People seem to assume that Email is like regular mail only faster, and since it's a federal crime to tamper with postal mail, email communications must be covered the same way, and that the two are equivalently private. The problem is that a government employee (or several) are the ones that physically carry your snail mail from where you dropped it off to its final destination. Therefore the government has some ability to enforce that sanctity of mail--the postal workers are traceable sources of tampering, who can be fired or even legally punished for any evil they do. From there, the only thing you have to worry about is delivery mishap, and non-USPS hands at those weak points, before and after transit, where it might fall into them. These are relatively uncommon, and again, the fact that tampering with mail is a federal crime protects you in almost all cases.

But E-mail isn't carried by someone who has a stake in your privacy. The E-mail, as soon as it leaves your computer, is going to pass through dozens of other computers, some controlled by Comcast or Verizon, some controlled by Sprint or Level 3 Communications, some controlled by other companies you might not even have heard of. The fact is that these companies can easily monitor plaintext emails passing through. Even if you trust these companies, it is always a possibility that one of the servers happens to be compromised from without.

This is where a basic lesson comes in: don't send personal information by email. It is trivially easy to scan for certain things like phone numbers, Social Security numbers, credit card numbers, drivers license numbers, license plate numbers, just about anything else you might not want people to know. If you're sending these things to anyone via an unencrypted digital channel like email, it is very possible that it could be intercepted, identified, and later used for nefarious purposes.

Notice where I said "an unencrypted digital channel like email". That's the key thing. You see, it's safe (or at least much more safe) to enter things like that on an encrypted website, such as https://www.bankofamerica.com--because you trust Bank of America, and because the site has that handy "https" instead of "http", you know that there will be no computer between you and the Bank itself that ever sees your information in cleartext. Instead it sees something encrypted in such a way that it is virtually unbreakable--so that only you and the Bank see anything you type into that website.

So how do we fix it?

Effectively, there are two things you want to know about a message: #1, that it's from who it says its from. #2, that it remained unread until it got to you. This is why I propose that SMTP and IMAP mail servers all include a PKI server.

Here's how it works.

Example Smith (esmith@local.com) wants to send a message to Instance Jones (ijones@foreign.com). Example types up an email and sends it to his mailserver over an https connection, because he knows that he has to be careful about these things.

On a current smtp server, what happens now is that the mail is decrypted at smtp.local.com, and sent to the Instance's mailserver (mail.foreign.com) in plaintext, where Instance is free to access it through her client however or whenever she chooses.

Here's what should happen.

Example Smith sends the message via an encrypted connection to smtp.local.com.

smtp.local.com sends a message to mail.foreign.com asking for the public key of ijones@foreign.com. smtp.local.com then encrypts its message with Instance's public key, and signs it with its own private key for esmith@local.com.

When it gets to the other end, mail.foreign.com is able to decrypt the message using Instance's private key.

When Instance downloads the message (over https of course!) from her mailserver, she can now feel safe that Example's message was kept free from prying eyes during transmission. Her mail server can also decrypt the signature and read it using Example's public key by fetching it using the email in the "from:" email address. If mail.local.com sends back a key that successfully decrypts the signature, then she knows that Example's mail server certifies that the message was sent from Example's email account, through Example's outgoing SMTP server.

This would mean that nobody could send messages on some fake mailserver with the From: address of "someone@pigsflew.com"--because your email reader would be able to contact pigsflew.com on its mail port, find out that it signs its messages, and that it cannot verify that particular email's signature (if it even has one). And it means that the message is almost guaranteed to be safe from prying eyes, at least until it has been received by the receiving mailserver. And it has the added plus of being effectively transparent to the end users--they still send and receive messages on the web or through their email clients in exactly the same way.

Basically, if this feature was implemented, it would take only until Gmail, MSN, and Yahoo started using it, and then a good chunk of email would be safer, and the rest could be flagged as being unverifiable, unprotected, or both. If you had an email client supporting the extensions, you could set your send messages to require or prefer protection, in the preferential case having your SMTP server warn the client that the email will be unencrypted for transit if the recieving mail server doesn't support it. Assuming that you trust your mailserver administrator, the server administrator for the person you're sending the message to, the company that runs their e-mail, and the receiver him- or herself to treat your information with care, you could now effectively rest easy, although Social Security numbers and the like would still give me pause.

