Paul's Pontifications

Vote Windows, for No Tax On Sheep!

2009-06-16T13:06:00.000-07:00

Once upon a time, so I have heard, there was an Australian politician who ran on a platform of "No Tax On Sheep". None of the other candidates would have dreamed of trying to tax sheep. Nevertheless, our hero won by a landslide.

Its a nice trick; claim a common virtue, not because it differentiates you, but because it casts a subtle doubt on whether your competition has the same virtue. It involves no actual lies, and you don't even need to name the competitors; they are all equally suspected, and must either ignore you or issue hasty and unconvincing claims to be just as good.

Advertisers love this one. In advertising "knocking copy" is the term for pointing out the defects in your competition. But blatant knocking copy is usually counter-productive: potential customers see it as mean, and it also carries an implicit message that the product you are knocking is a significant competitor (otherwise why spend money knocking it). But the "no tax on sheep" strategy neatly sidesteps this; you don't name your competitors and you don't say anything bad about them. You merely imply that they are not as good as you.

So its no surprise to see Microsoft using this strategy against Linux. The Microsoft page on Netbooks has this to say on why you want Windows on your Netbook:

For starters, you already know how to use it. Windows also works with more devices and applications, and offers security features to help keep your PC and personal information safe. Here's a whole list of other Windows benefits:
Windows makes your life simpler. Windows is easy to set up and use. You already know your way around, which means you can get started right away and easily find everything you need.
Windows just works with your stuff. With Windows, it's "plug and play"—meaning it works out-of-the-box with your PC applications and peripherals such as printers, digital still and video cameras, music players, and webcams.
Windows gives you peace of mind. Windows comes with features and tools that help keep your family and personal information safe. When you install Internet Explorer 8 as your Internet browser, you get additional built-in security features that help protect against deceptive and malicious websites.
Windows comes with more goodies. With Windows running on your netbook PC, you get access to additional software and services provided for free, like Windows Live services, which help with photo editing and organization, instant messaging, and family computing safety—all of which are just a download away.

I've highlighted the items which (in my opinion) apply to Linux as well. About the only thing I can't honestly claim is the "Windows is familiar" line. I can't deny that if you have only ever used Windows then Linux is going to be a bit different. Its not huge, but there is no point pretending its zero either.

So, I wonder, how could we turn this trick around? What can we say about Linux that casts doubt on Windows? To work, the implication has to be something that is truthy, regardless of how true it actually is. How about:

Won't send your files to the US government. Linux has no stealth functionality, and it wasn't written by people with big Government contracts.
No Blue Screen of Death! Linux was designed to be reliable.
Puts you in charge. You decide what software to install, and if you don't like it you can always remove it.
No extra fees just to get a feature you thought you had already bought.

But of course none of this will work in reality. Deceit of any kind and open source are fundamentally incompatible.

An Optimistic View of Net Neutrality

2009-06-13T09:10:00.001-07:00

The Net Neutrality argument has been puttering along for a few years in the US, and is now starting to get going over here in the UK as well.

On one side are the ISPs, most of whom are telephone and TV cable companies. They are used to being a choke point between the consumer and the rest of the telecoms world, and their managers all have MBAs. The latter point is important because analysing your position in the value chain is a big part of the MBA curriculum, and everyone knows that being a commodity provider is a bad place to be. So the ISPs are desperate to re-establish their choke-hold, which means doing something that forces the other players to treat with them rather than the competition. Hence they want the right to cut deals with, for instance, streaming video providers. If you want to see good quality TV over the Internet from the Foo Video Company, you have to go with an ISP that has a deal with Foo Video, which restricts your choice as a consumer and therefore allows the ISP to charge more. The ISPs also want to charge Foo Video on the grounds that Foo must want its end users to get good quality video and will therefore pay for the privilege.

Everyone else in the value chain (including the domestic Internet users) is up in arms at this prospect for the excellent reason that if the ISPs can capture some of the money flowing around this part of the economy then there will be less for everyone else. They want the ISPs to be required to stay neutral on the grounds that anything else will increase prices (which, from the point of the ISPs, is the point) and restrict new developments because start-up companies won't have the financial and market muscle to cut the necessary deals.

Unlike many commentators I believe that in the long run this argument will be irrelevant, and that whatever various governments do on the subject will make little or no difference, and I believe this because of Metcalf's Law.

Bob Metcalf's original formulation of his law said that the value of a network is proportional to the square of the number of users. In fact that is only true if everyone on the network is equally interested in communicating with everyone else. In reality that isn't true, but whatever the pattern of communication the value of a network still rises more than linearly with its size, which is what matters.

The History of Metcalf's Law 1: Peering versus Transit

Back in the late 1990s there was a big argument over network peering. There were big ISPs and little ISPs. Big ISPs had all the same costs as little ISPs in running points of presence for modem users to phone into, but they also had to run long-haul bandwidth terminated by big routers. A small ISP could hook into this infrastructure just by connecting to a big ISP, which gave the small ISPs a competitive advantage and left the big ISPs without a business case for running that vital long haul infrastructure.

At the time the only kind of connection between two ISPs was "peering", which means that two ISPs share a connection point where they exchange traffic. So the big ISPs implemented a new policy:

Henceforth peering connections would only be made between ISPs the same size, and would only carry traffic bound for customers of the other ISP.
Small ISPs could pay for "transit" connections to big ISPs. A transit connection would carry traffic bound for anywhere.

There was a big argument over this change. Small ISPs complained that this would lead to the "balkanisation of the Internet", by which they meant that customers of ISP X might not be able to communicate with customers of ISP Y. But in practice that didn't happen. The peering/transit distinction continues to be the mechanism by which the Internet is organised commercially, but the Internet was never balkanised because Metcalf's Law meant it was never in anyone's interest.

To see why this is, consider what happens to the value of a network cut in half. If the value of a network is purely proportional to the size then you now have two networks worth half as much each; the total value hasn't changed. But Metcalf's Law says that the position is worse: the total value of two networks is less than the value of one big one.

So the only way to make money from splitting a network in two is by capturing value faster than you destroy it. But there just isn't that much loose value floating around the Internet, and all the companies involved found that they made more money by keeping everyone connected. So they did.

The History of Metcalf's Law 2: Walled Gardens

Another bright idea floating around in the early days of the commercial Internet was the Walled Garden. This was pioneered by Compuserve in the days before dial-up Internet access, but MSN and AOL were created with similar concepts. The basic idea was to provide a premium branded information service that would be exclusively available to dial-up subscribers. Internet access was added by these providers later because their customers demanded it, but the business model was based on selling a value-added subscription information service that would be better than the free Internet.

The whole idea flopped. Not enough subscribers were prepared to pay the premium. The basic problem was, and is, that as soon as you put up a paywall between your content and non-subscribers you split the network in two: there is the bit you own, and the rest of the network. Your bit is very small, and Metcalf's Law says that it therefore has a much lower value. So nobody wants it.

Metcalf's Law and Network Neutrality

So what about the network neutrality debate? If you googled for "balkanise Internet" a few years ago you got lots of articles from the 1990s arguing about ISP peering and transit fees. Today the same search yields just as many arguments about network neutrality.

The ISPs want to create a new version of the Walled Garden: information providers will pay to get better links to their end users, and certain protocols will get higher bandwidth than others. And I believe that this will suffer the same fate as all the other attempts to fight Metcalf's Law. An ISP that places artificial boundaries between Internet users (wherever they fit in the Internet's various value chains) is lessening the value of the Internet as a whole to those users. If they make a significant difference to the user's experience then they are offering less value, and will lose market share as a result. If they don't make a difference then nobody will care. Either way its not a paying proposition.

Therefore network neutrality will dominate because anything else is less valuable, and therefore will drive away customers.

There is one application where non network-neutral services may survive for a while, which is TV over the Internet. A DVD-quality video stream is around 5Mbits/sec, or about 2GBytes/hour, which is a bit too high to just transport over the Internet to a home internet connection. Never mind what happens when two people in the same household want to watch different things. So for a while it makes economic sense for ISPs to cut special deals with TV providers. But that's nothing new: the economic model is identical to cable TV. Existing cable TV companies would probably like to keep it that way, but their power to do so is very limited. Sooner or later some combination of improved ADSL, fibre to the curb/home/street and wireless connections will provide commodity bandwidth high enough to carry decent video, and cable TV companies will cease to exist.

UK to store more "communications data"

2009-05-02T07:38:00.000-07:00

The UK has a rather odd regime for intercepting on-line communications. The law distinguishes between the content of communications and "communications data" (such as a list of the telephone calls you have made). Content cannot be used in criminal investigations, although it is widely believed that the security services intercept a lot of it as part of their general signals intelligence activity. However "communications data" is available to pretty much any part of Government provided that a sufficiently senior person signs off on the request. No warrant is needed.

The UK Government is consulting on proposals to require ISPs to gather and store a lot more "communications data". At present they basically have to take the IP header data: origin, destination, port number and protocol (TCP/UDP). Volumes and times are likely to be recorded, and of course your DHCP lease so that they can tie a physical machine to the IP address. So with this they can see that you browsed http://www.bbc.co.uk, but not what you actually read. But the Government argues that this is increasingly insufficient. If its investigating suspicious activity, such as a big purchase of fertilizer, then it needs to find out who the suspect is communicating with. If the suspect uses an off-shore email service such as Gmail then the existing communications data regime can't get at this.

So the Government's proposed solution is to require ISPs to capture and store more data, including "third party data", which seems to mean anything inside the packets that helps to identify the people you are communicating with.

