluded that she had committed the crime, and sentenced her to life in prison.

And I thought breathalyzers were potential problems in legal cases... this goes beyond everything.

The way this device supposedly works is as follows:
  1. They strap you in
  2. The prosecutor reads to you what they think the crime was, in "first person voice" (i.e. "I went to the store", "I bought the arsenic")
  3. They watch the MRI to see if your memory lights up, indicating that you remember the event, and thus must have been there.

Does this make sense to you? Me neither. First of all, if I wanted to beat one of these things I'd just ignore the prosecutor and think of the Stay Puft Marshmallow Man. Or if I don't want to destroy the world I'd just do multiplication tables in my head or write code. Since there's no way to know if the person is actually listening (the subject isn't allowed to speak), there's no way to know if they're NOT listening either.

Also it's quite notable that the research which led to the invention of this device has not been peer-reviewed. There was someone in the article who was impressed by the device but he is a polygraph expert, among other things. Anyone who believes in polygraphs would believe in this thing.

It's important to be skeptical. It's critical, in fact, to doubt things, because only doubt can lead to truth. So I hope this device remains in India for ever; but if some reputable people can validate the results I'll change my mind. I won't hold my breath.

The importance of transparency

An Arizona defendant was recently awarded the right to examine the source code of the breathalyser used to provide evidence against him. I discussed this a few months ago with some family when the same issue arose in Florida. I think it's critical that Arizona force this issue on the makers of the breathalyser and the police forces that use it, because to date the company that makes the breathalyser in question has never provided the source code and consequently racked up $1.2 million in contempt of court charges.

This is a serious problem in the court system.

The courts need to know that the evidence they collect is accurate. This is the most important thing is a fair court because inaccurate evidence leads to bad results. Guilty people can go free and innocent people can be jailed. These are not desirable consequences. In the case of a breathalyser, especially this one, which is reputed to give odd results from time to time, a person's freedom and life are at stake if the machine doesn't work properly. Thus the court needs proof of the accuracy of the breathalyser, and the only way to know that is to examine the device and its code.

Now, as I've discussed in previous posts, I hate drunk drivers and have no respect for them. I wish the courts were harder on drunk drivers, especially repeat offenders. I'm thinking first time means 5 years in jail, second time means 10 years and lifetime driving ban, third time means we amputate your legs and hands so you can never drive again. But I can't condone sentencing people when there's a chance that the breathalyser isn't working properly, especially if that is the only hard evidence for a DUI.

Every jurisdiction should require this of the breathalyser manufacturers: the design of the device must be fully documented; the source code must be available; there must be a way to determine which exact version of the source code is on which devices; and there should be QA of randomly sampled devices as selected by the state/province/etc. Manufacturers who refuse to comply will simply have their devices returned to them or the devices won't be purchased at all.

It's telling that CMI, the producer of the Intoxilyzer 8000, has never given over their source code even when their clients demanded it; they also refuse to sell the device to anyone but police forces, and the machine also failed to meet precision and accuracy testing in Tennessee, so law-enforcement agencies there are prohibited from using it. The only solution is to allow the defense attorneys to examine the devices and argue before the courts about any defects found. This is the only way we can ensure that the drunk drivers do go to jail, and those who weren't drunk don't.

What is the harm?

Recently I posted about a psychic who caused real harm to a woman with an autistic child. Now, thanks to the Bad Astronomy blog, I've found a site that collects evidence of the harm of psychics and lots of other superstitions. They also mention Colleen & Victoria Leduc's story, and also dozens of other stories about actual harm caused. This kind of resource is invaluable because many people deny that this harm even exists, never mind how widespread it is.

The only downside to a site like this is that a collection of anecdotes are not statistically significant because you don't know how many times these things happen. But the goal of whatistheharm.net is not to make people believe or not believe something, but rather to get them to think critically. And once you know that your naturopath's detox program might kill you, you have more information that you can use to evaluate the situation and you can take the next, important, step and learn more about what you're facing.

A Night of Knives

I just finished reading Ian C Esslemont's "A Night of Knives", which is set in the Malazan Empire. Esslemont is the co-creator of the world but the other creator, Steven Erikson, has already written several huge novels in this series. Erikson's novels are excellent and thus Esslemont's work invites comparison.

You may have noticed that I very recently posted about another book I just finished reading. This is not a coincidence: A Night of Knives is a very short work. This is very obvious when you look at the trade-paperback; it's a tiny sliver compared to the huge tomes Erikson writes. For the regular paperback the publishers decided to use thick paper, large print and wide margins to make the book fatter. Frankly I wish they hadn't, as this just makes it bulkier for no good reason. So be warned: it is a short read.

