Fictitious Charges Don’t Cause Torque: Mansuripur’s Paradox

There’s been some talk lately about Mansuripur’s Paradox, e.g., see Slashdot.

For those not interested in the fine detail, there’s a very simple explanation as to why there isn’t any real paradox involved.  I’m not sure whether the debate is significant for electrical engineers; it may well be true, as Mansuripur suggests, that the Einstein-Laub equations are more appropriate than the Lorentz law for the purposes of electrical engineering.  (I have no opinion on that question.)  What should be pointed out, though, is that from a fundamental physics point of view there’s really nothing at all to see here.  (I believe that Mansuripur understands this [1], but I’m not at all sure that the journalists do!)

Let’s start with a quote from one of the articles (it looks like the paper is a bit more subtle, but the upshot is might be [2] the same): “Now imagine how things look from a “moving frame of reference” in which the charge and magnet both glide by at a steady speed. Thanks to the weird effects of relativity, the magnet appears to have more positive charge on one side and more negative charge on the other.”

Now, it’s true that there’s an electric field, and for some purposes it may be convenient to imagine that this is due to charges on either side of the magnet. But these charges are fictitious. They aren’t really there, as can be easily shown by observing that charge is a scalar, and hence the charge distribution in the magnet cannot be dependent on the frame of reference. Since they aren’t there, it’s hardly surprising that the external electric field doesn’t apply a force to them.

So, basically, a fiction that happens to be convenient in electric engineering is incompatible with relativity; or, if you prefer, in order to make fictitious charges compatible with relativity you also have to either have fictitious angular momentum, or modify the Lorentz force law.  As far as fundamental physics is concerned, this is not a paradox.

Update:

[1] I may be wrong about this; see comments to my question on Stack Exchange.

[2] The comments and linked question also suggest that I might have misunderstood the source of the supposed torque in the original paper.  There’s still nothing indicating any evidence of a real paradox.  I’ll update again if I learn anything new.

Is POLi safe?

Short answer: No.

Long answer: Hell, no.

BNZ (link here) and ASB (link here) have both recently reported that POLi have been spoofing their respective internet banking sites in order to process payments, meaning that banking passwords, any other applicable authentication information, and private banking information have been passing through POLi’s servers when POLi is used.

The banks have warned customers not to use POLi, although BNZ seems to be sending some mixed messages.

Looking at POLi’s terms and conditions there are some major warning signs.  The disclaimer of liability is probably unavoidable (though still not acceptable IMO; see below) but terms like “You will not monitor or alter the execution of POLi™ using tools external to POLi™” are neither.  They want us to trust that their software is safe to use, but they don’t want anyone to check on what it’s actually doing?  Yeah, right.

The POLi client is basically, from what I can gather, a special-purpose web browser.  While that limits exposure to security bugs, it doesn’t eliminate it, so it is also worrying that I can’t find any security bug reports either on major third party sites such as Secunia or on POLi’s own web site.  There should be at least the occasional report that “someone found a bug and we’ve fixed it” and the absence of these suggests that it really hasn’t had enough attention from the white hats.  The alternative is that POLi have figured out a way to write software without bugs; that’s basically the Holy Grail of modern computing, and if they had the secret of perfect software they’d all be fabulously wealthy and retired on private Hawaiian islands by now!

The real killer, though, is POLi’s own response to these claims (PDF).  Most importantly, the part where they deny that “POLi is spoofing/mirroring the ASB website” and claim that, instead, “POLi is providing a pass through service whereby the bank sites are accessed via our secure servers.”

Uh, hello?  Those two sentences mean the exact same thing.

POLi say they aren’t capturing customer’s authentication or other private information.  Well, good for them.  But they could.  Their software allows them to do it.  (It pretty much has to; otherwise there would be no way for the merchant to know they had been paid.)  That means it also allows anyone who manages to hack into their servers to do it.  This article on ZDNet lists some of the companies whose secure systems were breached this year: Symantec, Amazon.com-owned Zappos, Stratfor, Global Payments, LinkedIn, Yahoo – even the Chinese Government, for heaven’s sake.  Are POLi really so arrogant in the light of all this that they think their security is impenetrable?

Well, of course, they probably don’t think that.  They just want us to.

They also offer to let the banks audit the software.  Kind of pointless, really; since the software allows POLi’s servers to spoof the banking sites (oh, sorry, “provide a pass through service”) it has failed any credible audit in advance.  Any audit of the servers themselves would be good only on the day it was performed, at best.

I’m also amused by POLi’s claim on their web site (link here) that “Your confidential information is not disclosed to any third party, including us!” which I can only assume is based on a creative definition of the word “us” which excludes their servers.  True enough, the information probably doesn’t leave their secure servers and is probably deleted as soon as the transaction is complete, but that doesn’t mean that it isn’t being “disclosed” to “us” – not by any reasonable definition of those two words, at any rate.

