Category Archives: Food and Drink

Medical Metrics Considered Overrated

One of the presenters at Metricon 5.0 was comparing IT security to other fields in various aspects of metrics and monitoring. I mentioned I thought she was giving far too much green for good to the field of medicine. This provoked repeated back and forth later.

My point was that 150 years after the invention of epidemiology and 100 years after the discovery of bacterial transmission of disease, in medicine application of known preventive measures is so low that Atul Gawande of Harvard has gotten large (on the order of 30%) reductions in deaths from complications of surgery in many hospitals simply by getting them to use checklists for things like washing hands before surgery.

I have an elderly relative in a nursing home who can’t take pills whole due to some damage to nerves in her neck. Again and again visitors sent by the family discover nursing home staff trying to give her pills whole without grinding them up. Why? They don’t read instructions about her, and previous shifts don’t remind later shifts. This kind of communication problem is epidemic not only in nursing homes but in hospitals. I found my father in a diabetic coma because nurses hadn’t paid any attention to him being a diabetic and needing to eat frequently. Fortunately, a bit of honey brought him out of it. Even nurses readily acknowledge this problem, but it persists. I can rattle off many other examples.

To which someone responded, yes, but medicine has epidemiology, and Edward Tufte demonstrated in one of his books that that goes well beyond checklists in to actual analysis, as in a physician’s discovery of a well in London being he source of cholera. I responded, yes, John Snow, in 1854: that was the first thing I said when I stood up to address this. But who now applies what he learned? One-shot longitudinal studies are not the same as ongoing monitoring with comparable metrics to show how well one group is doing compared to both the known science and to other groups.

Many people still didn’t get it, and kept referring to checklists as rudimentary.

So I tried again. If John Snow were alive today, he wouldn’t be prescribing statins for life to people with high blood pressure. He would be compiling data on who has high blood pressure and what they have been doing and eating before they got it. He would follow this evidence back to discover that one of the main contributors to high blood pressure, heart disease, and diabetes in the U.S. is high fructose corn syrup (HFCS). Then he would mount a political campaign to ban high fructose corn syrup, which would be the modern equivalent of his removal of the handle from the pump of the well that stopped the cholera.

To which someone replied, but there are political forces who would oppose that. And I said, yes, of course. Permit me to elaborate.

There were political forces in John Snow’s time, too, and he dealt with them:

Dr Snow took a sample of water from the pump, and, on examining it under a microscope, found that it contained “white, flocculent particles.” By 7 September, he was convinced that these were the source of infection, and he took his findings to the Board of Guardians of St James’s Parish, in whose parish the pump fell.

Though they were reluctant to believe him, they agreed to remove the pump handle as an experiment. When they did so, the spread of cholera dramatically stopped. [actually the outbreak had already lessened for several days]

Snow also investigated several outliers, all of which turned out to involve people actually travelling to the Soho well to get water.
Still no one believed Snow. A report by the Board of Health a few months later dismissed his “suggestions” that “the real cause of whatever was peculiar in the case lay in the general use of one particular well, situate [sic] at Broad Street in the middle of the district, and having (it was imagined) its waters contaminated by the rice-water evacuations of cholera patients. After careful inquiry,” the report concluded, “we see no reason to adopt this belief.”

So what had caused the cholera outbreak? The Reverend Henry Whitehead, vicar of St Luke’s church, Berwick Street, believed that it had been caused by divine intervention, and he undertook his own report on the epidemic in order to prove his point. However, his findings merely confirmed what Snow had claimed, a fact that he was honest enough to own up to. Furthermore, Whitehead helped Snow to isolate a single probable cause of the whole infection: just before the Soho epidemic had occurred, a child living at number 40 Broad Street had been taken ill with cholera symptoms, and its nappies had been steeped in water which was subsequently tipped into a leaking cesspool situated only three feet from the Broad Street well.

Whitehead’s findings were published in The Builder a year later, along with a report on living conditions in Soho, undertaken by the magazine itself. They found that no improvements at all had been made during the intervening year. “Even in Broad-street it would appear that little has since been done… In St Anne’s-Place, and St Anne’s-Court, the open cesspools are still to be seen; in the court, so far as we could learn, no change has been made; so that here, in spite of the late numerous deaths, we have all the materials for a fresh epidemic… In some [houses] the water-butts were in deep cellars, close to the undrained cesspool… The overcrowding appears to increase…” The Builder went on to recommend “the immediate abandonment and clearing away of all cesspools — not the disguise of them, but their complete removal.”

