It is possible to place a “credit freeze” on one’s account at the credit reporting companies. The major ones are TransUnion, Equifax, and Experian.
A freeze prevents other companies from doing credit checks on you, which generally prevents them from opening accounts in your name. This is important because the way that identity thieves monetize their theft is to open credit and bank accounts in your name, that you don’t even know about.
At present, credit freezes are governed by individual state laws, that range all over the map. In Massachusetts, a victim of identity theft with a police report can get a credit freeze for free, but everyone else must pay $5 to each agency to place a freeze and another $5 to lift it, even temporarily, to apply for credit.
In view of the recent Equifax breach which revealed the private information of millions of Americans, it it clear that the credit reporting industry itself cannot be trusted to keep personal information secure.
I propose that credit freezes and credit monitoring be made free for everyone. I would go further and suggest that a credit freeze should be the default state, but I suspect that would just destroy the whole industry (is that a bad thing?)
Since companies cannot keep private information secure, the alternative seems to be to devalue the information. Credit freezes help do that.
This will require state by state or federal legislation. I have just contacted my state representative and senator here in Massachusetts, as well as my representative in congress and both senators, requesting that they sponsor and support such legislation.
I recommend that you do the same.
Here’s what I sent Representative Clark:
I am Lawrence Stewart, of XXX.
In view of the recent Equifax breach which revealed the private information of millions of Americans, including 3 million Massachusetts residents, it is clear that the credit reporting industry cannot be trusted to keep personal information secure.
At present, the best defense against identity theft is a credit freeze, which prevents companies from doing credit checks without your permission. This stops identity thieves from opening accounts in your name.
Credit freezes are governed by a conflicting mess of state laws. Generally someone who has been a victim of identity theft can request a freeze for free, but the rest of us have to pay for the privilege of protecting our credit to the very companies that caused the problem through their negligence.
I urge you to introduce or support legislation to make credit freezes free for everyone. It is the best way to hold industry accountable for their actions and the best way to protect the citizens from identity theft.
Chuck Thacker died yesterday, and the world is poorer for it.
Chuck won both the Draper prize and the Turing award. He’s been described as “an engineer’s engineer”, epitomizing Antoine de Saint-Exupery’s remark that “Perfection is achieved not when there is nothing more to add, but when there is nothing left to take away.” He established a track record of simple, beautiful, and economical designs that is exceedingly rare.
Over the last day I’ve been struggling with how to explain Chuck to non hardware engineers. He could achieve amazing results with fewer components than anyone else and yet after the fact, mere mortals could understand what he had done. But he also understood the physics and technologies very well, and knew just where to apply the unusual part or custom design to make the entire project coalesce into a coherent whole. If you are a software developer, think of Chuck as someone like Niklaus Wirth who invented Pascal. If you are an aviation buff, think of Chuck as someone like Kelly Johnson who designed the SR-71. Chuck really was at that level.
I had the privilege to work directly with Chuck on three different computer system designs. I was a coauthor on several papers with Chuck and coinventor on a networking patent, so I suppose my Thacker number is 1.
I first met Chuck Thacker when I was a summer intern at Xerox PARC in 1977. We both joined Digital Equipment’s Systems Research Center, working for Bob Taylor, in 1984. At SRC, Chuck led the design for the Firefly multiprocessor workstation. I wrote the console software for the 68010 version, and designed the single and dual microvax CPU modules. I wanted to add sound I/O to the Firefly and Chuck helped me figure out how to do it by adding only three chips to the design for the display controller.
Later at SRC Chuck launched the idea of the “Nameless Thing” which was to be a liquid immersion cooled computer built around an ECL gate array running at 200 MHz. I worked on the first level caches, to be built out of 1.2 nanosecond Gallium Arsenide static rams. We had to rewrite the CAD tools to get sensible board layouts that could run at those speeds.
