2015-05-29

Courageous journalism at the BBC

I kid, obviously. When describing the current controversy over the Washington D.C. Metro refusing to take any "issue-oriented" adverts until next year just so that they can avoid showing the prize-winning "Draw Mohammed" cartoon, the BBC resorts to words rather than a picture to describe the salient image.

The advert calls for Americans to support free speech and features a bearded, turban-wearing Muhammad waving a sword and shouting: "You can't draw me!"
In reply, a cartoon bubble portrays an artist grasping a pencil and saying: "That's why I draw you."
How odd, you would have thought that they would have included an image of the cartoon rather than laboriously describe its contents.

Just to make the point, here's the image in question:

The spineless BBC writer isn't shy of displaying their orientation towards issues:

Ms Geller insists the cartoon is a "political opinion" which does not contain any violence.
Ms Geller is of course correct. There's no violence in that picture: the gentleman depicted is holding a sword, but that's as far as it goes. Yet the writer takes particular care to use reported speech and quotes, presumably to demonstrate that he or she is emphatically not in sympathy with Ms Geller or (mysteriously unnamed in the article) artist Bosch Fawstin.

Deary me. Truely, the BBC has resigned from actual journalism in order to be at the back of the line when crocodile feeding time comes around.

I'm really not keen on Pamela Gellar, but the rest of the world seems to be bending over backwards to make her admittedly extreme opinions seem really quite rational and reasonable. And we are surprised when Muslim extremism is emboldened by this obvious cowardice?

2015-05-19

Delays are good for you - the MTA proves it

No, really, they do. New York's Metropolitan Transit Authority (something like Transport for London) has produced an outstanding video that shows why making some subway trains late makes others less late:

Yes, the idea is that sometimes delaying a train can prevent further delays by not compounding the gap between trains. Anyone who has waited impatiently on a hot subway platform might find this concept counterintuitive, but transportation experts generally agree that that the evenness of service is as crucial as avoiding individual delays.
The MTA video makes a compelling case. The key insight is that once a platform gets crowded enough, due to constant feed of new passengers and a delayed train, it becomes slower for the next train to debark and embark passengers. So an already delayed train gets more delayed as it progresses down the line. The solution? Spot a train that's getting near the critical delay time and give it priority to progress through the network even if this involves delaying other (less delayed trains).

It's a great example that, even in what we regard as relatively simple systems, there can be a complex interplay between entities that produce highly unintuitive results. Deliberately delaying trains can actually be good for the system as a whole (if not for the passengers sitting in the delayed train with their faces pressed into a fellow passenger's unwashed armpit).

2015-05-13

You should care about moving to HTTPS

Eric Mill's "We're Deprecating HTTP and it's going to be okay" is a must-read call-to-arms for everyone with a site on the Internet, explaining why the transition from unencrypted web traffic (HTTP) to encrypted (HTTPS) is actually fundamental to the future existence of the democratic web-as-we-know it.

For the 90% of my reading audience who are already saying "Bored now!" here's why it matters to you. Sir Tim Berners-Lee invented HTTP (the language of communication between web browser and web server) in CERN, a European haven of free thought, trust and international co-operation. The 1930s idea that "Gentlemen do not read each other's mail" was - surprisingly, given the history of cryptographic war in WW2 - fundamental to HTTP; messages might have transited systems owned by several different groups, but none of them would have thought to copy the messages passing through their system, let alone amend them.

This worked fine as long as no-one was interested in the communication of harmless nerds about their hobbies, much as the government-owned Royal Mail doesn't bother to copy the contents of postcards passing through their sorting offices because they only contain inane drivel about sun, sea and sand. However, once people realized that they could communicate freely about their occasionally subversive ideas across borders and continents, and financial institutions woke to the possibility of providing services without paying for expensive un-scalable fallible human cashiers, many governments and other less-legal entities wanted to read (and sometimes alter) Internet traffic.

Mills gives two great examples of where HTTPS prevented - and could have prevented further - nation-state abuse of Internet content:

- The nation of India tried and failed to ban all of GitHub. HTTPS meant they couldn't censor individual pages, and GitHub is too important to India's tech sector for them to ban the whole thing.
- The nation of China weaponized the browsers of users all over the world to attack GitHub for hosting anti-censorship materials (since like India, they can't block only individual pages) by rewriting Baidu's unencrypted JavaScript files in flight.
And closer to home, Cameron's plan to make all online communication subject to monitoring is so stupidly illiberal and expensively pointless that it deserves to be made impractical by general adoption of HTTPS. GCHQ and friends can tap all the Internet traffic they like: if it's protected by HTTPS, the traffic is just taking up disk space to no practical purpose. Brute-forcing, even with nation-state resources, is so expensive that it's reserved for really high-value targets. GCHQ would have to go after something fundamental like a Certificate Authority, which would leave big and obvious fingerprints, or compromise a particular user's machine directly, which doesn't scale.

As long as users are still relaxed about the absence of a padlock in their browser bar, HTTP will continue to provide a route for governments to snoop on their citizens' traffic. So let's give up on HTTP - it has had its day - and move to a world where strongly encrypted traffic is the default.