Monthly Archives: August 2015

Junk Science — A Telltale Sign

Posted on by
1

The other day a friend of mine posted a link to a peer-reviewed scientific study concerning the effects of a vegetarian diet. He posted an excerpt from the paper’s abstract:

Our results revealed that a vegetarian diet is related to a lower BMI and less frequent alcohol consumption. Moreover, our results showed that a vegetarian diet is associated with poorer health (higher incidences of cancer, allergies, and mental health disorders), a higher need for health care, and poorer quality of life.

Before I even clicked the link, alarm bells were going off. Just in those two sentences, they list seven things measured. That’s not science, kids, that’s shooting dice in the alley. If you measure enough things about any group of people you’ll find something that looks interesting. Holy moly, I thought, how many things did this survey try to measure, anyway? (I believe the answer to that is eighteen.)

It’s possible that some of the correlations these guys found actually are significant, and not the result of random chance. It’s not possible to tell which ones they might be, as it’s almost certain that many of the conclusions are completely bogus.

And then there’s selection bias. I read elsewhere (link later) that in Austria, many vegetarians eat that way on Doctor’s orders, because they’re already sick. That will skew the numbers.

But the paper was peer-reviewed, right? I spent a little time trying to figure out who those peers might be, but there’s no sign of them I could find on the site where this paper is self-published. And, frankly, “peer-reviewed” doesn’t mean shit anymore. Peers are for sale all over the place. If you can’t see the credentials of the people who reviewed the work, it may as well not be peer-reviewed at all.

And none of the authors seem to have any credentials or degrees themselves. Perhaps they just didn’t feel compelled to mention them, but that strikes me as odd — especially for Europeans, who traditionally love to lay on the titles and highfalutin name decorations.

The site has 53 references to that article being mentioned in the media. Some of the places that quote this nonsense actually have “science” in their titles. Sigh. Apparently Science 2.0 is Science where you believe every press release that crosses your desk. Perhaps Muddled Ramblings and Half-Baked Ideas will make number 54 — although I suspect the keepers of PLOS ONE might not want this reference promoted. But to their credit they do show the link to an article in that Bastion of Science Outside Online, where at least one journalist took a sniff before pressing the “publish” button.

Outside Online, you do science better than Science 2.0. You have my admiration.

So is this research totally useless? Actually, no. It’s possible a grad student somewhere could find ONE of the claims made in the paper interesting enough to do REAL science to improve our understanding of nutrition and health. The study might be to test the hypothesis “a vegetarian diet increases the chances of lymphoma,” or something like that. A single question, while keeping the rest of the variables as controlled as possible in a human study (which is really tough).

That work would take years to accomplish and would not show up in The Guardian or probably even Outside Online. It would be a small brick in our edifice of understanding, a structure that has been growing for hundreds of years.

So when you read about “a study” that shows many things, look at it with squinty eyes and you’ll see behind it a group of people rolling the dice, and there’s often no telling who their master is. It’s not really a study at all, but a press release with numbers.

1

Thanks!

Inspiration is All Around Us

Posted on by
Reply

lrgGRA214747220_MLP_twilight_sparkles_twinkling_balloon_3_1000Riding from home to work along a well-worn groove, I get to know some of the debris that builds up along the side of the road. For the past couple of weeks I’ve noticed a My Little Pony doll in the gutter — underneath a layer of road grime its plastic body is in that pink-going-on-purple range of hues, while the nylon fibers of the tail are more aggressively purple, and still shimmery-sparkly.

This particular little pony has been decapitated; it lies mutilated and forgotten, waiting for the street sweeper. When I see it I can’t help but think of a sketch you might see on Robot Chicken: A mash-up of The Godfather, My Little Pony, and this slightly disturbing story by Kij Johnson. In my “research” for this episode I see that at least some MLP’s even have unicorn horns, making Kij’s Nebula-winner even more appropriate.

The sun rises to find BITCH PUDDIN’ waking from her slumber. She doesn’t look so good; last night’s hard partying has taken its toll. The camera pulls back and… MY LITTLE PONY’S head is in the bed next to her, bleeding sparkly rainbow-blood into Bitch Puddin’s satin sheets…

Practically writes itself.

Thanks!