The problem with this is that its an impossible job. Most stuff that is even vaguely sensitive (like Gmail) is sent using HTTPS as a matter of course. Even if this could be got over, communication data is simply too slippery a concept once you get away from IP headers. For instance, MMORPGs like Runescape and World of Warcraft (and for that matter Second Life) have "chat" facilities that use game location to determine who can "hear" you. Suppose a conspiracy decides to meet at the edge of a forest in Runescape: their location is exactly the sort of communications data that the Government wants to capture. Doing so requires someone to reverse engineer the existing Runescape protocol and then write software to extract just that part of the data. This software would then have to be run by every ISP in the UK, and the whole exercise repeated for every other multi-player game and interactive website.

This would be a huge effort, but it would still fail to capture data about any criminal who had a modicum of technical knowledge, because there are too many options for setting up channels that the Government cannot intercept. For instance encrypted messages could be left as Usenet posts. Freenet exists specifically for avoiding surveillance. And SSH tunnel services can let you use any Internet service without being tracked.

So in effect the Government is proposing a huge technical boondoggle to do the impossible. Not for the first time, and I'm sure it won't be for the last.

My full response is available here in PDF format.

Bruce Sterling accused of sham marriage

2009-04-05T13:10:00.000-07:00

I've just read on Bruce Sterling's blog that he and his Serbian wife have been accused of a "green card" marriage by the US immigration authorities. They basically have a couple of weeks to prove to the authorities satisfaction that their marriage is not a sham. If they cannot do so then Jasmina Sterling (nee Tesanovic) will be deported.

This is wrong on many levels. I've never met them, so I can't comment myself on the reality of their marriage, except to note that Bruce Sterling is a good looking wealthy intelligent over-achieving man, so I can't see that he needs to hire himself out as a husband-of-convenience, nor does it seem likely that he needed to offer a green card just to get a woman into his bed.

(Aside: I also think it truly ironic that an organisation that takes 6 months to decide on a 3-month visitor's visa allows only a couple of weeks for them to put together evidence that their marriage is real).

But US Immigration don't think like that. It seems from what Sterling wrote that they check up on marriages between Americans and non-citizens, and look for the paper trail that would be generated by people living together: joint ownership of homes, bank accounts and the like. And because of their somewhat nomadic existence it seems that Bruce and Jasmina don't have that paper trail.

Students of organisational behaviour will recognise an anti-pattern here, although I don't know if its ever been written down. It looks like this:

Name: Chasing Reality

Context: Enforcement of rules that mandate an ill-defined threshold of performance.

Forces: People attempt to meet the performance threshold with minimum effort. The enforcing authority becomes concerned that their effectiveness is being eroded.

Supposed solution: The enforcing authority requires increasingly stringent evidence of performance. The rules about what is "sufficient" may also be kept secret or poorly defined to prevent people from engineering their evidence to follow the requirements.

Resulting context: the enforcing authority becomes increasingly unable to judge real performance, and instead becomes obsessed with the production of evidence. Success depends more on finding out what the real criteria are and meeting them than on actually performing the original task.

I have seen this pattern before, although never with such horrendous consequences. Some years ago a senior manager told me that he had a set of criteria for any application to spend money, but he would not tell anyone what they were for fear that all the applications would then meet those criteria. When I visited the US many years ago, before the visa waiver programme, I had to provide evidence of solvency to get a visa, but was not told what "evidence of solvency" looked like (I photocopied a year of bank statements; it did the trick).

Mr & Mrs Sterling are apparently required to meet a secret (or at least highly under-advertised) set of criteria for a "real" marriage. When the US first controlled immigration I expect it only had to be a legal marriage, but sham marriages were an obvious problem. So the Immigration people wanted to see wedding photos. So sham couples hired photographers. Then Immigration wanted to see you living together, so sham couples rented apartments. And so it goes on. The Immigration people are on an endless treadmill: whatever evidence they require will be produced, whether by sham couples or real ones. Now its got to the point where the sham couples will actually have better evidence of their reality than real couples, because they are more aware of the need to generate it. Or as Granny Weatherwax once put it, "Things that try to look like things often look more like things than things."

Its also ironic that a writer with a great talent for spotting trends and capturing the zeitgeist should be caught up in exactly the kind of insane socio-political trend that he writes about so entertainingly.

Bad banking drives out good

2009-01-31T01:58:00.000-08:00

I heard this quote from the CEO of Standard Chartered Bank on Radio 4's Today programme this morning, and it summarises the problem very well. (Its also a reference to Gresham's Law.)

Its become a commonplace to simply blame the credit crunch on "stupid, greedy bankers". The trouble is, suppose you were a smart, frugal banker five years ago. Your exceptional brains let you see that subprime self-certified mortgages were a bad idea, and therefore anything built on them was clearly going to collapse. Therefore you weren't going to invest in that part of the market.

The trouble is, you would have had years of below-average results. Your clients and employers would be looking at your competitors and pointing out how bad your results were. Even if your clients were prepared to listen to your explanations, many are under a legal obligation to maximise their investment returns, and their customers will be less sophisticated and correspondingly less willing to listen to complicated explanations about why their pension is so much less than their neighbours.

So you get removed from your job, and someone else is put in who is willing to do what it takes to deliver market returns.

Looked at from an abstract point of view the game resembles a "Tragedy of the Commons". A banker who gets good returns while taking hidden risks is like the commoner who puts an extra cow on the common pasture. He gets richer while all his neigbours get a little poorer. So everyone else is forced to do likewise, even though everyone can see that collectively this is going to lead to ruin. And so the game goes.

The traditional solutions to the Tragedy of the Commons are:

Property rights. Divide up the commons into individual plots and allocate them to the commoners. Failing that, give each commoner a tradeable right to put exactly one cow on the commons.
Regulation. Make a law that each person can only put one cow on the commons.

The question is, how to apply this to the finance industry. In this case cows are equivalent to risk. Banks have had "risk management" departments for years, but risk turns out to be very difficult to measure. Its as if our commoners have invisible cows: verifying the numbers is impossible, although I've previously posted a suggestion for making the cows more visible.

So without this, what can we do to prevent the next big bust? It doesn't look like there is anything. As memories of this bust fade and the people who experienced it retire, a new generation of bankers will come along with a new ingenious method for hiding risk, and once again bad banking will drive out the good until the whole thing collapses once more.

Wikipedia and Britannica are Converging

2009-01-26T11:23:00.001-08:00

Is there a network equivalent of market forces? The crowdsource equivalent (or perhaps generalisation) of Adam Smith's "Invisible Hand"?

When I was in my early teens my school got the new edition of the Encyclopaedia Britannica in over 30 volumes costing around £1,000. It was a huge wealth of authoritative information on just about everything. I spent quite a few lunch hours just reading about stuff.

In the 90s Microsoft bought out Encarta on CD-ROM. It was a lot less information, but it cost a lot less than £1,000. Britannica has been in trouble ever since. Now there is Wikipedia, which is free, a bit less authoritative than Britannica, but has even more information and a great deal more mindshare.

So Britannica has responded by taking a page out of Jimbo Wales's book; its going to start accepting user-generated content, albeit with a stiff editorial barrier to acceptance into the core Encyclopaedia.

Meanwhile the latest controversy on Wikipedia is about whether user-generated content needs more controls. I say "more" because Wikipedia has always had some limits; locked pages, banned editors, and in extreme cases even the deletion of changes (as opposed to reversion, which preserves them in the page history). Increasingly sophisticated editorial policies have been put in place, such as "No Original Research" (originally put in to stop crank science, but now an important guiding principle).

When you look at Wikipedia's history there is a clear trend; every so often Wikipedia reaches a threshold of size and importance where its current level of openness doesn't work. At this point Jimbo Wales adds a minimal level of editorial control. Locked pages, for instance, were added because certain pages attracted unmanageably high levels of vandalism.

It seems that Wikipedia and Britannica are actually converging on the same model from different ends of the spectrum: Wikipedia started out completely open and is having to impose controls to manage quality. Meanwhile the Britannica started out completely closed and is having to allow in user-generated content because comissioning experts to write it is too expensive. Somewhere in the middle is a happy medium that gets good quality content without having to charge subscribers.

Not charging is important. In these days of the hyperlink, an encyclopedia is not just a source of knowledge, it is a medium of communication. If I want to tell people that they should read about the history of the Britannica then I refer to the Wikipedia page because very few people who read this are going to be able to follow a link to a Britannica article (even if I were a subscriber, which I am not).

Wikipedia is often said to have been inspired by the "open source" model in that anyone can edit Wikipedia just as anyone can edit the Linux source code. In fact the cases are not parallel. The GPL allows me to download a copy of the Linux source code, hack it to my heart's content, and give copies of my new version to anyone who wants them. What it does not do is authorise me to upload my version to kernel.org and pass it off as the work of Linus Torvalds. Getting my changes into the official kernel means passing through a strict quality assurance process including peer review and extensive testing on multiple architectures.

So I think that this proposal to create "flagged revisions" for editorial review moves Wikipedia towards the open source model rather than away from it. Anyone will always be able to fork Wikipedia if they wish: the license guarantees it. But the offical version at wikipedia.org will earn increasing trust as the quality assurance improves, just as the official version of the Linux kernel is trusted because of its quality assurance.

The next challenge for Linux

2009-01-21T11:23:00.000-08:00

I was in the local branch of "Currys" (UK electrical and electronic goods chain) recently and had a look at the line-up of computers. They had some little netbooks, and taped next to each one was a little note saying something to the effect of "This runs Linux, so it won't run Windows software". It was a local version of a wider story about Linux:

People buy netbooks and then discover that Windows isn't part of the bundle, and they don't like it.

A teacher found a student handing out Linux CDs and accused him of pirating software.

