Möbius strip area
Jonathan Walther wrote to ask me an interesting question about the area of a Möbius strip.
I've been having a debate with a friend about how to calculate the area of a moebius strip, where the moebius strip is constructed by taking a 1" by 10" area, twisting it, and joining the ends.I have been maintaining that the area remains the same; that is, 10 square inches. My friend insists it is 20 square inches.
After discussion with my friend it became apparent that our different calculations came from our having different concepts of "area". He used a strip of paper to "illustrate" the moebius strip, and I feel this gave him erroneous intuition in this case.
My observation was that if you did make the strip from paper, you would need 20 sq. in. of paint in order to paint the whole thing. If you used 10 sq. in. of paint, you would have 10 sq. in. of surface unpainted.
However, Jonathan argues that this is a misinterpretation if the Möbius strip is seen as having zero thickness, because then points on one "side" are actually identical with the corresponding points on the "other side". He suggests that, on a zero-thickness strip, you can go only 10" before you return to your starting point. (On a strip made of paper with non-zero thickness, you must go 20" before returning to your starting point.)
Does anybody have a view to clarify this? It does just seem like a question of how to define surface area, but maybe there is a particular definition of "surface area" or "Möbius strip" which is somehow preferable.
(Normally you deal with areas in a plane, and the definition is easier. Is there something handy from multivariate calculus here?)
Microsoft meeting
Five people came from Microsoft to meet with us on Tuesday about Palladium. It was very interesting.
"Sealed storage" is a very technically clever idea. Some of the subtleties hit me only after the meeting. Basically, you have a hardware co-processor within a machine which contains some unique secret symmetric key (not known to anybody other than the co-processor). Call this s. Also assume that the co-processor is also to take a hash h of whatever kernel k is running on the ordinary CPU. (In Palladium this is actually something called a "nub" -- in their marketing materials a "Trusted Operating Root" or "TOR" -- but we can pretend it's the OS kernel instead.)
The co-processor provides two functions, c=SEAL(p) and p=UNSEAL(c). Within the co-processor, SEAL is implemented approximately as aes_encrypt(s+h, p), and UNSEAL approximately as aes_decrypt(s+h, p). (I am simplifying and eliding many details; the real implementation is more complex and provides several additional features.)
The interesting consequence of this is that any program running on the system can call into the coprocessor and ask the coprocessor to encrypt or decrypt arbitrary data. (Actually, usually just a symmetric key for data, not the data itself, but we'll pretend it's the data.) The coprocessor by its very nature can successfully decrypt whatever it has previously encrypted, but only if the encryption was performed on the same machine while the same kernel k was running! If the decryption is attempted on a different PC (which has a different secret key h), or even on the same PC while running a different or modified operating system, the decryption routine will fail to decrypt the data. Thus, a program is able to say "encrypt this so that it can only be decrypted by a process running on the current machine under the currently-running operating system kernel". And the program can have confidence that the encryption occurs in an unobservable way and that the resulting encrypted data can be safely stored in an untrusted medium, because it will never be possible to decrypt it except upon request of software running in an identical environment.
I feel that I'm not quite doing justice to this clever technique, partly because I'm omitting some details, and partly because I haven't actually described the rest of the environment (how the coprocessor fits into the rest of the system, how and when the hash of the kernel is taken, how the coprocessor knows that the hash of the kernel is accurate, etc.).
But one interesting consequence of this idea is that you can actually have software which can be open source and runs on an ordinary PC and yet can store information locally on a hard drive in a way that the PC's owner (or somebody who steals the hard drive) can't use or transfer the information except according to a policy specified within the software. This can be the case even though the owner of the PC is able to examine and modify the software, and even to reboot the machine in single-user mode, and run debuggers and emulators and so on. There is no security-through-obscurity necessary, although there are still certain physical security assumptions involved (the user can't arbitrarily read or modify the contents of the coprocessor or certain other parts of the PC's hardware).
Think about this: if you move the file (and, if you like, the entire software operating environment!) to another PC, the application can no longer decrypt the file. If you modify the operating system (which you are able to do), the application can longer decrypt the file. If you run a different operating system (which you are able to do), the application can no longer decrypt the file. If you modify the application (which you are able to do), the application can no longer decrypt the file. This is a technically impressive capability! After the meeting, I kept realizing more and more interesting features of this design.