Sucky Irony

Posted on by
4

Today at work I was wrestling with a database connection that was defying all my attempts to make it play nice. I needed to type in a command that I couldn’t pull off the top of my head, but I knew where on this blog to find it.

So quick like a bunny I typed in muddledramblings.com to find the answer, and I was greeted with a screen that said, in big bold letters:

Error establishing database connection.

Sigh.

Obviously it’s fixed now, or you wouldn’t be reading this, but dang.

Thanks!

A Good Place to Be

Posted on by
Reply

This is a big technical discourse that ends with a restaurant endorsement. Because Agave in San Jose is a good place to be.

Today pretty much sucked. It started last night, when I ran a routine software update on the heroic little computer that brings you these ramblings. It is a Mac Mini tucked away on a shelf in a climate-controlled facility in Henderson, NV; a little machine that just plugs along year after year.

As a primer before I dive into that part of my hardship, let me take a moment to describe the UNIX world. UNIX is a computer operating system that has been copied and recopied into different kinds of Linux and BSD, as well as Apple’s Darwin, but philosophically the different flavors have much in common and share a lot of little programs. In fact, it’s all about the little programs. Each little app is designed to solve one problem perfectly, and larger applications use these underlying facilities. A graphics program could depend on dozens of underlying libraries.

So when you install one of these programs, how can you be sure all the parts it depends on exist on your system? It’s a huge chore, made much simpler by package managers. Package managers are special programs that maintain a database of who-needs-what so when you install SuperGameMachine it will automatically install CleverGraphicsLibrary, and that in turn will require StupidGraphicsLibrary, and that will require something called gl (actually the names of all these things are criminally terse, so you can never deduce the purpose from the name — CleverGraphicsLibrary would be named cgl).

Anyway, a major upgrade of ncurses just came out, and it gave me a hellish few hours. That database of who depends on what? Well, it turns out is wasn’t so complete, in the MacPorts world. ncurses had been so stable for so long that many program maintainers didn’t even realize they depended on it. The update came along and those programs were still looking for the old version. One of those programs was bash. bash is part of mac OS, but there was a massive (MASSIVE!) security hole in bash and I went to MacPorts to get the new version faster.

When you watch hackers on TV, when they’re typing cryptic symbols into their black screens, mostly they’re giving instructions to bash. Bash is a shell, which is a name for a program that takes stuff you type and does stuff as a result. For veracity, hackers in movies might compare the merits of bash and zch or tsch, but at this time bash is boss.

So when you open up a window to type those cryptic commands, it will launch your chosen shell. If you set your preferred shell to be bash, and then bash is broken, you are screwed. You are especially screwed if you don’t have physical access to the box. You try to log in, bash fails, and you sit at your terminal in helpless frustration, shouting to the uncaring gods of the night. Even if the package manager eventually sorts out the problem, you can’t get in to run the repair.

OK, this is getting long. I got through that, but there wasn’t a lot of sleeping involved. (Two bug tickets at MacPorts now closed.)

Then, today, after a rather frustrating meeting at work, I was betrayed by my bar. By my BAR! By my quiet haven in this noisy world. We had a contract — I paid a chunk in advance and got a discount on my first frosty mug of happiness on each visit for the rest of my life. I am not dead yet, but new(ish) ownership of Rookies Sports Lodge says it will no longer honor the deal. Should I shout? Threaten? Walk away?

It’s going to take some doing to make today come out right.

So here I am at Agave, the neighborhood cantina, and things are starting to feel better. I am working up the vocabulary to make sure that the official Muddled Sweetie gets her chicken burrito smothered with lots of good stuff. None of the English-speaking staff seems to be on tonight.

But make no mistake, these guys here make good food, for a good price. The menu now has many prices lined out and raised with a ball-point pen, but those big-ass burritos still hold the price line. And even the new ball-point prices are a steal. There aren’t many places in this town where my internal cheap bastard and my internal gourmand can party together, but this is one.

Waiting for the food, sippig Negra Modelo, listening to music with bright trumpets and tight vocal harmony, things are starting to feel better. I’m gonna be all right.

2

Thanks!

Comparing Mileage

Posted on by
2

Today I rode past a billboard advertising a Jeep SUV of some sort, proclaiming the beast gets 39 miles per gallon. That’s not too shabby — build a carpool around that vehicle and you have decent efficiency. It made me wonder, as I pedaled along: what sort of mileage am I getting?