A student accidentally bought a Dell laptop with Ubuntu instead of Windows, and complained that she couldn't submit the Word documents required by her college (they say they are happy to accept OpenOffice.org documents) and the installation CD for her broadband service wouldn't install so she couldn't get the Internet (Ubuntu connects to the Internet just fine without it). The local TV station picked up the story as a "consumer rights" case and was amazed to find a virtual lynch mob chasing them for being less than enthusiastic about Ubuntu. They quoted an expert saying that Ubuntu "isn't for everyone" and is more suited to tinkerers than people who just want to get stuff done.

Behind all this is what "everyone knows" about computers (everyone who isn't interested in computers for their own sake, that is):

There are two sorts of computers: Apple Macs, and PCs.
Apple Macs run Apple software. PCs run Windows software.
Windows is bundled with PCs. On expensive PCs the bundle might include Office as well.
If you want extra software, you buy it at a store, take it home and stick the CD in the drive.

This is how its been for almost 20 years (25 if you count the MSDOS era). An entire generation has grown up knowing that if its a PC, it runs Windows. They know it in the same way they know the sky is blue: its always been blue.

Of course those of us who use Linux know different. But for most people, Linux is something they might have heard about once or twice, but they didn't pay any attention and couldn't tell you anything about it. Outside its current user base and their immediate circle of friends and family, Linux has zero mindshare.

This is not another lament about Joe Sixpack being too stupid to understand Linux. The problem is not that Linux is too complicated, its that Linux and Windows do things differently. Imagine someone who was raised on Linux; how would they react to Windows? Software installation would seem complicated and geeky, the single desktop would feel claustrophobic, and as for the idea of paying for software...

So I think we need to sort out a message to broadcast to the world and then focus on it. I suggest the following:

Linux is an alternative to Windows and Apple. It comes in several flavours.
Linux isn't easier or harder than Windows, but it is different, and it takes a while to get used to those differences.
Linux is bundled with a huge range of downloadable free software, including office, graphics and photographic packages.

So next time you see a story that misrepresents Linux please send a correction with these three points.

Where did all the money go?

2008-12-14T12:48:00.000-08:00

I've got a simple question about the Credit Crunch? Where did all the money go?

I've always thought of money as something that is "conserved" in the physics sense, like energy. Money in = money out + money stored. So when someone "loses" money it implies that someone else got it. If I run a company that loses money, what it means is that I'm getting less money in than I'm spending on staff and supplies. But the money hasn't disappeared, its just moved from my pockets to my suppliers (and their suppliers, and so on).

But the financial institutions seem to have had billions of dollars disappear into thin air. They got poorer, sometimes so poor that they went bust, but nobody seems to have become correspondingly richer.

I guess this has something to do with fractional reserve banking, which I know doesn't conserve money. Suppose I start with £1000 and put it in a bank. The bank shows a balance of £1000, but it doesn't just hang on to my money, it loans £500 of it to Joe Bloggs, who spends it on a new TV, and the person who sold the TV also puts the money in the bank. So now the bank has $1,500 on deposit even though our imaginary economy just started with £1,000. So what happens if Joe can't pay the money back?

Can someone enlighten me?

Fundamentalist terrorist assassination plot defeated

2008-11-05T13:18:00.000-08:00

Tonight the British people celebrate the defeat of a terrorist assassination plot. A group of disaffected men, followers of a foreign religion and egged on by propaganda from overseas and a radical cleric, planned a spectacular atrocity: they would blow up the entire government in one huge explosion. The plot was foiled by the security services, who, responding to a tip-off, mounted a surveillance operation and arrested one of the plotters red handed as he prepared to detonate the explosives. The rest of the gang were tracked down and shot or arrested when soldiers stormed their hideout. In accordance with an executive order from the head of state the survivors were subsequently imprisoned, tortured, and executed after a show-trial.

This happened over 400 years ago, on November 5th 1605. The plotters were Catholics rather than Muslims, but apart from that the story sounds disconcertingly modern, although we tend not to go in for show trials these days: they went out of fashion with Stalin.

Today the Gunpowder Plot is celebrated as Bonfire Night: Guy Fawkes (the one caught with the explosives) is still burned in effigy, and in some places the Pope gets the same treatment as well. However, over the past 400 years the anti-Catholic content has almost entirely leached away: now its just an excuse to let off some fireworks. A Catholic can join in the celebrations just as I (a Briton) joined in the 4th of July celebrations when I was living in the US.

Maybe one day we will look back on 9/11 the same way. I certainly hope so.

Petition on Broadband Advertising

2008-10-28T13:47:00.001-07:00

I've become rather depressed about broadband advertising. I found it very difficult to discover the web page describing my own ISPs traffic policy. Furthermore if you compare it to this version from January on the Wayback Machine you can see that the headline speed on the "Large" package has gone up from 4Mbit/sec to 10Mbit/sec, but the evening download limit has merely increased from 800MB to 1,200MB, while extra restrictions have been added starting at 10am as well. Somehow that 10MBit/sec upgrade doesn't feel so generous now: when I want to install Fedora 10 I'd better make sure I schedule the download to start after 9pm.

Virgin Media, in common with most other ISPs, says that the few people who make heavy use of their broadband link reduce capacity for everyone else, and that providing truly "unlimited" service for these few would mean higher bills for everyone. They do indeed have a point. If I want truly unlimited service then I'm sure I can get it, for a price. And the fact is that I probably don't want to pay the price. The occasions when I do want a multi-gigabyte download are sufficiently rare that I can put up with scheduling around Virgin's traffic limits.

So why am I depressed about it? Its because my problem with finding Virgin Media's traffic management policy is not unusual. A sample taken from Google found:

TalkTalk have a 40GB monthly limit right up there on the front page, although I'm not sure if you can find out how much of your limit you have used this month. What happens when you use it all? Presumably you are cut off until next month.

O2 claims "unlimited" usage, but if you search the site for the word "unlimited" you find that excessive use at peak times will lead to warnings and then account termination. They don't define "excessive" or "peak time". I couldn't find a link to this information from their list of broadband features; it certainly wasn't obvious.

Tiscali have a similar policy, except that after three warnings they limit your peak time speed. They also don't define what "excessive" and "peak time" mean, and they don't say how long this will last or what the speed limit will be. This page was two not-very-prominent links away from the package features list.

Fast actually sells a range of monthly capacity limits. They warn you by email when you hit 90%, and when you go over 100% they throttle you down to 100kBit/sec. Full marks!

So out of 5 providers (including Virgin) we have only one that makes all the limits and policies clear up-front while three try to hide behind weasel words and hard-to-find web pages. This makes it difficult for consumers to figure out what they are buying. Is Tiscali's unstated policy better or worse value for money that one of the Fast packages? Even if its better at the moment, will it still be so next month? As a consumer I have no way of knowing. Worse yet, if I were a technically naive consumer I might not even realise that the question needed asking. "Unlimited" sounds much better than "40Gb monthly limit".

I think that something needs doing about this. However the Advertising Standards Authority have wimped out: they have declared that "unlimited" actually means "95% of users don't hit the limit in any given month". So its hardly surprising that people are confused.

Therefore I have started an on-line petition at the Number 10 web site. If you are a British citizen or resident then I urge you to sign it. The petition calls on the Government to require ISPs to make all caps and limits on their services a prominent part of their advertising. Only when they do so will consumers have a clear choice between different packages.

SSDs and the return of the root partition

2008-10-26T14:07:00.000-07:00

Back in the days when Unix was new to the world computers came with two sorts of mass storage: fast-small-expensive, and slow-big-cheap. A minicomputer typically had one of each, so that frequently-used files could be kept in the fast unit while everything else was kept on the slow one.

Unix was designed with this in mind, which is why to this day most programs on Unix and Linux are found in one of two directories: /bin holds the frequently used ones, and /usr/bin holds the less frequently used ones. A similar arrangement applies to libraries, which are held in /lib and /usr/lib. The idea was that the "root" partition was put on the fast small device, and the "user" partition went on the big one. This led to some other restrictions as well; /bin and /lib together have to have all the software needed for a minimally functioning system, because until all that stuff is going the system can't mount /usr to get at the rest of it.

All that became irrelevant in the age of the Linux PC because the entire system hung off one physical disk. But maybe that is about to change. Solid State Disks (SSDs) are entering the disk world. They have zero mechanical latency and their read speed is blisteringly fast. Write speed is more variable, but the new Intel product is reported to be very fast. It is also small (80GB) and expensive ($600).

So it looks like the time has once again arrived for keeping the commonly used programs and libraries on a small fast disk and everything else on something big and slow. The original root versus /usr division doesn't work for this of course: people want the system to fire up X windows, KDE or Gnome and a bunch of apps, not just a shell prompt. But all of those things will fit very nicely onto one of these SSDs. Better yet, the user files have now been shifted out from /usr (from which it got its name) and put in /home. So this needs zero surgery to the standard Linux layout.

For the average user $600 is a bit steep though. What is actually needed here is something smaller and cheaper. I run a well-populated version of Fedora, and my root partition with all the Fedora packages is under 10GB. So I while I can't imagine blowing $600 (or whatever that is in £s these days) on 80GB of SSD, I could certainly imagine putting a 10GB version in for $100. That would hold the Linux kernel, X Windows and all the apps, with enough room left over for /etc. That would increase the speed of booting up, logging in and starting applications without greatly increasing the cost of the system, especially since that often involves reading lots of different files scattered around the disk. Even better, most of this stuff is only written rarely, and then mostly in the background by system updates. So the current poor write performance of most SSDs doesn't matter.

(Update: I have of course forgotten that by default Unix and Linux keep track of the access time (atime) of files, which means that every time you read something a little metadata write happens. So write performance does matter here).