Aside from the length, I don't have much to complain about. This book is well written; you can tell it isn't written by Erikson but Esslemont's writing style is decent. The only thing that annoyed me about the book was the way the story seemed simultaneously written for people who'd never read Malazan and for people who'd read all of Erikson's works. Basically I found some things under-explained and some things over-explained. Given that it'd been almost 10 years since the first Malazan book came out, I think a certain familiarity with the world could be expected, and thus certain aspects (such as the magic) didn't need to be so "mysterious". We already know how it works! On the other hand, for new readers certain story points could have used more explanation.

Overall the book is a good addition to the Malazan world. It may be better if a new reader reads it part way through the Erikson series; somewhere between books 1 and 2 or 2 and 3 would be ideal. Otherwise the book doesn't really advance Erikson's plot at all, but rather explains some back story. The story is interesting on its own but not crucial to your enjoyment of the main books. (Sorry Ian; you may be co-creator but you're late to the writing party... your book is an accessory).

Mistborn

I just finished reading Brandon Sanderson's Mistborn. I picked up this book because this writer is the man who will be taking over for the late Robert Jordan. Those are big shoes to fill and I was curious to see how this writer would fill them.

Mistborn is a pretty good book but not particularly noteworthy, in my opinion. It was enjoyable to read but the basic premise wasn't as exciting as it could have been. In a nutshell, you've got slaves, an immortal god/ruler, nobles who can perform magic, and renegade slaves who can also perform magic. Naturally you expect that some of the renegades will work to subvert the government and the Lord Ruler's rule, and they do.

The book follows several of the typical fantasy theme: young misfit who, it turns out, has latent magical ability (and is really strong at it), a band of renegades with witty banter, cheesy accents/dialects for some characters, and unsurmountable odds for the heroes of the story.

The book had the feel of a first novel, written when the author may not get around to writing the rest of the series (it's a trilogy). I don't want to give away the ending but things happen very quickly at the end and a lot gets wrapped up almost too easily. Nevertheless the story was fun to read.

What struck me the most about this story is its potential as a video game. Potential spoilers follow. The way the magic is structured is that there are several magical abilities, and most people have no magic, but some people have one ability and a rare few have all the abilities. These abilities require the consumption of various kinds of metals which are "burned" and thus used up. Burning metal uses it up, and burning it harder gives more effect but uses it up faster. Also, two of the magical abilities lend themselves to interesting opportunities for a videogame; the magic users can use nearby metal objects as anchors to push themselves or pull themselves around. For example, if there is a coin on the floor they can stand above it then push themselves up to the ceiling. This leads to very well-defined but complex physics which could be awesome in a video game. Even the way the charaacters in the book are organized leads to good opportunities for a player to fight increasingly difficult "bosses". The beauty of this magical system, as opposed to those of other fantasy realms (like Tolkein's or Jordan's) is that the magic has very clear boundaries and rules and thus you can easily model it in a video game.

In the end, I recommend this book to anyone who likes fantasy; it's not groundbreaking but it was entertaining. I will definitely read the rest of the trilogy (I'm a sucker for finding out what happens... I've been slogging through every stupid Terry Goodkind book for years now) but I don't regret picking up the first book. I have reservations about how well Mr. Sanderson will handle the Wheel of Time but since that story is mostly written I don't think there will be a major problem.

Comment usability

Here's something that many blog readers know about: comments. Most blogs allow comments to be posted and now even newspapers like The Toronto Star allow comments on articles. But so many blogs and other sites fail when it comes to usability in this regard.

One big drawback that most sites have is they don't allow replying to comments where the reply is shown with the comment. This means you have to read through all the comments to find replies to the interesting comments. But some blogs are even worse: they post all the comments in descending order by date. This means you read the replies before you read the comments themselves. The Dilbert Blog is one such blog where I stopped reading the comments, since I have to read the page from top to bottom. This, combined with Scott Adam's philosophy of moderating all the comments at once makes it hard to follow conversations as they develop.

The Star's commenting system is even dumber. For one, comments can be voted on but the votes appear to be useless except to indicate that someone, somewhere, agrees or disagrees with the content of a post. Posts are moderated so you can't tell if a reply to a post is pending before posting your own reply. Posts are in reverse chronological order so you either read them backwards or go to the end and work your way back to the beginning. Finally, the posts are PAGED, so you can't actually see them all on one page. You have to click on links to go from page to page, but when you click the link it replaces the content of the current page with the comments from the previous page, but doesn't move you to the top of the list. Try reading the comments on an article with several pages, such as this one, and you'll see that it's basically impossible to navigate these comments without losing your mind. Plus The Star's policy about comments is even worse, because sometimes comments get deleted and comments are shut off for certain articles very quickly, which prevents real discussion.