Strava estimates that at my rather-slow cruising speed along a straight, flat road (fair for comparing “highway mileage”) I’m putting out about 150 watts of effort (or less, but I’m rounding in favor of cars). Pessimistically I’m burning about five times that in stored food energy (my gasoline equivalent); the rest of the energy winds up as heat in my muscles. So I’m consuming about 750 watts to roll along at 15 miles per hour. That’s fifteen miles for 750 watt-hours, or 20 miles for one kilowatt-hour.

A gallon of gas has the energy equivalent of about 37 kWh, so were I running on gasoline, I’d get about 20 x 37 miles, or roughly 740 miles per gallon — let’s call it 700 to avoid any pretense of precision.

700 mpg! Not bad! If I lost a little more weight my mileage would get even better (or more likely I’d just ride faster).

2

Thanks!

How We Will Know When Artificial Intelligence has Truly Arrived

Posted on by
1

I just asked Siri to set my alarm for never o’clock. I did not get a courtesy chuckle, or even a roll-eyes emoji or a “gee, I’ve never heard that one before” retort. So, for the nonce, our machines remain our faithful servants.

1

Thanks!

Billion-Person Problems vs. Individual People

Posted on by
3

I read an article today idolizing Larry Page, head honcho at Google. I have to confess, reading Larry’s quotes, I was pretty damn impressed. Some of his goals are downright “holy fuck, that’s awesome”. If even a small percentage work out lots of people will be helped. Larry calls them his billion-person problems. But…

Can you solve billion-person problems while exploiting a billion individuals?

GoogPut another way: here’s a billion-person problem that Google is central to: the erosion of privacy in the modern age. For instance, Google has taken very seriously securing your information as it travels from your computer to their servers. But once that email hits their hard drives, it’s fair game! As long as no one else can get at your info (well, except governments with leverage over the Goog), all is well with the world.

Before I get too deep in this rant, let me say that the Internet would suck a lot more without Google’s search engine. I use Duck-Duck-Go to exploit the power of the search without yielding up my personal info. I realize that’s kind of like getting sushi and not paying; if everyone did that, search engines would have to start charging for their services and people would be faced with putting a monetary value on their privacy.

And, I think there’s a lot to be said for the way Google runs their company, they way they commit to their managers rather than just making the best engineers the bosses of other engineers. I give them big props for that. That comes from the very top and Larry Page deserves credit.

But now, on with the rant!

What Google knows when you use their payment system (Google Wallet):

Google Wallet records information about your purchases, such as merchant, amount, date and time, method of payment, and, optionally, geolocation.

What Apple (my employer) knows when you use their payment system (Apple Pay): Nothing.

Apple Pay was designed from the ground up so that Apple could not get your personal information. This made it way more complicated to implement and added hardship for banks as well, but it was a fundamental tenet of the system. Apple gets enough aggregate information back from the banks so they can get their fees, but none of your personal information is in that data. In contrast, Google (not just their wallet) has been built from the ground up to collect and sell your personal information.

Of course, the banks still know, and the merchant still knows, and Amazon tells advertisers what’s in your wish list… So it’s not just Google here. But Google has access to information you never intended to be known — a lot of it — and they have a unique opportunity to make meaningful change on this front.

Nest, the hot-spit thermostat/smoke detector company was bought by Google. I was discussing it the other day with a co-worker who is a (mostly) satisfied customer. It sounds like a pretty cool system, but I mentioned there was no reason for the damn thing to be in the cloud just to be operated from my phone — it just needed to be part of a personal network that could talk to all my devices. My friend, who has a buddy who works at Nest, shrugged and said, “they have to collect and aggregate data to make the service work right” (or something like that). I accepted that at the moment, but later I realized: NO THEY DON’T. I want my home automation to be based on ME, not some aggregate of other people. And, if they made the data collection voluntary, I might even opt in if it looked like it would help the collective good. It’s something I do.

I voluntarily share personal information all the time. I share my bike rides (but suppress the exact location of my house). I share my image on Facebook. I share biographical data right here on this blog. I probably share more personal information than I should, but I make a big distinction between voluntary sharing (Facebook) and involuntary sharing (having my emails read by a corporation). Even though I don’t use a gmail account, my emails are still read every time I send a message to a gmail user. Does it matter if I’ve agreed to their terms of service or not? No. No, it doesn’t.