Looking around, the nearest product to this specification seems to be the OCZ 32GB unit, which retails for a bit over £100 (say, around $170). Thats bigger and more expensive than what I want, but hey, Moore's Law seems to be working so I'll just wait a bit. I also note that all these products seem to be targetted at the laptop market, which makes sense given SSDs other advantages of low power consumption and physical robustness. Maybe they should start thinking about the market for hybrid desktop systems as well.

Why the banks collapsed, and how a paper on Haskell programming can help stop it happening next time

2008-09-23T12:12:00.000-07:00

Trading Risk

The financial system exists to trade three kinds of thing: money, commodities and risk. Money and commodities are the easy bit. Either I have £1,000 or I don't. Similarly with commodities: either I have a barrel of oil or I don't. But risk is a very different matter. In theory risk is easy to quantify: just multiply the probability of something by the cost, and you have the expected loss. But in practice its not so simple because the probability and cost may be difficult to quantify, especially for rare events (like, say, a global credit crunch). Many of the factors that go into a risk model are subjective, so honest people can have genuine disagreements about exactly what the risk is.

The Slippery Slope

Unfortunately risk assessment is not value-neutral. Risk has negative value: you have to pay people to take it off you. The higher the risk, the more you have to pay. And because the amount of risk is always debatable this is a very slippery slope; the people paying others to take the risk away have every incentive to present a lower estimate. Everyone can see that everyone else is doing the same, and so methods of hiding or downplaying risk migrate from dodgy dealing to open secret to standard practice.

Specific examples abound throughout the recent history of the finance industry;

The retail mortgage houses that originally lent to "sub-prime" clients would hire valuers who were known to be on the generous side with their valuations. So any valuer who wasn't so generous found their income drying up. Background checks on clients were cut back, then eliminated. Eventually borrowers were simply told what income to claim on the forms, regardless of what they actually earned.
These loans were then bundled up and sold. The idea was that the buyers would each get a share of the incoming loan repayments. Rights to this stream of money were divided into "tranches", the idea being that, for instance, Tranche 1 would get the first 34% of whatever money was due, Tranche 2 would get the next 33%, and Tranche 3 would get the last 33%. When some borrowers defaulted (as some always do), Tranche 3 would lose out first, then Tranche 2. Tranche 1 would only fail to get all their money if the overall repayment rate fell below 34%, which had never happened. The game here was to persuade a credit rating agency that Tranche 1 was so safe that it was worthy of a "Triple A" rating, because that meant that banks, insurance companies and similar big financial institutions could legally buy this debt without having to put cash aside to cover potential losses. The rating agencies earned fees for evaluating securities, so just like the house valuers they found it paid to be on the generous side.
All these institutions had risk management departments who were supposed to watch out for excessively risky behaviour. But in practice they found it very difficult to blow the whistle. Risk managers tell stories of being given two days to review a deal that took ten people a month to negotiate, and of accusations of "not being a team player" when they questioned over-optimistic claims. This story from the New York Times has some details. Look through the comments after the story as well; many of them are by people with their own tales of risk.

None of this is new; similar behaviour has contributed to past financial crises. In theory more regulation can prevent this, and everyone is now planning or demanding lots more regulation (even the banks). But in practice regulation has failed repeatedly because the regulators always concentrate on the way it went wrong last time. Regulations have to be written carefully, and the companies being regulated have to be given time to understand changes and put their compliance mechanisms in place. This prevents regulators from moving as fast as the institutions they regulate.

The regulators also don't have visibility of the information they need to assess systemic risk. Systemic risk arises because financial companies are exposed to each other; if one institution fails, others have to write off any money it owed them, possibly pushing them into bankruptcy as well. Regulators try to make companies insulate themselves by avoiding excessive risk and keeping some cash on hand, but without a clear picture of the risks being run by each company they have no way to tell if this is enough.

The basic problem, I believe, is the food chain of risk management within each institution. At the top are the negotiators and fund managers who design and package the securities. Then the lawyers are bought in to specify the precise terms of the deal. Somewhere along the way the "quants" will be asked to develop mathematical models, and at the bottom coders will be given the job of turning the models into executable code that will actually determine the real price and risks. It is this food chain that needs to be rethought, because its hiding important information.

This 2000 paper by Simon Peyton Jones, Jean-Marc Eber and Julian Seward shows a way forwards. It describes a Domain Specific Language embedded in Haskell for describing the rights and obligations imposed by a contract. Arbitrarily complicated contracts can be built up using a small collection of primitives. Aggregations of these contracts can also be created, as can risks of default and bankruptcy. This created quite a stir in the quantitative analysis world when it was presented, as it was the first time anyone had proposed a formal language for describing contracts. Today the list of commercial Haskell users includes a number of financial institutions using this kind of technique to model their market positions.

But on its own this is just a faster and more efficient way of getting the same wrong answer. It doesn't solve the underlying problem of concealed systemic risk. The solution has to be for big financial companies to reveal their positions to the regulators as formal models of the contracts they have written. At the moment they don't even have to reveal all their contracts, but merely knowing the legal terms of a contract is only the first step. Those terms have to be converted into a mathematical model. That model probably already exists, but only as an internal artefact of the parties to the contract. What ought to be happening is that the contract is specified in a well-defined mathematical language that can be converted into a model automatically. If the regulators have this information about all the contracts entered into by all the finance companies then they can model the impact of, say, a downturn in the housing market or a jump in the price of oil, and if they see systemic risk looming then they can order the companies involved to take corrective action. Unlike the various Risk Management departments they will be able to see the whole picture, and they don't have to worry about being "team players".

ISPs and Bandwidth

2008-09-07T05:26:00.000-07:00

This Slate article reminded me of some stuff about how the Internet works that isn't widely appreciated. For a few years now ISPs have been complaining about "bandwidth hogs" while at the same time advertising high bandwidths for fixed prices. Comcast has had its knuckles rapped for discriminating against particular traffic. But this hides the real issues, which are to do with the structure of the market for long-haul infrastructure.

Your ISP has to pay for connection to the Internet in exactly the same way that you do: it pays a big telecom company like AT&T or Qwest. The only exception is if your ISP is one of those companies, but even then the retail ISP business will be a separate division that has to "buy" bandwidth from its parent. These "tier 1 ISPs" don't publish price lists, but the general pricing structure looks a lot like the ones described in the Slate article, and for the same fundamental reason: capacity is limited. So your local ISP may buy, say, 1 terabyte per day upstream and 2 terabytes downstream, with any traffic over those thresholds being charged per megabyte.

Aside: Actually the whole thing is much more complicated: a retail ISP will generally buy connections to more than one upstream ISP, which may be either tier 1 or "tier 2" (with long-haul bandwidth but not global presence). Often it will have multiple connections to each of these ISPs, each of which may have different price plans. Any ISP may also have "peering" agreements with other ISPs of the same size. These are free, but are not allowed to carry "transit" traffic destined for anywhere else. Everyone always tries to offload traffic onto someone else as fast as possible, even if the resulting routes are not ideal. Managing this mess to keep the customers happy at minimum cost is a key skill in the ISP business

The retail ISPs are therefore caught between a rock and a hard place. They are in a commodity business, but the traditional retail price plan of "all you can eat at a given bandwidth" doesn't match their cost structure. Its a general rule that if you are in such a market and have a competitor who's price plan does match their cost structure then you are bound to make a loss, because the customers who find you cheaper are going to be the ones who cost you more than they pay, while the ones who would balance this by paying more than they cost find your competitor cheaper, so they go there instead.

Thus ISPs will gradually converge on pricing plans that are simplified versions of the cost structure of their industry. This will probably be based on a combination of peak-time limitations and traffic caps that give people an incentive to shift their heavy usage off-peak. The winners will be the ones who can innovate. The challenges are:

At any given point in time the network has a fixed bandwidth. Hence the challenge is not to reduce the total amount of data moved but to even out usage. Similarly heavy users are only a problem when they start pushing out other customers who might collectively pay more.
You can't force users to track their usage in detail. Price plans that suddenly cut a customer off until tomorrow (or next month) are scary and unfriendly. Plans that charge extra for heavy usage are even worse, especially for families with teenagers. Throttling is more user-friendly.
Negotiate with your upstream ISPs to bring your costs into line with your pricing structure. They, too, need to shift usage off-peak and will be prepared to offer pricing plans accordingly. However their idea of "off-peak" may not be the same as a retail ISP with lots of home users.
Transparency will happen whether you want it to or not. At least some end users are smart enough to detect traffic shaping and other tricks, and their results will be picked up by price-comparison sites for everyone else to read.

Application-specific traffic shaping (as tried by Comcast) won't work. Customers and regulators both hate it, but more importantly it gets you into an arms race between stealth P2P protocols and your packet inspection software that you can't win. However there is another option: offer your customers the opportunity to do their own traffic shaping. For instance you could have a metered high-priority service for everyday browsing combined with an unmetered low priority service for bulk downloads. The challenge is to give the customer a simple easy-to-use system that distinguishes between the two and (automatically as far as possible) uses the right one.

In many ways the situation reminds me of 1997, when large ISPs first started to deny peering agreements to smaller competitors and made them pay for transit agreements instead. There were many calls to ban the practice, and grave predictions of the "balkanisation of the Internet". But in practice the economics of Metcalf's Law guaranteed that a well-connected network would have more value than a disconnected network, and after that it was just a matter of how that extra value was distributed. I believe that much the same thing will happen with bandwidth. The Internet has most value when its pipes are full of traffic, and if there is demand for more bandwidth then there will be money to be made by providing it. After that, its just a matter of working out who pays how much for what. As long as the market remains competitive it will converge on the optimum solution, probably quite rapidly.