The commenting system on Blogger, which I use, is primitive but at least it shows all the comments and in their proper order. It's such a simple thing but so many sites get it wrong.

Ben Franklin's advice

Everyone knows Benjamin Franklin invented the United States, and electricity (or, self-electrocution or something). But did you know he was also an expert about having affairs? Thus he gives his list of reasons why it's better to have an affair with an older woman.

This list has to be read to be believed, but frankly the part that amused me the most was the bit about "all cats are grey in the dark". You can fill in the rest.

I can only imagine the field day the media would have if a modern politician wrote such a letter.

Spice Containers

Club House spice containers are not what you normally think about when you consider the usability of a product. They're quite basic: a little container with three openings: one for sprinkling, one for a spoon, and one to pour the spice. But the newer containers do have a major flaw in their usability: the name of the spice is no longer printed on the side of the package. This means your spice drawer or rack is full of indistinguishable orange boxes, and you have to look at each one individually, potentially going crazy trying to find the cloves. The old package was much smarter: the name of the spice was on the side of the package, making it easy to spot what you need. Such a simple thing, yet some graphics designer somewhere went ahead and ruined it for everyone.

Tira2 and Lirc

I converted my old workstation into a media pc. What is a media pc? Also known as a home-theater pc (HTPC) it's basically a computer hooked up to a TV. This lets me play my MP3s over my stereo system as well as watch digital videos on my tv. I can also theoretically play games on my TV but I don't do that (yet). There was nothing to this setup as my video card automatically supported the TV-out. All that remained was to add remote-control support, so that I could skip to the next MP3 using my trusty all-in-one remote.

My remote is the Pioneer AXD7381, which is a learning remote that came with my VSX-1015TX system. In order for this remote to send signals to the computer, however, I needed an infra-red receiver. Since I don't believe in classic serial ports, I opted to buy a USB IR device called the Tira, from a Toronto-based company. Lirc (the Linux infrared program) claimed to support it and so I figured I'd spring for the $50.

I'd hoped it would be trivial to get this thing going, but I severely underestimated the Lirc documentation. I don't know if I've ever tried to read a less helpful doc. The documentation assumed that you already knew how to set up Lirc, that you were using a serial device (is anyone still using serial devices?), and that you were installing lirc from source. None of those things were true for me, but I managed to get things working after much weeping and gnashing of teeth.

In the end, all I needed to do to get the Tira working was tell Lirc to use the Tira driver. On Fedora 8 you edit the /etc/sysconfig/lirc file and specify the -H Tira command line parameter:

LIRCD_OPTIONS="-H tira"

Easy enough, but the lirc documentation doesn't mention Tira other than to say it supports it. Specifically it doesn't tell you that Lirc won't need any of its usual device nodes, which means you don't need to waste time writing udev rules like I did. I wasted a lot of time because for some reason the Tira would sometimes be recognized as USB device 1, and Lirc refuses to work unless it's device 0 (/dev/ttyUSB1 vs /dev/ttyUSB0 for those of you who understand what I'm talking about). Once I unplugged/re-plugged the Tira a few times things magically started working.

Then I ensured that Lirc started with

/sbin/chkconfig lirc on
/sbin/service lirc restart


Anyway, the executive summary of Tira is thus:

1. It's a USB device that shows up in the kernel as a serial device.
2. Lirc supports usb serial devices but the documentation doesn't seem to want to admit it.
3. Once Lirc starts talking to your tira you need to set up some kind of action to take place. I did this using KDE's IRKicker, a niceadequate gui tool which lets you do things when you press a button on the remote. Unfortunately the tool is more complex than it should be. I've been thinking about this for a few days and I think making the tool easier to use would be a lot of work, but it's still pretty important work. But it's an acceptable compromise, for now.

Now I have another problem, which is that a universal remote control and a universal device (such as Lirc) don't really get along; the remote doesn't know what to say and Lirc doesn't know what to do. Since both devices speak any language, they need to be made to agree as to which language they should be speaking to each other. My remote was originally programmed to control (among other things) a CD Changer, which I no longer use, so I told Lirc to answer to the CD Changer's remote. But that makes it annoying to control things because, among other things, the CD remote doesn't have separate play and pause buttons. At least now it's just a matter of making the right thing happen when you press a button.

What would make this whole process a lot easier is if there were 1. A better installer/auto-detection for IR devices; 2. A standard way of mapping remote buttons, so that if the remote has a "play" button it "plays" the current application, such as a movie player or music player; Also it would be really nice if the Lirc mouse/keyboard control mode was better integrated with standard lirc and programs like IRKicker. But now I can play my mp3s and skip to the next song without getting up and pressing a key. And my music sounds GOOD on my stereo... I never knew how bad my computer speakers were.