The major advantage is that you'd be able to make a more informed decision about whether you trust the information to this medium--since no hands should be able to touch the information.

It'd also be cool if your entire mailbox on your mailserver was encrypted with the user public key and the user's password, decrypted at user access time with their password and that user's private key. Then it'd be safe sitting at endpoints too.

We already have this idea of "classes", thanks to CSS and how it interacts with HTML. Future specs of javascript (and many current js libraries) already include a getElementsByClass function that work with this as well as the getElementsById that already exists.

So we're already to an extent treating these elements as "instances" (with a unique ID in the DOM) of one or more "Classes". So why doesn't the Javascript conform to this?

What I'd love to see is for something like this:

HTML:

<div id="article-1" class="article">
<h3>Article Header</h3>
<p>Paragraph 1</p>
<p>Paragraph 2</p>
</div>
<div id="article-2" class="article">
<h3>Article Header</h3>
<p>Paragraph 1</p>
<p>Paragraph 2</p>
</div>

Nothing new there.

new CSS:

.article {
  h2 {
    padding-bottom:10px;
    border-bottom: 1px solid black;
  }
  p {
    padding: 5px;
  }
}

See what I did there? It's actually not that far a stretch. Typically this would be done by using ".article h2" and ".article p". This format mostly just allows for greater clarity in the CSS--at a glance--for what your style really expects elements to look like. Let's face it, styling has a dependancy on content--you can't theme a webpage unless you have some vague idea of what's going to be represented.

The next part is where I get serious:

Javascript:

class article {
  var header = this.getElementsByTagName("h3")[0]; // We expect only one of these
  var paragraphs = this.getElementsByTagName("p");
  var hidden = false;

  function onContentReady() {
    this.header.addlistener('onClick',this.hideShowContent);
  }
  function hideShowContent() {
    for ( var i in paragraphs)
    {
      if (this.hidden) { paragraphs[i].style.display = ''; }
      else { paragraphs[i].style.display = 'none'; }
    }
    this.hidden=!this.hidden;
  }
}

You get the idea, I think. Your non-class CSS defines what to do with elements occurring outside of classes, and gives styles that will cascade into classes unless overridden. Your non-class Javascript would include basic functionality used in many classes, and some of your classes might even require helper javascript classes that would be pulled in at need, and only once. (say, a date picker class that is required by several parent classes).

You could even separate your class-based js and css out, storing them locally, and providing "glue" in your base-level javascript, so that whenever the browser loaded a class it had not already seen in the DOM, it would look at that glue, and go and fetch the necessary JS and CSS if necessary.

This means that unless there's an Article on the page, you'd never load the Article css and javascript. The javascript and CSS would never be loaded more than once.

Clearly, my example is not incredibly good--the idea could probably use a lot more work, but what strikes me as funny is that when I look at it this way, it seems like it's almost meant to be. Javascript/ECMAScript is constantly improving and is at this point a full-fledged programming language in its own right, albeit one without a canonical interpreter. HTML and CSS specs are constantly improving as well, but there is a divide sharply between the two. I wonder if perhaps Javascript not being under the purview of the W3C has something to do with how separate it is from the HTML/CSS setup, and why they don't seem to be converging, aware of each other, toward something cleaner.

As I was stumbling through the internet a moment ago I came across an interesting photo of an underwater restaurant that is enclosed entirely in glass such that the diners have a constantly changing view of underwater life while they eat. Looked really cool. There was the obligatory comment as the third or so on the page:

"Definitely photoshopped. I can tell by the pixels, and I've seen a lot of 'shops in my time."

Given the fact that goons are known for stockpiling clubs and hunting dead horses for years at a time, the comment should come as no surprise to anyone. But I just thought of something, three little letters that are like gold to any business: "EAV".