The Netwise Kids of Today

2008-08-03T07:45:00.000-07:00

My son is keen on Habbo (a virtual world ostensibly aimed at teenagers, but probably attracting a lot of pre-teen kids), and spends quite a bit of his pocket money on it. We regard Habbo as a cynical method of separating kids from their money. Lack of credit cards isn't a problem as you can buy Habbo credits using a mobile phone. However we also regard that "I've just blown all my money on this junk" moment as a valuable learning experience, so we've let him take his pocket money in the form of Habbo credits bought with my Visa card.

This being the Internet, a wide range of scams have appeared trying to separate kids from their virtual "furni" bought with Habbo credits. I'm not going to link to any directly because I suspect that they will be too short-lived, but a search for "Habbo cheat" turns up a good selection. Warning: turn your browser up to maximum paranoia before visiting any of these sites.

My son told me enthusiastically about one of these sites that promised lots of free stuff. He just had to fill in his Habbo username and password on a form, and come back in 24 hours. I was horrified. But no, my son reassured me, he had created a new empty Habbo account just for this experiment, so if it was a scam he wouldn't lose anything. (Sure enough, he didn't gain anything either).

I had never told him about throw-away accounts. I had told him that the Internet is not always a friendly place, but I had not expected him to personally be the target of an attempted fraud. Still less did I expect him to identify the fraud and devise a work-around. There are adults who are dumber than this. However I'm not posting this to boast about my clever son, because I've since found out that this is actually fairly typical. The kids round here generally have Net access, either in their own homes or via a friend. They play in a wide variety of virtual worlds. They have learned, sometimes the hard way, about password security, how and where to write down account details so you don't forget them, not letting people "shoulder surf", and how to recognised various forms of fraud. They talk about this stuff, exchanging war stories and security tips.

Internet crime is still enjoying its boom years at the moment. The archetypal victim is too computer-clueless to even understand what malware is, never mind defending against keylogging viruses or spotting phishing websites. There are still many such people, but the next generation is growing up too Internet-savvy to be easily scammed. They can list different categories of malware and describe their uses and how to defend against them. They have grown up surrounded by the Internet, so taking measures to protect themselves from its hostile elements strikes them as entirely normal. As they grow up they will take this attitude, and the associated knowledge, for granted. My generation taught its parents how to program their video recorders. The next generation is going to teach its parents how to secure their computers.

Rate Cap Revisited

2008-07-12T02:24:00.000-07:00

In my last post I complained that I was being rate capped by Virgin Media. I said I didn't mind them having a capping policy, but it ought to be public. I also complained I wasn't getting the full bandwidth I was paying for.

Turns out I was wrong on both counts. Their rate capping policy is here. I did look for it before posting, and it could be easier to find. But its there, its public, and it says everything I would expect it to.

As for bandwidth, the "Large" package I am signed up for was originally for 4 Mbits, which is what I am getting. Virgin are currently upgrading their network to give everyone 10Mbits, and my region is due to be upgraded this month. However new customers get the full 10Mbits wherever they are. I just looked at their headline offer and assumed it applied to me as well.

So, I no longer have any issues with Virgin Multimedia.

Rate Capped

2008-07-05T05:37:00.000-07:00

This is a screenshot from KDE System Guard showing my download speed for the Fedora Core 9 distribution DVD, around mid-day on Saturday. After downloading 1.8GB I was suddenly slapped down to 100 kBytes/sec, which translates to around 1 Mbit/sec with all the packet overhead. This happens consistently with various download sites, so I'm confident its my ISP.

I'm paying Virgin Media for their "Unlimited" 10Mbit service (although I haven't seen anything over 500 kBytes/sec, which would mean around 5Mbit in reality). I was never told that my download rate would be capped, although the fine print in the sign-up page points to their AUP, which says in Section 7 that they reserve the right to restrict Internet services in any way at any time.

However this post is not actually a complaint about rate capping. ISPs are there to make money by providing a service, and as a rule you get what you pay for. In theory if I want a better service all I have to do is switch ISPs, and possibly pay more money. Our email address is routed through a domain I personally own, so we don't even have to tell anyone else that our household has switched ISPs.

But how do I know that I'll get a better deal if I go elsewhere? All retail ISPs offer basically the same terms, which consist of a big headline rate accompanied by a fine-print disclaimer pointing out that you might never get it. If they have a rate-capping policy they certainly don't advertise it.

I don't actually want a faster headline speed (although I'd be very happy to get the one I'm currently promised). I don't even want a promise of "no rate caps": the ISP argument that heavy downloaders hurt responsiveness for all users is valid. All I want is to be able to look at ISP adverts and figure out where the best value for money is. That means the following information:

Ratio of customers to actual incoming bandwidth.
The rate-capping policy: e.g. capped rate and criteria for applying it.

Anybody know a UK ISP that actually provides this?

Is Functional Programming the new Python?

2008-05-09T09:52:00.000-07:00

Back in 2004 Paul Graham wrote an essay on the Python Paradox:

if a company chooses to write its software in a comparatively esoteric language, they'll be able to hire better programmers, because they'll attract only those who cared enough to learn it. And for programmers the paradox is even more pronounced: the language to learn, if you want to get a good job, is a language that people don't learn merely to get a job.

Some tentative support for this theory comes from a study of programming languages done in 2000. The same task was given to over 80 programmers. The chart shows how long they took. Obviously the average for some languages was a lot less than for others, but the interesting thing for the Python Paradox is the variability. Java had huge variability: one developer took over 60 hours to complete the task. Meanwhile the Python developers were the most consistent, with the lowest variance as a percentage of the mean. I suspect (but can't prove) that this was because of the kind of programmers who wrote in Java and Python back in 2000. Java was the language of the Web start-up and the dot-com millionaire, but Python was an obscure open source scripting language. The Pythonistas in this study didn't learn it to get a job, but many of the Java programmers did.

But if this study was repeated today I bet the spread for Python would be a lot larger. Maybe still not as big as Java, but more like C++ or Perl. Because today you can get a good job writing Python. A quick check of jobs on dice.com found 1450 Python jobs against 7732 C++ jobs and 15640 jobs for Java. Python hasn't taken over the world, but the jobs are there.

So the smart employers and developers need something new to distinguish themselves from the crowd, and it looks like functional programming might be it. Programming Reddit carries lots of cool stuff about Haskell, and job adverts are starting to list a grab-bag of functional languages in the "would also be an advantage" list. For instance:

- Programming experience with more esoteric and powerful languages for data manipulation (Ruby, Python, Haskell, Lisp, Erlang)

So it looks like the with-it job-seekers and recruiters may be starting to use functional programming to identify each other, just as they used Python up to 2004.

Update: Oops. I just remembered this post which started me thinking along these lines.

An Under-Appreciated Fact: We Don't Know How We Program

2008-05-04T23:50:00.000-07:00

I was talking to a colleague from another part of the company a couple of weeks ago, and I mentioned the famous ten-to-one productivity variation between the best and worst programmers. He was surprised, so I sketched some graphs and added a few anecdotes. He then proposed a simple solution: "Obviously the programmers at the bottom end are using the wrong process, so send them on a course to teach them the right process."

My immediate response, I freely admit, was to open and shut my mouth a couple of times while trying to think of response more diplomatic than "How could anyone be so dumb as to suggest that?". But I have been mulling over that conversation, and I have come to the conclusion that the suggestion was not dumb at all. The problem lies not with my colleague's intelligence but in a simple fact. It is so basic that nobody in the software industry notices it, but nobody outside the industry knows it. The fact is this: there is no process for programming.

Software development abounds with processes of course: we have processes for requirements engineering, requirements management, configuration management, design review, code review, test design, test review, and on and on. Massive process documents are written. Huge diagrams are drawn with dozens of boxes to try to encompass the complexity of the process, and still they are gross oversimplifications of what needs to happen. And yet in every one of these processes and diagrams there is a box which basically says "write the code", and ought to be subtitled "(and here a miracle occurs)". Because the process underneath that box is very simple: read the problem, think hard until a solution occurs to you, and then write down the solution. That is all we really know about it.

To anyone who has written a significant piece of software this fact is so obvious that it seems to go without saying. We were taught to program by having small examples of code explained to us, and then we practiced producing similar examples. Over time the examples got larger and the concepts behind them more esoteric. Loops and arrays were introduced, then pointers, lists, trees, recursion, all the things you have to know to be a competent programmer. Like many developers I took a 3 year degree course in this stuff. But at no point during those three years did any lecturer actually tell me how to program. Like everyone else, I absorbed it through osmosis.

But to anyone outside the software world this seems very strange. Think about other important areas of human endeavor: driving a car, flying a plane, running a company, designing a house, teaching a child, curing a disease, selling insurance, fighting a lawsuit. In every case the core of the activity is well understood: it is written down, taught and learned. The process of learning the activity is repeatable: if you apply yourself sufficiently then you will get it. Aptitude consists mostly of having sufficient memory capacity and mental speed to learn the material and then execute it efficiently and reliably. Of course in all these fields there are differences in ability that transcend the mere application of process. But basic competence is generally within reach of anyone with a good memory and average mental agility. It is also true that motor skills such as swimming or steering a car take practice rather than book learning, but programming does not require any of those.

People outside the software industry assume, quite reasonably, that software is just like all the other professional skills; that we take a body of knowledge and apply it systematically to particular circumstances. It follows that variation in productivity and quality is a solvable problem, and that the solution lies in imposing uniformity. If a project is behind schedule then people need to be encouraged to crank through the process longer and faster. If quality is poor then either the process is defective or people are not following it properly. All of this is part of the job of process improvement, which is itself a professional skill that consists of systematically applying a body of knowledge to particular circumstances.

But if there is no process then you can't improve it. The whole machinery of process improvement loses traction and flails at thin air, like Wiley Coyote running off a cliff. So the next time someone in your organisation says something seemingly dumb about software process improvement, try explaining that software engineering has processes for everything except actually writing software.