They also say that “POLi checks the bank website’s SSL certificate and thumbprints to always ensure you are talking directly to your bank.”  So which is it, exactly?  Directly to your bank like the FAQ says or via a pass-through service like the announcement says?  These are mutually exclusive possibilities, so it has to be one or the other, and either way I’m not exactly filled with confidence.

Besides, in practical terms it doesn’t matter how good POLi’s security is.  Yours isn’t [1] because today’s consumer operating systems are still based on old designs which did not have security in mind.  If your computer becomes infected a hacker could easily modify the POLi client to behave maliciously.

Of course, said hacker could also modify your web browser to behave maliciously.  The difference is that if that happens, BNZ, at least, will cover your losses.  It isn’t clear that they will if POLi is involved, and POLi definitely won’t.

Until and unless your bank makes a public statement that they will cover POLi-related losses, don’t use it.  Just don’t.  Uninstall the client if you have it installed.  Ask your merchant to provide an alternative, or, if applicable, choose a different merchant. For example, both Ascent and Mighty Ape NZ [2] accept internet banking payments without needing any special client software, although granted you then have to wait for the payment to go through before they will ship the goods.

A small price to pay, I think.

Harry.

[1] To minimize your risks, make sure you use a standard user account (not an admin account) for your everyday activities, and use a different standard user account for your internet banking (and nothing else).  Better still, get a live DVD (a DVD which you can boot to, containing a simple operating system) and use that for internet banking.  This doesn’t change anything I’ve written here.  Both of these approaches are much better than nothing, but neither is foolproof.

[2] I have no association with either company except as a satisfied customer.

Stallman on Jobs

I’ve just read this article about a blog entry Richard Stallman recently posted on the subject of Steve Jobs’ sad death.  Leaving aside Mr. Stallman’s social gaffe, I just have one thing to add, on the subject of Mr. Jobs’ so-called “malign influence” on computing:

Pot.  Kettle.  Black.

United Airlines replaces flight manuals with iPads

See this article from the New Zealand Herald.

(Original picture courtesy Evan-Amos, Wikimedia Commons.)

Freedom Software

OK, now that I’ve outed myself as anti-GPL, I guess I may as well go ahead and publish my rant on the phrase “free software”. I guess I’ve got no more credibility to lose as far as the FSF goes anyway.

The phrase “free software” has exactly one correct grammatical meaning, and guess what, it isn’t the one the Free Software Foundation keeps on pushing.

Software can of course be free as in “costing nothing”.  [All definitions are from NZ Pocket OED, 1988.]

Can it be free as in “power of acting without constraint of necessity or fate”?  No.  [1]

Can it be free as in “not a slave”?  Well, only in the trivial sense [1] that no software is a slave, since the word only applies to people.

Can it be free as in “not under the control of another [other than the software itself]“?  Again, no. [1]

Well, I don’t want to go through the entire list of definitions (it takes up an entire column) but you get the idea.  Some of the definitions can be applied to software, such as “available to all” but they don’t match the meaning of “free software” as defined by the FSF either.

And of course using the phrase “free software” with the FSF’s meaning causes endless confusion with the (more correct) meaning of the word “free”.

So, what should we call GPL and other similarly licensed software?  My vote (so to speak) is for “freedom software”.  This isn’t exactly euphonious, but at least it isn’t confusing and it means what it says – software that supports freedom.  (Even if it seems to me to be an odd kind of freedom for people to worry about.)

The upshot is that I’ve decided to start using “freedom software” instead of “free software”.  I’m hoping it won’t be necessary to explain myself too often.  I invite you to join me.

Harry.

[1] Except for an AI, I suppose, but that’s not really the point.

Well And Truly Told Off

See this comment by the moderator and founder of Groklaw.  Ouch.  The original post I was commenting on is here.

I really don’t think I was being silly.  I’m perhaps not incredibly well informed on the subject matter, but well enough (I’d have thought) to have a valid viewpoint.  I certainly wasn’t trolling – I hope those on the other sites/newsgroups I frequent would agree that while I may occasionally be lighthearted, I never argue dishonestly.

My feelings are hurt, to be honest.

I’ve suggested that my comments be removed, so I’m going to put them all here instead.  If anyone can explain to me how I might have presented my opinions less offensively, please feel free to comment.  These are not chronological but in thread order.

GPL Feature Creep

Authored by: Anonymous on Monday, August 15 2011 @ 07:03 PM EDT

FWIW, GPL “feature creep” is a genuine concern for some of us. … first they came for the kernel plugins, and I didn’t speak out because I don’t write kernel plugins. Then they came for the WordPress extensions, and I didn’t speak out because I don’t write WordPress extensions. Then they came for the apps and there was noone left to speak out for me …

Explaining the analogy

Authored by: Anonymous on Tuesday, August 16 2011 @ 09:17 PM EDT

“Surely we all agree an app developer for Linux is _not_ bound to distribute under the GPL” Maybe, but once upon a time is was widely agreed that a kernel plugin developer wasn’t bound to distribute under the GPL either. If the freedom software community has changed their minds about that, what will they change their minds about next year? Another example is the way changes made in GPLv3 impacted TiVo. RMS wasn’t shy about admitting that this was deliberate. TiVo was following the license, but it got screwed over anyway. Personally if I was selling something based on open source software from a third party, I’d feel a lot safer with a BSD license.