EAV stands for Equivalent Ad Value. When companies get positive face time on large networks such as a news network or paper or a highly trafficked website, they are essentially getting ad space for free. And it's extremely valuable ad space, because it is placed in content spaces where people are actually looking to read the content. Here's an example: My company, TripAdvisor, got mentioned a couple months back in the show "The Office". If anyone remembers, it's the episode where Dwight Schrute opens an Agrotourism Bed and Breakfast at Schrute Farms. Its page is still at tripadvisor, and the clip is up at both tripadvisor and youtube. The mention cost us very little, but the value of it is exceptionally high, since it is in front of millions of people across the US who watch the show.

for an even better, slightly less biased example, Research In Motion says it estimates that it had millions of dollars of EAV from the whole "Barackberry" debacle, and I'd believe it. Think of him what you will, there is no denying our President's intelligence and simultaneous stardom, and if he uses a RiM smartphone, then hell, shouldn't I look into it. They paid nothing for that plug, and they didn't even expect or look for it. The fact that Obama didn't actually use a blackberry doesn't matter at all.

So now we go back to this meme: it seems there are like 20 goons or farkers or the like who spend hours a day going across thousands of websites and delivering equivalent ad value to Adobe with this tired joke, and you know what? They hit all the highest trafficked images first. I'll bet it's worth tons.

I said, "I really can't give out that information, but you can send a message to their email address--they're extremely quick at getting back to people." I gave her the aforementioned address.

She responded callously: "Well, I spoke to"--and proceeded to name mispronunciations of several of my more senior coworkers--" and Raja, who I actually met in person recently"--here she probably meant a coworker of mine named Raju--" so my contacts are all in engineering, but can you cut me a break here and direct me to someone in IT?"

When I again declined to give her any specific information of my coworkers, she asked, "Your office is--the Boston office, you're in, what, Needham, right?"

And here I had the overwhelming temptation to say something I did not say, but am convinced would have been the right thing:

"Ma'am, I'm sorry, I have to stop you right there. You're not very good at this--I know, I know, cold calling is hard--but it sounds like you just incorrectly read off everyone listed on my LinkedIn profile. You should take a little time to try to pronounce names--like Raju. That's an Indian name, and means something completely different from the word 'Raja', which means 'King', and was incedentally the name of the tiger from Disney's Alladin. You should also sound confident in more details, like the name of my company, the location of my office, et cetera. I'm not going to ask you who you're calling for; I can't do anything for you anyway, but you should convince yourself before you call that my company needs what you're selling. Give it another try with someone else on LinkedIn, I'm sure you'll do great. Have a nice day, ma'am."

Instead I was more direct, and simply told her I couldn't give out any information further than the address I'd already given her.

One day I am going to be an old man who shouts inanities at telemarketers.

I look forward to that day with great relish.

def url_get_field ( url, field )
  m=/.*[&?]#{field}=(.+?)(&.*)/.match(url)
  n=/.*[&?]#{field}=(.+)/.match(url)
  if !m.nil?
    return m[1]
  elsif !n.nil?
    return n[1]
  else
    return ""
  end
end

def url_set_field ( url, field, value )
  m=/(.*[&?]#{field}=)(.+?)(&.*)/.match(url)
  n=/(.*[&?]#{field}=)(.+)/.match(url)
  if !m.nil?
    url = m[1] + value + m[3]
  elsif !n.nil?
    url = n[1] + value
  else
    unless /.+[?&].+?=.+/.match(url).nil?
      url = url + '&'
    else
      url = url + '?'
    end
    url = url + field + "=" + value
  end
  url
end

def url_remove_field ( url, field )
  m=/(.*)([&?])(#{field}=(.+?))(&(.*))/.match(url)
  n=/(.*)([&?])(#{field}=(.+))/.match(url)
  unless m.nil?
    url = m[1] + m[2] + m[6]
  else
    url = n[1] unless n.nil?
  end
  url
end