Update: Some of the discussion here, and on Reddit and Hacker News is arguing that many other important activities are creative, such as architecture and graphic design. Note that I didn't actually mention "architecture" as a profession, I said "designing a house" (i.e. the next McMansion on the subdivision, not one of Frank Lloyd Wright's creations). People give architects and graphic designers room to be creative because social convention declares that their work needs it. The problem for software is that non-software-developers don't see anything creative about it.

The point of this post is not that software "ought" to be more creative or that architecture "ought" to be less. The point is that we need to change our rhetoric when explaining the problem. Declaring software to be creative looks to the rest of the world like a sort of "art envy", or else special pleading to be let off the hook for project overruns and unreliable software. Emphasising the lack of a foundational process helps demonstrate that software really does have something in common with the "creative" activities.

Things I'd Put in Room 101

2008-03-29T13:15:00.000-07:00

Room 101 was a BBC TV series named after George Orwell's torture chamber in the book 1984. In it a guest would explain to a regular presenter why s/he wanted to consign half a dozen pet hates into oblivion. Since the series has now ended I no longer have any hope of explaining to the British Public my pet hates, so I thought I'd do it here instead.

One and Two Pence Pieces ("Coppers")

When the UK switched to decimal currency from pounds, shillings and pence (12 old pennies to a shilling, 20 shillings to a pound) the smallest of the new coins was the half penny piece, which was finally withdrawn in 1984 as inflation had made it unnecessary (the UK saw inflation pass 20% during the 1970s). Since then inflation has been lower, but its still there. The copper-coloured 1p and 2p coins have lost about half their value since 1984. Today their only use is as change for something costing £1.99. Since many things cost a penny under a round amount to prevent staff theft and make prices look lower, my wallet fills up with these big, unwieldy, almost worthless bits of metal. Eventually you accumulate enough of them to give £2.09 to a shop assistant and get 10p change instead of 1p. You often get a grateful smile as well: shops keep running out of these coins for the same reason we keep accumulating them.

My wife is a teacher. She tells me that secondary school children use these coins as missiles. You can't ban children from carrying them, they are big enough to hurt if thrown hard, and only cost a penny or two each.

The time has come to abolish these coins. To be sure shops would sell stuff for £1.95 instead of £1.99, but this is an improvement in two ways: the 5p coin is smaller even than the 1p, and a half dozen 5p pieces can actually buy a bag of crisps.

I imagine that having the smallest unit of cash bigger than the smallest unit of accounting is going to cause some headaches: how do you close an account containing £561.34? But there must be ways around this. When I visited Italy in about 1988 the smallest coin was 10 lira, then worth about 0.5p. So they obviously coped with this question.

Having to Listen to the Guy in the Next Toilet Cubicle

Its not him I hate, its the experience of having to listen to all the little noises. I imagine he feels the same about me. In fact I'm sure that the vast majority of you are cringing as you read this, because you know exactly what I'm talking about and hate it just as much. So, if this is such an unpopular experience, why are toilets still being built with no audio privacy?

I suspect that current toilet architecture dates back to the days when masturbation and homosexuality were seen as terrible evils. You couldn't deny people privacy at home, but you could at least make sure they weren't doing anything unnatural in the public loo. Today we are a bit more enlightened, and the justifications for denying us a bit of privacy no longer make any sense. But somehow the architectural profession hasn't caught up. I suspect that amongst architects everyone knows how to build a public or workplace toilet, and everyone assumes there must be some good reason why its that way, even if they don't know what it is themselves. Or is there some British Standard specifying the minimum gap between floor and cubicle partition?

When I worked for Marconi I visited their swank HQ in London a few times. Their toilets had separate soundproofed cubicles. What luxury! Presumably the architects who designed the building back in the 1920s thought that the superior specimens of manhood who would inhabit it would be safe from unnatural vices, and only the lower classes needed to be monitored.

Blue Indicator LEDs

The invention of the blue LED was a technological triumph. It paved the way for higher densities of optical storage and also made efficient LED lighting a feasible proposition. So I don't want to get rid of the blue LED altogether. What I do want to get rid of is the use of blue LEDs as indicator lights in computer equipment because they are so much brighter than the older red and green ones. Red and green LEDs light up enough to show you that they are on, but blue ones are positively dazzling. Having one of these in your field of view is annoying; you have to avoid looking at it because the after image will make it difficult to look at anything else for several seconds. I bought a couple of USB disk drive enclosures a while ago, and not only had the designers included perspex sides with blue LEDs in them, but they had also slaved these LEDs to disk activity so that they flashed and flickered. They shipped these horrible things with leads that had even more flickering blue LEDs. Aaarghh!

The plague of blue LEDs seems to have abated somewhat, but its not gone. My new laptop has almost all green indicator lights, except the Bluetooth indicator is blue. It doesn't flicker with activity, but I've still stuck some masking tape over it. This looks ugly, but it does diffuse the blue enough to be tolerable.

Cellphones that play music through a tiny speaker

Why someone thought this was a good idea I don't know. Its probably not down to one person, more a combination of marketing-driven design and engineering compromise leading to something totally horrible, like deciding your house needs repainting before you sell it, but the only paint you can find is sickly pink. Yes, you've repainted the room as per the requirements from Marketing, but you'd have done better not to bother.

In the case of the cell phone, I imagine the conversation went something like this:

Marketing: We want our phone to be the next ghetto blaster.

Engineering: Ye canna break the laws of physics Jim. Phones are too small to reproduce low frequencies at high volume. Thats why nobody has done it.

Marketing: OK, so its not going to be the greatest sound reproduction. But you're a great engineering team. We have faith that you can rise to this challenge. Besides, we've already paid for the advertising, so its too late for you to back out.

Engineering: Well, I suppose if you shifted all the frequencies up an octave or two you could at least hear the music, but its going to sound...

Marketing: Great. Just great. "Make it so!" .

So last weekend one of my son's friends came over with his new cell phone playing what sounded like Bohemian Rhapsody sung by Pinky and Perky, except that it wasn't meant as a joke. It was probably the most nauseating musical experience of my life.

Distorted Muzak

Another musical one. I don't mind muzak most of the time: shopping is boring, and sometimes they play something I like. But every so often I find myself in a shop that gets its muzak from some kind of satellite radio muzak channel (I gather chain stores often do this because the supplier takes care of copyright licensing). But the signal is weak or the antenna has drifted or something, and the sound is heavily distorted. Muzak is supposed to put you in a relaxed mood in order to make parting with money less stressful, and good muzak does this. Badly distorted muzak just makes me want to get out as fast as possible. But its no good trying to complain. "Its company policy to have music" says the spotty youth at the customer service desk.

Candles on Restaurant Tables

This is another visual distraction, worse even than blue LEDs. Candles are brighter, and they flicker more. Restaurant owners don't even have the excuse that candles are the latest cool technology; they are thousands of years old. So why is it still considered a good idea to put one in between two people who want to look at each other?

Because it draws my eye, I feel compelled to fiddle with it. I wave my fingers through the flame and toy with the softening wax around the edge. Then I remind myself that this behaviour probably drives other people up the wall and put my hands away, for a couple of minutes until I find myself doing it again.

Why Voting Machines Can't Add Up

2008-03-19T14:05:00.000-07:00

Ed Felten is continuing his excellent work exposing the broken state of electronic voting machines. Many people are wondering how such software can have been allowed out by its developers. The discrepancies don't (at the moment) seem to be a result of fraud, just very buggy software.

Voting machines are obviously important, so their development is regulated. I've never worked in the voting machine industry, but I have worked in another kind of federally regulated software: medical devices. So I know how regulated software projects work, and how they don't.

The fundamental problem underlying this is that nobody in the world actually knows how to write software that reliably does what you want. There are quite a lot of people who can write such software, but if you ask them how its done they basically waffle. Most of them agree on a list of steps to take, starting with writing down exactly what the software is supposed to do. Various attempts have been made to codify this list, and they all look pretty similar. The voting machine standards are just another variation on this theme.

However this is all cargo-cult engineering. We know that the people who can summon up the magic cargo planes do it by putting things over their ears and saying magic words, but it doesn't follow that if we put things on our ears and say the same magic words the cargo will appear. So it is with software engineering. You can write Requirements Documents and Class Diagrams and Test Scenario Documents and Test Execution Reports until you run out of paper, but it won't make any difference if you don't have the Quality Without a Name.

Imagine you are managing a development project to build a voting machine. Your mission is to get the thing on the market. You have been given a bunch of programmers, half a human factors person and a quarter of an industrial designer. The time available isn't long enough, but you know its no use complaining about that because its not your boss's fault, or even the CEO's fault. Its the fault of the people at Big Competitor who are planning to release their product just in time to tie up the whole market, so if you don't deliver the product at the same time then its not going to matter who's fault it was, the whole division is going to get laid off anyway. You could get some more people if really wanted, but you know that more people aren't actually going to speed things up.

The Quality Department have downloaded the voting machine regulations and someone has been going through them and writing down a list of the things they say you have to do and the order they have to be done in. This is very good. In fact you send the Head of QA a little note saying how helpful his minion has been to your project, because now you have something to aim at. Project Management is mostly a matter of getting your hoops lined up so that you and your minions can jump through them as quickly as possible, and the QA minion has done the regulatory hoops for you. The regulations boil down to a list of documents that have to be shown to the inspectors (who you are going to hire, but thats another story). Each document has a list of things it must contain, and some of those things have to be traceable to other things. All you need to do now is start allocating people to things on the list and getting them ticked off. The list is long, but you have one big advantage: there is nothing to say how good any of these documents have to be. They don't have to be good, they just have to exist.