NT was never built because it was overtaken by the Digital Semiconductor Groups’ design of the first Alpha processor. Chuck led a team of Digital Research folks to build development systems for the Alpha chip. The effort was credited with advancing Alpha’s time to market by about a year. At the time, Digital had a standard design for multiprocessor systems based on the “BI” bus. The specification ran to over 300 pages. Chuck was incredulous, and worked out a design for the Alpha Development Unit multiprocessor bus that was 19 pages long. The Alpha EV-3 and EV-4 chips were very unusual in that they could be configured for either TTL signaling on the pins, or ECL signaling. The ADU became an unrepentant ECL design. Strict adherence to ECL transmission line signaling and a complete disregard for power consumption allowed for exceeding fast yet low noise signaling. Chuck designed the bus and the memory system. If I remember correctly, he commissioned Gigabit Logic to build custom address line drivers so that the memory would meet timing. Dave Conroy designed the CPU module, and I designed the I/O module. I recall that SRC built the chassis and ordered cables for the 400 amps of -4.5 volts from a local welding shop. They asked “what kind of welder needs 18 inch cables?”
I learned a tremendous amount from Chuck’s economy of design and from his ability to make hardware vs software tradeoffs to achieve simplicity. I also learned that it was completely allowed to rewrite all the software tools to make them do what you want.
Chuck was a “flat rock engineer”, in his own words. The reaction of such a person to a new project is to first rub two rocks together to make a flat working surface. He was a lifelong opponent of complexity, not only in hardware, but in software as well, remarking that unnecessarily complicated software was apt to collapse in a rubble of bits – a phrase I adopted as the title of this blog.
Chuck Thacker was unique, and I deeply mourn his passing. Evidently he didn’t wish a memorial service, but I think the duty falls on all of us to edge our designs a little closer to simple, elegant, straightforward, and beautiful.
Robert W. Taylor died yesterday. While working at ARPA, he funded the work that led to the Internet. He managed the legendary Xerox PARC Computer Science Lab, where the Alto and the Ethernet were created. He won the National Academy of Engineering’s Draper Prize. You can read about these things more elsewhere.
Bob Taylor hired me, with my new PhD, into CSL. Later, he hired me again, at the Digital Equipment Systems Research Center. I learned not everything I know, but quite a lot of it, on his watch. Bob had the special genius of assembling groups of people who could invent the future.
At Xerox, the weekly group meetings were called Dealer, as in Dealer’s choice. The speaker set the rules. The culture was for the audience to do their level best to challenge the ideas. Bob talked about civility, and about the necessity of “turning type one disagreements into type two disagreements”. A type two disagreement is where each party understands and can explain the position of the other.
I was first exposed to CSL as a research intern while a graduate student. On either side of my office were Dave Gifford and Eric Schmidt. When I graduated, I turned down a couple of faculty appointments to stay at CSL. There was no place else that had the same concentration of talent and the freedom to build new things. Both of those factors were the work of Taylor. He felt his job was building the group and building the culture, then defending it from outside influence.
In 1984, corporate finally got the best of him and Taylor left to start the Systems Research Center at Digital Equipment. I was number 24 to quit and follow him. Against all odds, Taylor repeated his success and built another outstanding research group at Digital. Occasionally, some dispute or other would arise, and folks would go complain to Bob. He had a plaque on his wall “Men more frequently need to be reminded than informed.” Bob would gently remind us of the rules of disagreement.
It’s not well known, but Taylor was from Texas and a little bit of the Lone Star State followed him around. One time, Dave Conroy and I had succeeded in getting a telephone audio interface running on our lab-built Firefly multiprocessor workstations, and mentioned it on our way out to lunch. When we got back, we found Taylor had dialled in and left us a 30 second recording. Dave and I knew this had to be preserved, but the test program we had had no code to save the recording! Eventually, we sent a kill signal to create a core dump file and fished the recording out of the debris. Here’s Bob Taylor:
Carmen Ortiz, the US Attorney in Massachusetts, is leaving. I am glad she is leaving, but she should never have been appointed or confirmed. She should have been fired in January 2013, after she and her henchman Steven Heymann caused the death of Internet activist Aaron Schwartz through extreme over prosecution of a “crime” that was at most civil disobedience.