Sealed storage is one part of Palladium, although not the whole thing. It is one of the pieces which provide what we referred to as "epistemology" for software running on a trusted system. How can the software tell that it isn't running in a virtual machine, an emulator, a debugger, a system call tracer, a deceptive system-call tracer, a virtualized OS kernel, etc.? It's been suggested that it's a good thing when software can't tell, because end-users thereby acquire more control, or reverse-engineering for interoperability and competition is possible, or we can preserve computing history, or preserve human culture. If software can tell, maybe we can't do these things, because someone can try to make the software enforce a policy against running under emulation.
Descartes was one of the early epistemologists to worry about whether his sensory experience (what software calls input and output) is real or merely emulated, although that concern goes back to the very beginnings of philosophy and speculative thought.
Plato's cave is one more ancient instance of this anxiety -- and in some sense so is Chuang Tzu's "butterfly dream". Plato and Descartes, wholly unlike Chuang Tzu, specifically imagine a conspiracy on the part of a malignant intelligence. Shall we say that Western philosophy is more paranoid than Eastern, that the Western philosopher is always prepared to believe in the Adversary? In Chuang Tzu, the deception is simply a result of a dream, and no moral evil or ill will. But in Plato the victims of the deception are actually "en tautêi ek paidôn ontas en desmois kai ta skelê kai tous auchenas". Ouch! (Who would be so cruel as to chain people in a cave beneath the earth and shackle them since childhood, "ek paidôn"?) In Descartes we start off with ordinary and harmless dreams:
Praeclare sane, tanquam non sim homo qui soleam noctu dormire, & eadem omnia in somnis pati, vel etiam interdum minus verisimilia, quam quae isti vigilantes. Quam frequenter vero usitata ista, me hic esse, toga vestiri, foco assidere, quis nocturna persuadet, cum tamen positis vestibus iaceo inter strata!Age ergo somniemus, nec particularia ista vera sint, nos oculos aperire, caput movere, manus extendere, nec forte etiam nos habere tales manus, nec tales totum corpus [...]
But eventually, just a few paragraphs later, we come to possess an infinitely powerful and intelligent adversary whose only goal in life is to deceive us in the service of some terrible evil:
genium aliquem malignum, eundemque summe potentem & callidum, omnem suam industriam in eo posuisse, ut me falleret
(!)
If you walked into a psychiatrist's office talking about the genius malignus, summe potens et callidus, qui posuit omnem suam industriam in eo, ut me falleret, wouldn't you be diagnosed with paranoid schizophrenia, at least as long as your psychiatrist understood Latin?
But it's a reasonable fear for an epistemologist, or for a computer program. In the computer security world, there is an Adversary, there is a Devil, summe potens et callidus...
Cory suggested that trusted computing initiatives (and their technical features like sealed storage) occupy in security software's epistemology the same position God and God's perfection occupied in Descartes's epistemology.
Ut autem etiam illa tollatur, quamprimum occurret occasio, examinare debeo an sit Deus, &, si sit, an possit esse deceptor; hac enim re ignorata, non videor de ulla alia plane certus esse unquam posse.
(But so that that this [problem] might also be removed, I should, as soon as possible, examine whether there be a God, and, if there be, whether he might be a deceiver; for, being ignorant of this thing, I cannot appear to be able ever to be entirely certain about anything else.)
It doesn't take Descartes very long:
In primis enim agnosco fieri non posse ut ille me unquam fallat; in omni enim fallacia vel deceptione aliquid imperfectionis reperitur [...] nec proinde in Deum cadit.
(For in the beginning I perceive that it is impossible that he should ever deceive me; for in every deceit or deception there appears some sort of imperfection [...] and [this] does not thereby fall to God.)
Cory says God's part here in the software's epistemology is things like sealed storage, and the counterpart of God's perfection is Microsoft's trustworthiness.
It was nice of the Microsoft folks to come down and talk with us; I really enjoyed it, and I learned a lot about Palladium, not that I have a clear assessment of whether Palladium is good or bad. We met with them for about four hours, and I spent much of the rest of the day digesting and talking to other people about those four hours. And certainly there's a lot of sophistication there.
Eicha
Herein a clear free
speech question: would courts see fit
to muzzle me, then?
Foot
My foot continues to feel better. I think it's going to be back to normal soon; today I was able to walk on it. I tried to scan the x-rays with a regular scanner, but it didn't come out well. (I would have posted a picture of the bones in my foot here if I'd been able to.)
It's amazing how great things feel when you regain them again after a long absence. Eating after fasting (or being unable to eat), eating bread after observing Passover, recovering from an illness -- everything is sweeter and more beautiful by contrast with its absence, and everything can be taken away, even things we couldn't imagine we could ever lose. "E quindi uscimmo a riveder le stelle."