Now it's easy enough to do! check this out:

irb(main):160:0> url = 'http://pigsflew.com'
=> "http://pigsflew.com"
irb(main):161:0> url = url_set_field( url, 'test', 'omg' )
=> "http://pigsflew.com?test=omg"
irb(main):162:0> url = url_set_field( url, 'archives', '526')
=> "http://pigsflew.com?test=omg&archives=526"
irb(main):163:0> url_get_field( url, 'test' )
=> "omg"
irb(main):164:0> url_remove_field( url, 'test' )
=> "http://pigsflew.com?archives=526"
irb(main):165:0>

The problem of oil is multifaceted. As of right now, it is the most reliable, portable, and easily producible energy source on earth. The issue is that it isn't ours. Sure, we have some oil of our own, and we can increase drilling to use it, but then we're just competitors in a giant game of oil, and make no mistake, we will lose that game.

Going back, the United States has been very lucky. In World War II when supremacy had to be measured by firepower, we were on top because we could produce better firepower faster and in more quantity than anyone else--and our firepower that was just waiting to be used was considerably more than most of the other players in the war could even build. And we produced the Atomic Bomb, which demonstrated our prowess.

In the Cold War, when supremacy was measured by information and scientific prowess, we created satellites that mapped out every square inch of any place we thought might create a problem for us. Our central intelligence agency had files that grew quicker than the KGB could ever know. And we put a man on the moon to show that nobody could beat the scientific pace of this country.

The next moon landing, the next atomic bomb, my friends, is energy independence. We can't do this by using our own oil, because while we can sell weapons and space technology to our friends and use those infrastructures to keep ourselves on top, we can't use oil to that end. What we need is our own power source, one pioneered by and held by the United States. One that not only solves our problems, but we can sell it to our friends, and keep from our enemies, one that produces more income for our country, and reduces the GDP of our enemies who would otherwise compete, and pose a threat to our supremacy.

We need a scientific miracle. And the only way to get scientific miracles is to do what we did with the lunar landing: Contract it out.

What we should do is offer a multi-billion dollar semi-exclusive contract to the first United-States company that develops a decent working alternative to Oil for portable and potent energy generation and storage, and agrees to deploy it in ten major cities across the country. When those cities' demand for oil drops dramatically without significant cost increase to the average citizen, other countries around the world will look covetously at us for our ability to create what we need within our own borders.

What I mean by multi-billion dollar semi-exclusive contract: we are offering a competing company a fixed amount to offset their research and development for such an energy source, plus the energy demands of the United States for a set period of time exclusively to one company. We won't let you gouge us, we'll have to oversee your pricing models once your done, but you'll be allowed to be a five year monopoly on the energy business. The one provision is that you will not be allowed to sell the technology outside of the United States, though you are free to market energy produced by said technology. Any intellectual property you produce will be jointly controlled by your company and the US Military, and should be considered top secret except for your company's production and domestic distribution needs.

We need to stay on top. If we don't do this then in twenty years or so, it might be India or China in the world's center seat, and we will optimistically end up where Russia is now.

Now is where I get political: The policies of Senator McCain and Governor Palin are not terrible policies for the best of times. Work at defenses, decrease the budget, support the industry--fine. However these are not the best of times. Obama and Biden have policies that will cost money. They will in some ways be unpopular, and some things won't even go through the Legislature. But it is imperative that they take the white house, because theirs is the path that (at least) will not take us away from US Supremacy. McCain will focus on the defense system--which was important in World War II, but is no longer meaningful in a world where there are at least 5 countries (the permanent members of the security council) that are known to have the capability of leveling entire countries without incredible difficulty. We are also pretty damned certain that there are others with that capacity too. Let's face it, anyone who attempts to challenge the United States to a fair fight is completely stupid. So they won't fight fair.

They'll buy us. With oil.

I read in the paper the other day, yet another voter remarking their impression that "A vote for Hillary is just another vote for Bill, and he's had his chance." This common logic must be absolutely infuriating for you. Over the years you have shown yourself an incredibly intelligent, accomplished, and affluent woman in your own right, and just a quick glance at your Wikipedia entry (a dubious source perhaps, but the citations on that article are too many to re-list here), shows a list of feats so incredible that I am ashamed for those that would only recognize the feats of your husband.