Microsoft took a couple of shots at Google a while back, promoting their email and search services as being more privacy-friendly than Google’s. But, amazingly, Microsoft kind of half-assed it (they had a produced-by-local-TV-station look) and they failed to deliver the message effectively, the way Microsoft is wont to do. Still, at least they tried.

If Google would do one thing, a thing that is in their power to do, I will take back everything else I have said about them. If they provide real encryption for their emails — encryption all the way to their servers, encryption they won’t have a key to unlock, so only the intended recipients can read it, I’ll believe that they care about me, and the other billions of people in the world. And it would be a hell of a selling point for gmail.

Thanks!

Damn Right I Throw Like a Girl

Posted on by
1

Once, in a bar, I watched a young woman throw darts. “You play third base,” I said to the complete stranger.

She turned to me, surprised. (I was also a little surprised, because somehow I had spoken to an attractive stranger.) “Second base,” she said.

I was surprised in turn. Her delivery of the dart was pure infield, but with a shoulder motion that meant velocity was rewarded – but not to the degree of the big outfield throws. I think on God’s team she would have played third. She would not have been on God’s darts team.

My throw, when my arm is working right, is a lot like hers. (Though I can CRUSH her at darts. Totally different throw.) A short, low-shoulder whip, but with enough extension to send the ball a long way. Made for third base. Not that big-circle outfielder throw, or that tight second-base throw where you also have to give the first baseman a look at the pill before you chuck it her way.

Like the French are to cheese, we in America are to the overhand throw. Nowhere else is it so dissected, so analyzed, so understood. And nowhere else will you find the medical knowledge to deal with injuries to the shoulder. We live in the nation of the overhand throw. Baseball, football, even basketball, somehow on this continent we decided that it was OK to use the appendage best-suited for moving a ball to move a ball in sports.

On this continent, when you say someone throws like a girl, you are comparing them to a group where many throw way better than you do. Around here, there are a lot of girls who can seriously bring it. So let’s get this right.

When you want to disparage someone’s ability to chuck something, the correct phrase is “Throws like a European.” Have you seen those guys? Shit, it’s like they haven’t even realized they have elbows.

3

Thanks!

How You Know You’ve Ended a Story Well

Posted on by
4

My sweetie and I binged our way through Breaking Bad. The series was over before we even started, and we chewed through that mother in record time. During intermissions for work and sleep we talked about what was going on, and looked forward to more time with the series.

And then it ended. A you-saw-it-coming-from-a-mile-away-but-were-still-blown-away ending. An ending so complete and poetic that I have to sit back and admire it. I don’t hope for more tack-on seasons or spinoffs (though the prequel Better Call Saul, which we started watching before we dove into Breaking Bad, is mighty fine).

But Breaking Bad is over. It finished when it was right to finish, and if maybe some characters found redemption is was not the sort of redemption that carries them forward.

I miss the show. But I don’t want more.

Thanks!

Calculating Calories is Hard!

Posted on by
2

I’ve been using both MapMyRide and Strava to track my bicycle rides recently. In addition, I’ve been using the activity app on my slick new Apple Watch. Each estimates how many calories I burned on my ride, but the numbers are very different. For example, on my ride to work yesterday morning:

MapMyRide: 814 Calories
Strava: 643 Calories
Watch: 757 Calories

Dang – those are quite different numbers, especially when you consider that MapMyRide and Strava are using pretty much the same data and coming to very different conclusions. What gives? CAN I EAT THAT DONUT OR NOT?

Before we get too deep into “who’s right and who’s wrong?” debate, lets take a moment to recognize that it doesn’t really matter.

Calorie counting is not an exact science on either the consumption or burning sides, and if you’re not losing weight with your current numbers, adjust your exercise or intake accordingly.

If you app says you’re doing an insane 10,000 calories per workout but the weight is hanging on, push yourself to 11,000. The number doesn’t have to be right, it just has to be consistent.

Strava and MapMyRide use speed and (maybe) elevation change in a formula with the rider’s weight to come out with an estimate of how many calories the rider burned. Strava lets me set the weight of my bike; I don’t know what MapMyRide assumes. I’m pretty confident that neither really uses elevation changes well. And headwinds? Forget it.