One of these documents is called "source code". Of course that one does have some quality requirements on it: its got to pass a bunch of tests. But the tests themselves don't have any quality requirements; like everything else they just have to exist. And passing the tests is the only quality requirement on the code. Once the independent laboratory you hired has run the tests and said "pass" you are over the finishing line and you can start selling these things.

This means that you have a very strong motivation to keep the testing to the minimum you can get away with. The regulations say you have to have a test for each item in the original requirements document, and this test has to be run once. If your software fails a test then you get to fix it, and if the fix was small enough you can get away without repeating all the other tests as well. During this whole time your eyes are fixed on the finishing line: the objective is to get this thing over the line. What happens to it after that is someone else's problem.

When you look at these machines from a project manager's point of view you start to see how they got to be so unreliable. "Quality Assurance" is primarily a matter of making sure you get all the items in the regulations ticked off; it has nothing at all to do with the original meaning of the word "quality". Ironically the regulations may actually do more harm than good because they divert energy from real quality onto generating the required inches of documentation.

Over the years I've spent a lot of time trying to figure out how to fix this problem, and I still don't have an answer. Abolishing private companies is a cure worse than the disease, and it won't cure the disease anyway because it won't abolish projects and the need to manage them. Software Engineering has a bad case of Quality Without A Name, and there is no prospect of it getting better soon.

However in the limited domain of voting machines I believe the best cure is sunlight: we may not be able to define quality in software, but we know it when we see it. The source code for voting machines must be published. The manufacturers will scream and shout about their precious IPR and trade secrets. This is nonsense. Any voting machine must have a well defined version of someone's software running, so any illegal copying will generate a cast-iron audit trail back to the perpetrator. And there are no real trade secrets in voting machines: counting votes is not, when it comes down to it, a particularly complicated problem. The voting machine manufacturers will make just as much money as they do now. In fact they'd probably make more because if the machines were trustworthy then people would learn to trust them. However the first vendor to start publishing their source code will be at a disadvantage because everyone else can pinch bits of it with very little risk of detection (and if they get caught they can just blame a rogue programmer). So the regulations on voting machines should be changed to require the publication of the code (and other design documentation too, while we are about it). That will create a real requirement for quality source code. Until then we are stuck with the current mess.

Why Haskell is Good for Embedded Domain Specific Languages

2008-01-10T10:42:00.000-08:00

Domain Specific Languages (DSLs) are attracting some attention these days. They have always been around, of course: Emacs Lisp is a DSL, as are the various dialects of Visual Basic embedded in MS Office applications. And of course Unix hands know YACC (now Bison) and Lex (now Flex).

However creating a full-blown language is a lot of work: you have to write a parser, code generator / interpreter and possibly a debugger, not to mention all the routine stuff that every language needs like variables, control structures and arithmetic types. An embedded DSL (eDSL) is basically a short cut if you can't afford to do that. Instead you write the domain-specific bits as a library in some more general purpose "host" language. The uncharitable might say that "eDSL" is just another name for "library module", and its true there is no formal dividing line. But in a well designed eDSL anything you might say in domain terms can be directly translated into code, and a domain expert (i.e. a non-programmer) can read the code and understand what it means in domain terms. With a bit of practice they can even write some code in it.

This paper describes an eDSL for financial contracts built in Eiffel which worked exactly that way. It doesn't talk about "domain specific language" because the term hadn't been invented back then, but the software engineers defined classes for different types of contracts that the financial analysts could plug together to create pricing models. Its interesting to compare it with this paper about doing the same thing in Haskell.

But eDSLs have problems. The resulting programs are often hard to debug because a bug in the application logic has to be debugged at the level of the host language; the debugger exposes all the private data structures, making it hard for application programmers to connect what they see on the screen with the program logic. The structure of the host language also shows through, requiring application programmers to avoid using the eDSL functions with certain constructs in the host language.

This is where Haskell comes in. Haskell has three closely related advantages over other languages:

Monads. The biggest way that a host language messes up an eDSL is by imposing a flow of control model. For example, a top-down parser library is effectively an eDSL for parsing. Such a library can be written in just about any language. But if you want to implement backtracking then its up to the application programmer to make sure that any side effects in the abandoned parse are undone, because most host languages do not have backtracking built in (and even Prolog doesn't undo "assert" or "retract" when it backtracks). But the Parsec library in Haskell limits side effects to a single user-defined state type, and can therefore guarantee to unwind all side effects. More generally, a monad defines a model for flow of control and the propagation of side effects from one step to the next. Because Haskell lets you define your own monad, this frees the eDSL developer from the model that all impure languages have built in. The ultimate expression of this power is the Continuation monad, which allows you to define any control structure you can imagine.
Laziness. Haskell programmers can define infinite (or merely very large) data structures because at at any given point in the execution only the fragment being processed will actually be held in memory. This also frees up the eDSL developer from having to worry about the space required by the evaluation model. (update: this isn't actually true. As several people have pointed out, while laziness can turn O(n) space into O(1), it can also turn O(1) into O(n). So the developers do have to worry about memory, but lazy evaluation does give them more options for dealing with it.)
The type system allows very sophisticated constraints to be placed on the use of eDSL components and their relationships with other parts of the language. The Parsec library mentioned above is a simple example. All the library functions return something of type "Parser foo", so an action from any other monad (like an IO action that prints something out) is prohibited by the type system. Hence when the parser backtracks it only has to unwind its internal state, and not the rest of the universe.

There are other programming languages that are good for writing eDSLs, of course. Lisp and Scheme have callCC and macros, which together can cover a lot of the same ground. Paul Graham's famous "Beating the Averages" paper talks about using lots of macros, and together with his patent for continuation-based web serving it is pretty clear that what he and Robert Morris actually created was an eDSL for web applications, hosted in Lisp.

But I still think that Haskell has the edge. I'm aware of the Holy War between static and dynamic type systems, but if I you put a Haskell eDSL in front of a domain expert then you only have to explain a compiler type mismatch message that points to the offending line. This is much easier to grasp than some strange behaviour at run time, especially if you have to explain how the evaluation model of your eDSL is mapped down to the host language. Non-programmers are not used to inferring dynamic behaviour from a static description, so anything that helps them out at compile time has to be a Good Thing. And its pretty useful for experienced coders too.

(Update: I should point out that monads can be done in any language with lambdas and closures, and this is pretty cool. But only in Haskell are they really a native idiom)

Is Comcast's Packet Spoofing a Federal Crime?

2007-11-29T13:26:00.000-08:00

The EFF has gathered evidence showing that Comcast is deliberately disrupting P2P traffic by spoofing RST packets to appear to come from the other end of the connection. See the EFF report for the technical details.

The US Criminal Code Title 18 Part 1 Title 47 Section 1030 covers "Fraud and Related Activity In Connection With Computers". I'm not a lawyer, but here is my understanding of the relevant bits of the statute (quotes from the statute are in italics):

Jursidiction: a "Protected Computer" is defined, amongst other things, as any computer "which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States". In other words if your computer is on the Internet, even if its outside the US, then its a Protected Computer. That includes anything connected via Comcast, and anything that talks to any computer connected via Comcast.

Offence: there are two things to prove here:

That someone employed by Comcast "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer". Damage is defined as "any impairment to the integrity or availability of data, a program, a system, or information". A spoof RST packet instructs the receiving computer to drop a TCP connection, so it is a command that impairs the availability of data. I have no direct evidence that these packets were sent knowingly, but I find it difficult to imagine a scenario in which they were sent by accident.
That this action caused "loss to 1 or more persons during any 1-year period [...] aggregating at least $5,000 in value". "Loss" is defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service". This is a bit tricky, but people do value their time. $10 per hour is a pretty low wage, and many professionals charge many times that. If failed P2P connections have cost 500 Comcast users 1 hour each in wasted time then this threshold has been reached. You might also be able to make a case purely on the cost of running a computer and keeping it connected via Comcast. The professional IT people who have taken the time to run tests with packet sniffers could certainly count their time at a professional rate as "responding to an offence" and "conducting a damage assessment". There is also some evidence that Comcast inadvertently disrupted other protocols, including Lotus Notes and Windows Remote Desktop. These are used commercially and their disruption would have real financial impact. So while a detailed accounting remains to be done, it certainly looks likely that the $5,000 threshold has been reached.

Penalty: "a fine under this title or imprisonment for not more than 5 years, or both, [if] the offense was committed for purposes of commercial advantage or private financial gain". Comcast's attempts to block P2P protocols are prompted by their desire to keep costs down while seeming to offer an unrestricted service. That counts as "commercial advantage".

So it certainly looks like a Section 1030 offense has been committed that could see someone put in the pen for five years. Any Comcast customers want to call the FBI?

Disruptive Innovation and the Walmart Linux PC

2007-11-27T12:00:00.000-08:00

The Everex TC2502 is being sold by Walmart for $200 (no monitor included), assuming it hasn't sold out a second time. Part of the reason its so cheap is that it runs Linux and OpenOffice.org instead of Windows and MS Office. The first run sold out within days, which is a strong clue that it was a lot more popular than expected. This doesn't mean popular in an absolute sense, just more than Walmart and Everex expected when they decided how many to get in stock. But its the relative popularity that counts: Walmart and Everex produced this box because they calculated they would turn a profit on whatever number they expected to sell. So the fact that they sold out fast means two things:

A bigger profit than expected, which is nice for Walmart and Everex.
Cheap Linux-based PCs have a market niche big enough to make them worth-while. Other manufacturers will have taken note. Expect imitators.