PayPal sucks

PayPal are supposed to be the be-all and end-all of payment systems, at least they'd like you to think so. And their feature set is fairly compelling and relatively easy to use... until you decide to integrate an ecommerce application into their system.

PayPal's biggest value is that they make it easy for any random person to implement a basic web store without needing a merchant account for credit-card processing. This, plus the fact that they are the "trusted third party" makes them attractive to every Mom-and-Pop Internet T-Shirt shop out there.

However when you try to use PayPal's system to do any real ecommerce work using your own pre-existing ecommerce solution, you find the limitations in their system fast.

First, they have a multitude of slightly different products and offerings, each with slightly different features and slightly different names. Then they have lots of different ways to accomplish things: for one thing they have two different ways to make your ecom system talk to theirs: SOAP and NVP (name value pair) API. Why two? Who knows!

Then they pay lip-service to important things like testing: they have a "Sandbox" where you can create fake merchants and clients and process fake transactions, but the Sandbox is broken as often as it is working, and lots of things about it are dumb. For one thing it requires a valid-looking phone number for the merchant account setup, and other valid-looking data, even though the data is useless and doesn't factor into the testing at all. But on the other hand, important things like chargebacks can't be simulated through the Sandbox because... well, nobody knows why not.

Then there are lots of other weird glitches; parts of their system accept all character sets and other parts don't, leading to problems when dealing with foreign languages. In this day and age they should be able to use the character-set that the other end of the connection reports, but for some reason they can't. Luckily there is a workaround: you configure your PayPal account to ALWAYS use one character set (the user-interface for this is terrible) and then it works, as long as you never need any OTHER character set. If you don't know what a character set is, you're either lucky or you've never dealt with anything other than English/Spanish/French and you get away with the "Default" character set.

Another problem I had was that, when my code wasn't including the flag to indicate "partial" or "full" refund their system told me the amount was wrong. Well, the amount was right but it turns out something else was wrong... as a programmer I can guarantee you that it's trivial to get these kinds of error messages right, yet somehow they manage to screw it up; this cost me several hours of time trying to figure out what was wrong.

Also I found that there is a bug in their software (exposed through their mis-handling of character sets). I am using the PayPal SDK (software development kit) to interface my system with theirs; but when THEIR server crashes, THEIR sdk ignores the error and does something nonsensical. So I filed a bug, and their response was "use the SDK". I replied that I WAS using it, and eventually they admitted that their system was dumb and that the SDK was broken, but they didn't fix the SDK nor did they fix their system. In the end I had to fix the SDK myself. Not much point in using and SDK if it can't even get these simple basic things right.

Most vexingly is their inability to grasp that other development teams have processes and standards to maintain. My team, for example, works on an isolated test environment that isn't reachable from the outside. One of PayPal's features is that their system will contact your system whenever you have a transaction (this is called Instant Payment Notification or IPN). However for this to work (in testing) I have to have my IT guy open the firewall so that their system can reach my test system. PayPal doesn't seem to understand this and they are reluctant to publish the addresses that their test servers use; we need these addresses so that the firwall can allow them through. PayPal says "use the DNS to find the address". A better solution is to use DNS and reverse-DNS so that you can validate that the address and name match, however, PayPal fails on both of these. Their documentation states that the Sandbox IPN server uses one address (something .110), and their DNS also says this, however in reality it's something.33. And the reverse-DNS for something.33 fails, so there's no way to verify that this is the Sandbox IPN server. When my IT guy opened the firewall for something.110 the IPN failed, naturally, because it was blocked. I didn't know what address it should be so I contacted PayPal. They gave me the run-around, saying, essentially, "your system is wrong" and "don't use a firewall". They refused to admit that they had a problem and wouldn't tell me the true address of their server. I eventually discovered it through another means, then TOLD them their own address, and asked why the documentation didn't match. Their response was to close my support ticket, because now that I had the real address everything worked. Thanks for nothing, PayPal!

Anyway, it's frightening that such a poorly run company is in charge of so much money. Yet people (regular customers) trust them, so vendors need to support them to make sales. I guess in the end it's irrelevant because banks are no better.

Chinese Perapera-kun

I've recently discovered a great new tool to help me learn Chinese: a firefox addon which displays pinyin and english translations for Chinese characters. It's pretty nifty: it shows the translation and Pinyin for the character next to the cursor and, if that character is the start of a common compound word or phrase, it shows the translation for that phrase.