Nothing much was done about it. Soho was to remain a dangerous place for some time to come.

John Snow didn’t shy away from politics. He was successful in getting the local politicians to agree to his first experiment, which was successful in helping end that outbreak of cholera. He even drew his biggest opponent into doing research, which ended up confirming Snow’s epidemiological diagnosis and extending it further to find the original probable source of infection of the well. But even that didn’t suffice for motivating enough political will to fix the problem.

From which I draw two conclusions:

  1. Even John Snow is over-rated. Sure, he found the problem, but he didn’t get it fixed longterm.

  2. Why not? Because that would require ongoing monitoring of likely sources of infection (which sort of happened) compared to actual incidents of disease (which does not appear to have happened), together with eliminating the known likely sources.
Eliminating likely known sources is what Dr. Gawande’s checklist is about, 150 years later, which was my original point. And the ongoing monitoring and comparisons appear not to be happening, even yet.

As someone at Metricon said, who will watch the watchers? I responded, yes, that’s it!

One-shot longitudinal studies can create great information. That’s what John Snow did. That’s what much of scientific experiment is about. But even when you repeat the experiment to confirm it, that’s not the same as ongoing monitoring. And it’s not the same as checklists to ensure application of what was learned in the experiment.

What is really needed is longitudinal experiments combined checklists, plus ongoing monitoring, plus new analysis derived from the monitoring data. That’s at least four levels. All of them are needed. Modern medicine often only manages the first. And in the case of high fructose corn syrup (HFCS), until recently even the first was lacking, and most of the experiments that have happened until very recently have not come from the country with the biggest HFCS health problem, namely the U.S. A third of the entire U.S. population is obese, and another third is overweight, with concomittant epidemics of heart disease, diabetes, and high blood pressure. And the medical profession prescribes statins for life instead of getting to the root of the problem and fixing it.

Yes, I think the field of medicine gets rated too much green for good.

And if IT security wants to improve its own act, it also needs all four levels, not just the first or the second.


Bananas and Apples: Another Monoculture

banana-bunch_d.gif Yes, we will have no bananas, again:

Most commercial growing facilities handle just a single banana type — the one we Americans slice into our morning cereal.

How much time is left for the Cavendish? Some scientists say five years; some say 10. Others hold out hope that it will be much longer. Aguilar has his own particular worst-case scenario, his own nightmare. "What happens," he says, with a very intent look, "is that Panama disease comes before we have a good replacement. What happens then," he says, nearly shuddering in the shade of a towering banana plant, "is that people change. To apples."

Can This Fruit Be Saved? By Dan Koeppel,, June 2005

Cavendish is the variety of banana eaten the world around. "Quite possibly the world’s perfect food," says Chiquita. But perfection comes with a price if it leads to monoculture. And that’s what we’ve got with bananas: every commercial Cavendish banana tree is grown from cuttings of the original tree, and so is genetically identical. Banana monoculture has borne the fruit of disaster before.

Growers adopted a frenzied strategy of shifting crops to unused land, maintaining the supply of bananas to the public but at great financial and environmental expense — the tactic destroyed millions of acres of rainforest. By 1960, the major importers were nearly bankrupt, and the future of the fruit was in jeopardy. (Some of the shortages during that time entered the fabric of popular culture; the 1923 musical hit "Yes! We Have No Bananas" is said to have been written after songwriters Frank Silver and Irving Cohn were denied in an attempt to purchase their favorite fruit by a syntactically colorful, out-of-stock neighborhood grocer.) U.S. banana executives were hesitant to recognize the crisis facing the Gros Michel, according to John Soluri, a history professor at Carnegie Mellon University and author of Banana Cultures, an upcoming book on the fruit. "Many of them waited until the last minute."

Denial in the face of a clear and present ecological danger. We’ve seen this before.

Continue reading

Aged Old Code

pic_large21yearold.jpg Old wine or whisky can become more complex and interesting. Old code becomes insecure:
Or at least become more vulnerable. I’ve recently been helping a client with their secure coding initiative and as a result I’ve been reading Mike Howard and Dave LeBlanc’s Writing Secure Code which reminded me of an important aspect of maintaining a secure code base which often gets overlooked: That is that as code ages it becomes insecure.