Here’s what I wrote at the time: http://larry.stewart.org/2013/01/13/aaron-swartz/
Here’s what the Guardian had to say: https://www.theguardian.com/commentisfree/2013/jan/16/ortiz-heymann-swartz-accountability-abuse
Ms Ortiz now says (quoted in the Boston Globe here: https://www.bostonglobe.com/metro/2016/12/21/attorney-carmen-ortiz-announces-resignation/fV7IJmesqOU8SEYd1pylEO/story.html )
“I feel tremendous sorrow for what his family has gone through,” Ortiz said Wednesday.
“I regret I wasn’t able to identify that situation early on and we didn’t have that opportunity to have that go on a different path because a young man at the end of the day did lose his life.”
I am hopeful that Ms Ortiz will never be in a position again to cause the death of another shining star, or indeed anyone. As US Attorney, she was much more interested in personal power and headlines than justice. US Attorneys have little oversight and no accountability and many of them are not up to the job. Carmen Ortiz was one. For myself, I will not forgive or forget her actions.
She will be moving on, but Aaron Schwartz is still dead.
I got a misaddressed email today, with a receipt for someone’s Square account.
At the bottom, there is a button “Not your receipt?”
When clicked, the page reads “Someone must have entered your email address” with an option to unlink it. Easy and sensible.
This is by far the best design I’ve encountered.
It seems that Trump won the electoral vote while Clinton won the popular vote. This has happened a few times before as well.
The constitution does not specify how states assign electoral votes. At the moment, two states, Maine and Nebraska, split their electoral votes in some way among the candidates, while all the other states are winner take all.
I don’t think the electoral college itself is a bad idea. Like the way that even low population states have two senators, each state has two “extra” electors, which tends to give a bit more power to low population states versus high population states.
I think that winner-take-all selection of electors is a problem. This removes ANY power from the minority party in winner take all states. There is little point to being a Democrat in Kansas or a Republican in Massachusetts. Such individuals have no say at all in choosing a president, and that isn’t right.
What would be better? According to the the electoral college FAQ, for example, Maine awards an elector for the winner of each congressional district, and awards the to extra electors to the statewide winner. A state that felt strongly about the popular vote could proportionately assign all the electors.
Perhaps it is time for some back-testing of elector selection algorithms against old voting records.
Personally, I think the Maine system runs up against another problem – gerrymandering. In most states, the congressional district boundaries are drawn by whoever controls the state legislature, with the goal of disenfranchising their opponents. At the moment, one of the main reasons the Republican party has a lock on the house of representatives is that they spent a lot of time gaining control of governorships and state legistatures, and as a result used the redistricting after the 2010 census to lock in district boundaries that benefit their own party.
One of the interesting developments in the 2016 electoral cycle is the use of offensive cyberespionage. Wikileaks is publishing internal email from the campaign of Hillary Clinton, with the publications timed to attempt to damage the campaign.
Maybe this is the work of Russian spies, with Wikileaks an unwitting stooge, maybe not, but the case is quite interesting.
What should a campaign organization, or corporation, or government agency do? Their emails may be next.
One possibility is to salt the email stream with really tempting tidbits suggesting illegal, immoral, or unethical behavior, but also put these emails in escrow somewhere. Then, when the tidbits come to light, you can derail the news cycle with one about how your infosec team has pwned the leakers and trolled the media.
The technique will only work the first time, but even later, professional news organizations are not going to want to take the chance that their scoop is a plant. That is how Dan Rather lost his job.
If the plants are subtly different, they could also be used to identify the leaker or access path. (This was suggested in “The Hunt for Red October” by Tom Clancy, written in 1984, but the idea is surely older than that.)
More on point, it should be obvious at this point that email is not secret, nor is any electronic gadget secure. [[ How do you identify the spook? She’s the one with a mechanical watch, because she doesn’t carry a phone. ]]
Until we get secure systems, and I’m not holding my breath, conspirators really shouldn’t write anything down. In the alternative, their evil plans must be buried in a sea of equally plausible alternatives.
Our town library has a heavy wooden door that opens outward. When I come up to it from the outside, I pull it open and hold it for anyone about to exit.