Both services can come up with a better wild-ass guess if you use a special crank or pedals that directly measure how hard you are working. They directly measure the output of your muscles, so the only remaining guesswork is how many calories you burned to do that work (some people are more efficient than others). There’s a Garmin setup that will tell you if one leg is doing more work than the other. I have no such device.

The most accurate way available to measure calories burned is to measure how much carbon dioxide one exhales. Rather than measure the work you did, you’re measuring how much exhaust you produced. This is impractical on a bike ride, however.

Which brings me to the gizmo strapped to my wrist. It estimates calories based on my heart rate. I have no idea what formula it uses, but hopefully it incorporates my resting heart rate (which it measures throughout the day) and my weight (which I have to remember to tell it), and maybe even my age. The cool thing is that heart rate is directly related to carbon dioxide production. When I’m riding fifteen mph with a tail wind, I’m barely working at all. When I’m pushing against gale-force breezes at the same speed, I’m huffing and my heart is thumping. To Strava and MapMyRide, the rides look the same. The watch knows the truth.

When WatchOS 2 comes out (the “features we couldn’t get perfect in time for WatchOS 1” release), Strava will be able to access my heart data. I’m interested to see what that does to the numbers.

In the meantime, I’m listening to my watch.

2

Thanks!

How Secure is Your Smoke Detector?

Posted on by
Reply

heartbleedYou probably heard about that HeartBleed thing a few months ago. Essentially, the people who build OpenSSL made a really dumb mistake and created a potentially massive security problem.

HeartBleed made the news, a patch came out, and all the servers and Web browsers out there were quickly updated. But what about your car?

I don’t want to be too hard on the OpenSSL guys; almost everyone uses their code and apparently (almost) no one bothers to pitch in financially to keep it secure. One of the most critical pieces of software in the world is maintained by a handful of dedicated people who don’t have the resources to keep up with the legion of evil crackers out there. (Google keeps their own version, and they pass a lot of security patches back to the OpenSSL guys. Without Google’s help, things would likely be a lot worse.)

For each HeartBleed, there are dozens of other, less-sexy exploits. SSL, the security layer that once protected your e-commerce and other private Internet communications, has been scrapped and replaced with TLS (though it is still generally referred to as SSL), and now TLS 1.0 is looking shaky. TLS 1.1 and 1.2 are still considered secure, and soon all credit card transactions will use TLS 1.2. You probably won’t notice; your browser and the rest of the infrastructure will be updated and you will carry on, confident that no one can hack into your transactions (except many governments, and about a hundred other corporations – but that’s another story).

So it’s a constant march, trying to find the holes before the bad guys do, and shoring them up. There will always be new versions of the security protocols, and for the most part the tools we use will update and we will move on with our lives.

But, I ask again, what about your car?

What version of SSL does OnStar use, especially in older cars? Could someone intercept signals between your car and the mother ship, crack the authentication, and use the “remote unlock” feature and drive away with your fancy GMC Sierra? I’ve heard stories.

You know that fancy home alarm system you have with the app that allows you to disarm it? What version of OpenSSL is installed in the receiver in your home? Can it be updated?

If your thermostat uses outdated SSL, will some punk neighbor kid download a “hijack your neighbor’s house” app and turn your thermostat up to 150? Can someone pull a password from your smoke detector system and try it on all your other stuff (another reason to only use each password once)?

Washer and dryer? The Infamous Internet Toaster? Hey! The screen on my refrigerator is showing ads for porn sites!

Everything that communicates across the Internet/Cloud/Bluetooth/whatever relies on encrypting the data to keep malicious folks away from your stuff. But many of the smaller, cheaper devices (and cars) may lack the ability to update themselves when new vulnerabilities are discovered.

I’m not saying all of these devices suck, but I would not buy any “smart” appliance until I knew exactly how they keep ahead of the bad guys. If the person selling you the car/alarm/refrigerator/whatever can’t answer that question, walk away. If they don’t care about your security and privacy, they don’t deserve your business.

I’ve been told, but I have no direct evidence to back it up, that much of the resistance in the industry to the adoption of Apple’s home automation software protocols (dubbed HomeKit) are because of the over-the-top security and privacy requirements. (Nest will not be supporting HomeKit, for instance.) In my book, for applications like this, there’s no such thing as over-the-top.

1

Thanks!