Anyone who has read The Innovator's Dilemma will recognise this pattern: a market incumbent listens to its best (i.e. richest and most profitable) customers, and in consequence makes its products bigger, better and progressively more expensive. The incumbent also finds it unprofitable to compete with narrow niche offerings at the bottom, because they are low quality and aimed at poor customers that can't afford the market leader. So it forgoes the bottom end of the market and concentrates on its nice profitable high-end models. However over time the bottom-end offerings improve, and so become a cost-effective choice for more and more customers. Eventually this starts to make serious inroads into the sales of the incumbent. But by then its too late. The incumbent must choose between cutting prices to compete with the newcomer or else continue to see its market share erode. Neither option will bring back the glory days, and historically many such companies went out of business surprisingly fast.

I'm quite sure that Bill Gates and Steve Ballmer have read The Innovator's Dilemma and seen this coming. There is a bit of MBA strategy theory that sums up their position nicely. Plot their product lines on a chart with two axes; market share and growth potential. The high-share-low-growth lines are "cash cows": they should be milked, and the profits put into high-growth lines. Eventually all cash-cows turn into dogs (low-share-low-growth) and these should be killed off. You just have to hope that by then you have some new cash cows to replace them.

Microsoft has two cash-cows (Windows and Office), and Microsoft has indeed been milking them for all they are worth. The money has been ploughed into a bunch of ventures over the years, but none of them look like becoming future cash cows.

Now we may be entering the final act. People have talked about Linux as a disruptive technology for the last decade, and for server operating systems it definitely has been. Its effectively killed off proprietary Unix, and put a serious dent in Windows. Microsoft continues to fight a rearguard action in this market, but its reliance on big corporate customers is becoming more and more obvious as it tries to separate its premium products (which rich big companies will still reliably pay for) from its lower end offerings. But on the desktop Windows and Office have continued to reign supreme.

Now for the first time in a decade a competing office suite is starting to nibble at the toes of the incumbent. Its not going to make a dent in Microsoft's quarterly numbers just yet, but the future can only go one way. Microsoft sells Windows and Office to PC builders for less than the retail prices, but it cannot let Windows and Office go onto a PC that sells for $200 because they would be giving it away: it would actually be cheaper to buy the PC with the software than to buy the software alone at retail prices. But as more people find that bottom-end hardware with Linux and OpenOffice.org makes a perfectly useful home PC at a fraction of the cost of the Microsoft alternative, so the market will grow. Microsoft may try to segment the market by offering a cut-down version of MS Office (maybe Word with a 20 page limit), but they are competing with a fully featured product. No matter what they do to Windows and Office, Linux and OpenOffice.org are going to look like better value to anyone who is on a tight budget.

Initially it will just be cash-strapped consumers who buy these boxes (students in particular are going to love them). But this is a one-way street. Every consumer who buys one of these boxes is a consumer who is never going to buy a Microsoft box again, even when they get rich. Why pay more to learn a different set of software? And they'll tell their friends about how well it works too. The flow of money into multiple vendors coffers will stimulate investment and competition. All the vendors will want a slicker, more fully featured Linux offering with a bigger repository of instantly downloadable free (in both senses) software. The resulting competition will be downright Darwinian, and the offerings are going to get very good very fast. Everybody is going to race up-market as fast as possible because thats where the real money is. At the moment that money is being taken by Microsoft, but not for long.

Add to this the famous network effects. Part of the reason MS Office dominates is that you need it to exchange documents with everyone else. But if that stops being true then another good reason to pay for MS Office disappears as well.

So I predict that Microsoft is going to be in serious trouble, probably within the next few years. Their existing cost base is tuned to making and selling ever bigger and better versions of their cash cows, and there is no way that they can cut this back to compete with Linux and OpenOffice.org on a cost basis. But if they can't compete then their cash cows are going to turn into dogs before they can be replaced. So Microsoft will be left with two dogs, a bunch of ventures that require investment, and no cash flow. Sure they have big cash reserves they can burn through, but thats not going to be enough even if their investors let them do it.

Its the disks that are the problem, not losing them

2007-11-23T10:26:00.000-08:00

The UK news this week has been full of stories about the loss of 2 disks (presumably CDs or DVDs) containing all 25 million Child Benefit records. For those outside the UK, Child Benefit is several pounds a week paid to the mother of every child (i.e. under 16) in the UK. In most cases it gets paid directly into a nominated bank account.

This is one of the biggest data losses ever, if not the biggest. The government has been at pains to point out that the disks are probably just mislaid, and they don't contain enough data for criminals to actually use. Meanwhile the Opposition has been alleging government incompetence and calling for them to "get a grip". People are being advised to keep an eye on their bank accounts and not use their childrens' names as passwords.

All this misses the point. The problem was not that a couple of disks got lost, it is that a comparatively junior person could burn the entire database to a couple of disks, apparently on his/her own initiative, and without further controls. There was a time when copying 25 million records would have required substantial resources, such as an overnight run on the mainframe and a boxful of tapes. The sheer volume of data made it physically difficult to copy, or to lose. However Moore's Law has turned that big, slow, expensive job into a few minutes with a CD burner. If those two disks were CDs then the whole lot would also fit on a £10 thumb drive, or even a cell phone. The story referenced above suggests that in the past the National Audit Office (the place where the disks in question never arrived) have made their own copies and sent them to outside auditors. None of the commentators seem to have realised that the most probably route for the data to get into the hands of criminals is not the loss of an authorised copy but the creation and distribution of unauthorised copies.

There are supposed to be procedures in place, but its no surprise that they are not being followed; when was the last time you reached for the Company Procedure Manual to check on the detailed procedure for some simple action? Its also too easy to blame the middle manager who decided that a written procedure was better than implementing a software access control system. Given a choice between implementing costly access controls and writing a procedure for making copies, which would you chose? Now try it again, but imagine that your annual evaluation is going to suffer if you "waste" money doing something that has no positive benefit on your departmental targets.

I would like to think that this incident will be a wake-up call for the civil service to revamp its data control procedures. However I doubt it. A scapegoat has already fallen on his sword (to mix the commonest metaphors). The government is keen to show it is doing something, but mostly to counter the opposition claims of incompetence. And the opposition is more interested in a ministerial scalp than in actually pushing for effective action. What is really needed is an audit of all databases containing UK citizen personal information, followed by a study into the necessary forms of access and the implementation of software-based authorization and logging mechanisms. But nobody in authority seems to be thinking along those lines.

The sad thing is that the Ministry of Defence has had hundreds of years experience in dealing with sensitive and secret data, and they have become quite good at it. Perhaps they should give the rest of the government some lessons.

The Rise of Modern Morality

2007-09-20T11:38:00.000-07:00

Every so often I read a letter in a newspaper or some other forum about "the decline of modern morality", in which the writer laments the failing moral standards of private and public life. I'm old enough to have been reading these articles for two or three decades now, and I've seen some samples of the same genre from past times. Elvis Presley caused a moral panic in 1956 by gyrating his hips on stage, and this was cited by commentators at the time as corrupting the morals of young people. Much has been written about the sociology of moral panics and I don't propose to repeat it here. Instead I want to argue that, far from declining, modern morality is actually superior to moralities of the past (and I use the plural deliberately).

In 1970 in the UK it was not only legal but widely accepted practice to pay a woman less than a man for doing the same job. Women who wanted a life outside of home making and child rearing were seen as aberrant, and often regarded with scorn.
In 1960 in America many parts of the country segregated public facilities by race, with black people consistently and blatantly short-changed. This invidious system was widely supported by prominent politicians and churchmen.
Even into the 1970s in Australia aborigine children were forcibly removed from their parents and placed in institutions where they were denied proper education and were terribly vulnerable to physical and sexual abuse. Again, this programme was considered perfectly proper and moral by the standards of the time.
There was a standing assumption for many years that unmarried mothers should immediately give up their children for adoption. In Ireland they were also incarcerated in the "Magdalene Laundries". Other countries had similar systems. Strangely, the fathers were left to go free.
For most of the 20th century, when it became necessary to remove children from their parents because of neglect or abuse little thought was given to keeping siblings together: they would be split up to suit the convenience of potential adopters or fosterers.
Until recent years in most Western countries, homosexuals were persecuted and discriminated against, both by the law and by society at large.
Until the 90s in the UK drink-driving was considered a minor peccadillo. Drivers convicted of the offence were more likely to encounter sympathy at the unfair attitude of the legal system than censure at their reckless disregard for the safety of others.

Not all of these evils are completely gone, but in all cases there has been a substantial moral shift. I know that some readers will look at some of this list, especially the tolerance of homosexuality, and regard this as evidence of moral decay rather than ascent. But this brings up another issue I have with the Cassandras of moral decay: their belief in moral absolutism; that right and wrong are entirely self-evident, and that any deviation stems from lack of morality rather than a genuine disagreement over what the moral course is.

The problem with moral absolutism is that (in its commonest form) it asserts that the perfect moral code has already been revealed and the only possible improvement is in closer adherence to that code. However I describe myself as a Liberal Utilitarian (although I confess I haven't actually read any of Mill's work). Hence I see "the greatest good of the greatest number" as a basic moral principle, while at the same time acknowledging that there may be a lot of disagreement about exactly what that means and how to bring that about. Liberal utilitarianism recognizes no absolute moral imperative apart from the general principle that life, liberty and the pursuit of happiness are good things. However by retaining that anchor it avoids the charge often leveled by the Absolutists that those who question their moral code are "relativists" who believe that any moral code is as good as any other. Liberal utilitarianism examines the impact of moral rules on the real people affected by them. If different rules would have a better outcome then those rules are automatically better. I see the arguments (both past and ongoing) about freedom, equal opportunities and tolerance to be a part of this process, and I see a steady improvement through history. Those who object to the current crop of improvements in morality because they contradict their particular absolutist code would do well to read their history books.