According to the article, you had repeatedly denied Bill your hand in marriage before eventually consenting. When you did eventually marry, it states that you "still harbored doubts about marriage, concerned that [your] separate identity would be lost and that [your] accomplishments would be viewed in the light of someone else's." (Wikipedia.org)

While I do not claim to have done the due dilligence of checking the article's sources, nor have I read your book, I now wish that I had, and will go purchase a copy of "Living History" immediately. If, however, the words in this article are true, then it must absolutely sting to know that your fears have come to light for many Americans, and only because you selflessly helped to campaign for your husband when you were still an active and well respected lawyer.

Madame Senator, you have more than earned the respect of myself, and of the nation, and I wish you only the best luck as you continue your campaign for the Presidency.

Thank you,

Adrian Sud

Television Viewers.

Now in reality, I watch exactly two television shows that have not been cancelled, and two television shows besides. The two that aren't over yet are Heroes (NBC) and Battlestar: Galactica (Sci-Fi). The two that are were Firefly (FOX) and Studio 60 on the Sunset Strip (NBC). Given this fact I really don't consider myself a television viewer.

Therefore, let me explain why I'm mad at you people:

It's because of Studio 60. Aaron Sorkin's amazing talent for blindingly crisp dialog aside, this was an amazing show with a fantastic cast, and a solid concept. I could get mad that the show was taken off the air, but it was taken off the air when it just... failed to draw audiences.

Now, Firefly failed to draw audiences, but to be frank, it was never given an honest shot, what with multiple changes in its time slot, last minute reordering of episodes, and frankly poor advertising.

Studio 60 was given more than an honest shot.

Actually, it was given the slot before prime time, right there with Heroes, a dumb but extremely entertaining show I expect to stay on the air for quite a while. Studio 60 had a decent opening audience which faltered immediately, and continued to flounder, even when NBC tried to get people back into the show by having Masi Oka (plays Hiro on Heroes) make a cameo. It sputtered and they pulled it.

The problem was the show was smart. It was based on the premise that the fictional broadcasting company NBS was banking on American audiences not being "too dumb" for good television. The real thing was that NBC itself was banking on the same proposition, and we as audiences let them down. We showed them that we are indeed too dumb for good television.

So there you are, everyone who tuned in at 10 to watch that first season of Heroes but missed the good stuff that was on at 9pm, I'm mad at you tonight.

(oh, I'm extremely glad I own the Studio 60 on the Sunset Strip Complete Series.)

They wrote that these machines are supposed to select and aim at a target, and "[wait] only for a human to pull the trigger." Except that sometimes, "these machines start firing mysteriously on their own."

They call it a software glitch. A malfunction. The problem I have with these terms is that, similar to the term "accident" in a traffic collision, they tend to imply no one is to blame.

I submit that somewhere, some programmer is to blame. If you write code, no matter how trivial, your job is to ensure the efficiency, consistency, and most of all the accuracy of your code. To fail in this regard can be tantamount to negligent homicide.

Coding errors can cause great cost; in the simplest of projects, this cost may only be in time, but soon that cost becomes money. In greater projects, it might be personal possessions, or public relations, or in still greater projects, lives.

This is not the first time something like this has happened. I am reminded of the infamous Therac-25, which between 1985 and 1987 was involved in at least five deaths due to poor interface design and failure to sanitize inputs. The Northeast Blackout of 2003, caused by a race condition in power monitoring software. The MIM-104 Patriot whose failure resulted in the deaths of 28 soldiers in Saudi Arabia in 1991 due to an error in time synchronization.

These are our responsibilities, laid upon us by virtue of our interest in the technologies which run our world today and those that will tomorrow: To provide value through technology by relieving stresses in tasks, or by relieving those tasks altogether, and to protect ourselves and our fellow man from those very technologies we create, and to the best of our abilities, from himself.

~Pigsflew