Category Archives: Science

John Quarterman on Mapping Spam and Politics (audio)

At a meeting on a completely different subject, I was interviewed about Here's the audio, and here's the blurb they supplied:

John S. Quarterman, long time Internet denizen, wrote one of the seminal books about networking prior to the commercialization of the Internet. He co-founded the first Internet consulting firm in Texas (TIC) in 1986, and co-founded one of the first ISPs in Austin (Zilker Internet Park, since sold to Jump Point). He was a founder of TISPA, the Texas ISP Association. Quarterman was born and raised in Lowndes County, where he married his wife Gretchen. They live on the same land where he grew up, and participate in local community and government.

Quarterman took some time during Georgia River Network's Weekend for Rivers to speak with the Nonprofit Snapshot about spam-mapping and small town politics.

More about Elinor Ostrom's Nobel-prize-winning work on organizing the commons, and how that applies to

The water organization has since been incorporated as the Georgia non-profit WWALS Watershed Coalition:

WWALS is an advocacy organization working for watershed conservation of the Willacoochee, Withlacoochee, Alapaha, and Little River Systems watershed in south Georgia and north Florida through awareness, environmental monitoring, and citizen advocacy.


World PM2.5 Map as reputation

NASA posted 22 October 2009, New Map Offers a Global View of Health-Sapping Air Pollution
In many developing countries, the absence of surface-based air pollution sensors makes it difficult, and in some cases impossible, to get even a rough estimate of the abundance of a subcategory of airborne particles that epidemiologists suspect contributes to millions of premature deaths each year. The problematic particles, called fine particulate matter (PM2.5), are 2.5 micrometers or less in diameter, about a tenth the fraction of human hair. These small particles can get past the body’s normal defenses and penetrate deep into the lungs.
Even satellite measurements are difficult (clouds, snow, sand, elevation, etc.). But not impossible:

Continue reading

“botnet herders can add it to its spam-spewing botnet” —Fahmida Y. Rashid in

This reporter spits out a string of alliterative language that labels the problem that helps diagnose.

Fahmida Y. Rashid wrote in 8 June 2011, UT Researchers Launch SpamRankings to Flag Hospitals Hijacked by Spammers:

“Poor security measures are generally responsible for employee workstations getting compromised, either by spam or malicious Web content. Once the machine is compromised, the botnet herders can add it to its spam-spewing botnet to send out malware to even more people. The original employee or the organization rarely has any idea the machine has been hijacked for this purpose.”
That’s a pretty good explanation for why outbound spam is a proxy for poor infosec.


Transparency in Rome

Here’s my presentation, Transparency as Incentive for Internet Security: Organizational Layers for Reputation, from RIPE 61 in Rome. This presentation summarizes the two previous RIPE Labs papers about proposed new organizational layers and outbound spam ranking experiments.

RIPE-NCC is the oldest of the Regional Internet Registries (RIRs), and RIPE is the deliberately unorganized association of interested parties that meets twice a year and holds discussions online in between. It’s a mix of operations, research, and socializing. Topics range from obscure details of deploying IPv6 to organizational proposals such as what I was talking about. 430 people attended the meeting in Rome, which was quite a few more than the dozen or two of the first RIPE meeting I went to many years ago.

Interesting questions were asked. I may blog some of them.


Daniel Karrenberg and RIPE Atlas

Daniel Karrenberg shows an animation related to RIPE Atlas, RIPE’s new active measurement project using USB-powered dongles scattered around the Internet.

Video by jsq at RIPE 61 in Rome, Italy, 15 Nov 2010. His slides, the RIPE Atlas home page, and the conference will put up video of all the talks within about a day.


PS: My talk is 11AM Rome time tomorrow, Tuesday 16 Nov.

NANOG: Submarine adopts 40G and 100G

Per Hansen of Ciena at NANOG 50 talked about growing capacity not by adding more data cables under the sea, rather by increasing spectral density. Eventually new cables will be needed, but meanwhile he thinks we can get up from about 2 bits to to 5 or 6 bits per Hertz. It does require more power: same energy per bit, but more bits.

Plus mesh networks for rerouting, even if it means rerouting backwards around the world, he notes. We’ve observed that sort of emergency backwards routing as long ago as January 2008, in the U.A.E. Cable Cut.


What we can learn from the Therac-25

What does Nancy Leveson’s classic analysis of the Therac-25 recommend? (“An Investigation of the Therac-25 Accidents,” by Nancy Leveson, University of Washington and Clark S. Turner, University of California, Irvine, IEEE Computer, Vol. 26, No. 7, July 1993, pp. 18-41.)
“Inadequate Investigation or Followup on Accident Reports. Every company building safety-critical systems should have audit trails and analysis procedures that are applied whenever any hint of a problem is found that might lead to an accident.” p. 47

“Government Oversight and Standards. Once the FDA got involved in the Therac-25, their response was impressive, especially considering how little experience they had with similar problems in computer-controlled medical devices. Since the Therac-25 events, the FDA has moved to improve the reporting system and to augment their procedures and guidelines to include software. The input and pressure from the user group was also important in getting the machine fixed and provides an important lesson to users in other industries.” pp. 48-49

The lesson being that you have to have built-in audit, reporting, transparency, and user visibility for reputation.

Which is exactly what Dennis Quaid is asking for.

Remember, most of those 99,000 deaths a year from medical errors aren’t due to control of complicated therapy equipment: Continue reading

What about the Therac-25?

Someone suggested that Dennis Quaid should be reminded of the Therac-25 “if he thinks computers will reduce risk without a huge investment in quality, quality assurance and operational analysis.” For readers who may not be familiar with it, the Therac-25 was a Canadian radiation-therapy device of the 1980s that was intended to treat cancer. It had at least six major accidents and caused three fatalities, because of poor software design and development.

Why should anyone assume Dennis Quaid doesn’t know that quality assurance and operational analysis are needed for anything designed or controled by software? The man is a jet pilot, and thus must be aware of such efforts by aircraft manufacturers, airlines, and the FAA. As Quaid points out, we don’t have a major airline crash every day, and we do have the equivalent in deaths from medical errors. Many of which could be fixed by Computerized Physician Order Entry (CPOE).

Or ask the Mayo Clinic: Continue reading