My confusion is about what to do when I approach the door from the inside. Today I could see an older lady approaching from the outside, and my inclination is to open the door for her, but how? I would either have to try to awkwardly hold the door open from the inside so the lady could pass or awkwardly go out first so I could hold the door from the outside.
Both approaches are, well, awkward. If I try to hold the door from the inside, I’ll be in the doorway, pretty much blocking it. If I go through first I force the lady to back up.
I think the best approach may be to pretend I am heading downstairs to the childrens’ room and not trying to leave at all.
Before I start, the murder of police is not acceptable. The killings in Dallas and Baton Rouge appear to have been committed by disturbed individuals, representing no one but themselves. Parenthetically, the sole comment by the NRA about these murders was to send condolences to the families of the officers. It seems to me the least they could do is to revoke the membership of the killers.
Regarding the killings of civilians by police, I have a modest proposal.
From what I’ve learned, there are about 1000 civilians killed every year by police in America. These deaths are not tracked, other than by a few journalists trying to understand. What has happened over the past few years is not that many more people are being killed, but that we are starting to hear about them, and to see them by video. Sometimes, perhaps most of the time the use of lethal force is justified, but in an unfortunate number of cases it is not.
My own outrage arises from three factors:
The people being killed are disproportionately black.
An alarming number of killings seem to be made by ill trained, incompetent officers who should never have had a badge in the first place.
Very little is being done to reduce the carnage. Cities try to avoid consequences and try to hide evidence until the affair fades away. District attorneys sandbag their cases (if any) against police to avoid damaging their relationships. Police unions and non-involved officers tend to support their incompetent fellow officers.
I don’t think that bringing murder charges against police is the answer. Prosecutors, judges, and juries give a lot of deference to police, and it is very hard to get convictions. When cases fail, even when they fail for good reasons, the public is outraged again, and the government shrugs and says “we tried”. I also don’t want police to be so nervous about personal liability that they can’t do their jobs. In egregious cases, sure
So what should be done?
My proposal is that for any civilian killed by police, there should be an automatic five million dollar award to the victim’s family unless the police have unambiguous video and audio evidence showing the individual presenting a clear threat and that the police exhausted every non lethal means for resolution. Further, there should be an immediate threat not created by the police themselves. No-knock warrant? Better be sure you don’t kill the residents. Broken tailight? It’s the policeman’s responsibility to make sure the occupants of the car go home safely.
What about suicide by cop? There are likely people so desperate that getting themselves killed for a large payday looks like a good idea. That’s where the video comes in. If there is clear video evidence, then no payout. In addition, as police learn to defuse situations and develop better non-lethal tools, the rate will drop.
What about the large civil penalties already paid by cities in egregious cases? They haven’t done much to solve the problem. The awards have to be immediate, public, and humiliating for the chain of command and the politicians. Too often, such awards are years too late and never reported. Perhaps the awards should be scaled according to the complaint record of the officers. That should give the chain of command incentives to remove bad apples from the barrel. If police union contracts forbid firing, fine. Bad officers should report for duty and just sit somewhere where they are not killing people.
My point is, the police have a responsibility not to kill unarmed or innocent civilians. It doesn’t really matter if the killing is not judged criminal and the officers involved are not found liable. The police have a responsibility not to kill civilians.
 There needs to be central reporting of every police involved killing.
According to the Obama administration, between 2009 and 2015, 473 drone strikes killed about 2500 combatants and about 100 non combatants.
Last week, the Dallas Police department used a robot to kill the police shooter.
As far as I know, all of these events have had human operators, supposedly exercising human judgement.
The thing is, many reports about drones and robots leave one with the impression that these are autonomous devices, without a human in the loop. It isn’t like that.
I do not think there is a real difference between a sniper on a hilltop killing from a mile away and a drone operator killing from 10,000 miles away. Both have a human pulling the trigger. We can and should talk about ways to further reduce non-combatant deaths, but sniper rifles and drones are much safer for our guys than bayonets and hand grenades.
The real discussion ought to be about autonomous vs human-in-the-loop.
The unfortunate fact is, we already have lots of truly autonomous devices killing people on their own initiative. They are called land mines.