Evolve or Die, by arthur, Emergent Chaos, August 29, 2007 at 7:47 AM

The state of the art in discovering vulnerabilities advances. I remember when nobody worried much about buffer overflows. Related to that, programs get used in environments they weren’t written for. Who really cared about buffer overflows on the early Internet when just getting it working for a few researchers was the goal? Related to that, the number of people motivated to break code keeps increasing, especially those with monetary motivation. With enough eyes are bugs are shallow also means with enough eyes all vulnerabilities become easy to find. Or, in this postmodern world, even computer programs are largely what people perceive them to be, and those perceptions change.

For example, Jeff Pulver perceives Facebook’s video messages as videophone. How long before somebody perceives it as a phishing method? Where there’s humans there’s humint.


Terrorism, Lightning, and Bloomberg

bloo0902.jpg Sometimes a politician says something so sensible you wonder why everbody doesn’t say it:

There are lots of threats to you in the world. There’s the threat of a heart attack for genetic reasons. You can’t sit there and worry about everything. Get a life.

You have a much greater danger of being hit by lightning than being struck by a terrorist.

In terms of what you as individual on the streets should worry about is not whether the person sitting next to you on the subway is a terrorist. The likelihood of that is so small it is not something you should worry about.

Buzz Over Mayor’s ‘Get a Life’ Remark, By Sewell Chan, Empire Zone, June 6, 2007,  9:46 am

The outlet that originally quoted Bloomberg,, quotes several people as saying terrorism is a big threat. However, it also points out that New York City is the safest city in America, with violent crime in general low and decreasing. Maybe if that TV station and others reported that more often, instead of constant, irrational fear, more people would understand what Bloomberg is saying.

Continue reading

Norms-Based iTunes?

Borovinka.jpg Ben Hyde dug up a paper about Norms-Based Intellectual Property Systems: The Case of French Chefs, which discusses the issues involved in the recent case of the French chefs, even though it was published before that foofaraw. This paper makes me wonder if that’s what Apple is doing:
With great power comes great responsibility, and apparently with DRM-free music comes files embedded with identifying information. Such is the situation with Apple’s new DRM-free music: songs sold without DRM still have a user’s full name and account e-mail embedded in them, which means that dropping that new DRM-free song on your favorite P2P network could come back to bite you.

We started examining the files this morning and noticed our names and e-mail addresses in the files, and we’ve found corroboration of the find at TUAW, as well. But there’s more to the story: Apple embeds your account information in all songs sold on the store, not just DRM-free songs. Previously it wasn’t much of a big deal, since no one could imagine users sharing encrypted, DRMed content. But now that DRM-free music from Apple is on the loose, the hidden data is more significant since it could theoretically be used to trace shared tunes back to the original owner. It must also be kept in mind that this kind of information could be spoofed.

Apple hides account info in DRM-free music, too, By Ken Fisher, ars technica, May 30, 2007 – 01:39PM CT

The ars technica article goes on to recommend a trivial way to keep the music and ditch the identifiers, and points out that the presence of such an identifier on somebody else’s disk doesn’t necessarily prove copyright infringement. But maybe that’s not what Apple is really after. Maybe it’s so people will know that Apple could know, and other people could know, where you got your music. Like French chefs know where other chefs got certain recipes. Norms-based iTunes?


Cooking Property?

bio_wylie3.jpg What happens when one famous chef copies another’s recipe?

The place is agog at the effrontery of Vigneron, since they believe he has brazenly ripped off one of chef Wylie Dufresne’s best-known dishes. By the looks of a feature in the current issue of Wired, Vigneron has created a showpiece dish of a “cyber egg,” the yolk of which is made of carrot-cardamom purée, surrounded by a white of hardened coconut milk. Very interesting, given that almost the exact same dish (minus a garnish of foam and carrot) has been served often at wd-50, is featured on the restaurant’s website, and, we are told by members of the staff, has been eaten by Vigneron at least twice. “It’s one thing to be inspired by a dish and to change the flavors to make it your own,” says line cook John Bignelli. “But to just steal everything? How can you do that?” Dufresne, staying above the fray, declined to comment.

Did Marcel From ‘Top Chef’ Really Just Rip Off Wylie Dufresne? Grub Street, New York Magazine, 15 May 2007

You get a lot of commentary.

Continue reading