Janis Ian
Janis Ian -- the musician -- says the RIAA is wrong about copyright and the Internet, and makes a fairly detailed argument. That's fun. I like her music, too!
Susan B. Anthony dollars
Did anybody else notice they'd been reissued? I found some from 1999 in my change at the post office. I thought they were minted in 1979 and that was it forever.
Balloons
Congratulations to Steve Fossett on finishing his balloon flight around the world! It seems that another balloonist made an interesting ascent here in San Francisco yesterday.
Leonard
Leonard: I didn't know you'd want to part with your slide rule!
My foot was run over roughly the same way your foot was run over. The car which ran it over was stopped and it started, rolled over my foot, and then stopped again.
Reading
I finished The Holy Sinner by Thomas Mann (which I originally bought because of the Salter cover, judging a book purely) by its cover. The divine mercy recounted there is wrenching.
Bruce Sterling
Here's a good one: how the hell do you write a thriller novel in a world that has cellphones? I happen to be writing a thriller novel right now: in fact, I'm here researching it, not that you'd ever guess. I'm not really here to pontificate at you. I'm here to soak up your grand ideas for use in fiction, because I need them even worse than you do.It's amazing how little technical room is left for the customary cliches of a thriller novel, in this, our modern, digitized, networked society. No more car chases -- because I just use my cellphone and I call the cops in the next town. No more gunfights in deserted warehouses -- I just use my cellphone and I call the cops. No more trailing the spy to his sinister lair -- I just use my cellphone and I call up the cop's video monitors.
I was thinking about this after reading The Holy Sinner. Much of the romance in writing set in earlier times comes from the incredibly long journeys. One character goes on a pilgrimage. Others go on quests. Typically, journeys take weeks and months.
Who nowadays in the industrialized world would take longer than a weekend to get somewhere? My longest-ever trip was across the continent by train: three nights and four days. Ordinarily, it takes just a few hours. The folks who came to visit from Redmond yesterday were no doubt back home in time for dinner.
Even using an automobile and stopping to sleep, you can cross this continent in a week.
The only exception to the rapid-travel rule I can think of is Wolfgang's walking trip. She walked to Oregon, and it took an amount of time she could notice, and it was romantic or educational or at least experiential as something she noticed and lived and something which happened to her. But walking to Oregon in a novel doesn't make sense for most of the population. (Sure, not everybody has enough money to afford plane tickets. But most people who can't afford plane tickets also don't have months of spare time to walk to other states.)
The smaller world and the transportation-as-product industries do eradicate entire plot elements connected with travel. You don't have to find a good horse and a good map because there is a company whose business model is getting you from one airport to another for $200 with no intervention (but some identification) on your part.
Travel is more anonymous in older stories because things are more decentralized. When a person comes from another country, you don't know anything about that person. (You don't have state-issued ID, and you don't have credit bureaus, and you don't Google.) In The Holy Sinner, Gregorius shows up and says he's a knight, and other people ask him to prove he's a knight, so he proves he's a knight by riding a horse and by fighting. He doesn't have a "knight certificate", and he doesn't have any personal or professional connections. (OK, he turns out to be the illegitimate child of the ruler of that country, but nobody knows that for several chapters more...)
Today, it's difficult to get from one place to another without revealing (even possibly proving) your identity. Amitai Etzioni thinks this is good.
But the Sterling-relevant thing here is not whether it's good or bad but whether it affects writing literature, and I guess it does, because travel and communications just don't seem to work the way they used to, and that interfere with standard devices of mystery and suspense.
Bruce Sterling also said something particularly funny in that speech:
Ladies and gentlemen, yes, I know that THE MATRIX is a sci-fi movie. In my game, you get the good stuff where you find it, okay? I don't have to name-check sci-fi movies up here. I could have stolen you something nice and exciting from the many bright and accomplished people at Microsoft Research and Development. I pay attention to them, too. I know they're into stuff like a Sensory Pocket PC that that detects touch, tilt and motion; and Chinese text-to-speech software that probably detects Chinese piracy in real-time. So I tried that. I Googled it. I surfed over to the Microsoft Research "Archived Headlines", but since they are a modern computer company instead of a big-budget science fiction movie, this is what I got off their web page:
[Microsoft][SQL Server Driver] Invalid object name 'features'. Drivers error '80040e37'
BPDG
I decided to rebut the MPAA FAQ on the Broadcast Flag. What's more, I decided to do it in relatively simple and non-technical languge. See how you think I did.