Explaining the analogy

Authored by: Anonymous on Tuesday, August 16 2011 @ 09:54 PM EDT

Oh, by the way, I don’t *really* think anyone is ever going to claim that you’re not allowed to run non-GPL-compatible apps on a GPL operating system. I’m just exaggerating for effect. (On the other hand, if RMS could find a way to make that illegal, I’m sure he’d be keen to do so.)

Explaining the analogy

Authored by: Anonymous on Thursday, August 18 2011 @ 08:32 PM EDT

“And if I remember correctly from all the talking at the time, TiVo did something he *thought* the GPL already stopped them doing [...]“ That’s fair enough from the FSF perspective, but from TiVo’s perspective, what they were doing was perfectly reasonable. Then the rules got changed from underneath them. “[...] he’s not willing to compromise with people who start with unreasonable positions [...]“ Ummm … thing is, from my POV, he’s the one taking an unreasonable (and irrational) position. And somehow (again from my POV) “infecting” lots and lots of other programmers with it … perhaps I’m wrong, and they’d have come up with the same idea themselves, but it smells to me of a cult of personality. Anyway, we’re getting off topic. If you want to continue the discussion, feel free to visit my blog post on the same subject.

Tivo problem real, RMS strawman argument not so much

Authored by: Anonymous on Thursday, August 18 2011 @ 08:46 PM EDT

“I appreciate your explanation of the analogy, assuming the same Anonymous is involved on all posts.” Yes, I just haven’t gotten around to creating an account. I can be found here. “However I can’t understand what excuse you feel this gives for gratuitously bashing RMS,” [...] I didn’t think I was. His position seems clear enough: non-open-source software (and also Tivo-ized software) is evil and should be eliminated. If this seems like an exaggeration, I apologise, but that’s my best understanding of his beliefs. “Tivo suffered no retroactive penalty, as you seem to complain.” They’re no longer able to use the latest versions of any software that has migrated to GPLv3, including security updates. The impact of this is mitigated by the fact Linux itself hasn’t done so, although there remains the risk that it might do so in future. IIRC, TiVo was obliged to formally warn investors that GPLv3 presented a risk to their business, although I don’t know whether there was any actual loss to stock value. “You are free to use (or license) BSD software as you wish.” And I would encourage businesses to do so. That’s all I’m saying. “clever minds keeping the letter and not the spirit of the GPL.” The problem is that the “spirit of the GPL” isn’t terribly clear to many of us. I for one wouldn’t have been able to guess in advance that anyone would object to what TiVo was doing.

And that explains alot

Authored by: Anonymous on Tuesday, August 16 2011 @ 09:29 PM EDT

“It is very interesting that some people are so afraid of the GPL, and yet no one is forcing them to use it (or even to use software that is covered by the GPL).” The point is that we have (I think) legitimate concerns. No, we aren’t forced to use it, and my advice is not to do so for anything important. “Frankly, it is none of their business.” If we need to decide whether to use GPL code in a particular context, it is certainly our business to be aware of any issues it might cause. “Ergo, they must simply want to rip off someone else’s code without contributing back.” Personally, I would want people to contribute code for the good of mankind, rather than in order to promote what seems to me a rather odd philosophical viewpoint. Nobody is going to force you to do so, but if you do, please don’t get defensive if some people don’t want to use your code as a result.

Odd philosophical viewpoint…

Authored by: Anonymous on Thursday, August 18 2011 @ 08:49 PM EDT

Not to the best of my knowledge. Have you ever heard of a scientist complaining that a company used the knowledge in a scientific paper to build a product but didn’t distribute a copy of the paper along with the product? (I think I’m missing your point.)

Odd philosophical viewpoint…

Authored by: Anonymous on Thursday, August 18 2011 @ 11:49 PM EDT

Seriously, I don’t see any connection or analogy between the copyleft philosophy and the philosophy of science. I’m not trying to be difficult, I just don’t get it. – Harry

Re: I don’t understand

Authored by: Anonymous on Tuesday, August 16 2011 @ 09:51 PM EDT

“It is very simple to negotiate a GPL license. Read the license, do it like they say, and bingo. You are good to go.” The problem is that what you are or are not allowed to do seems to keep slowly changing over time. TiVo obeyed the license, but they got screwed over anyway by the changes in GPLv3. The folks developing kernel plugins and WordPress extensions didn’t think the GPL would require them to release source, but, well, copyright law is stranger than you might expect, so they got screwed over too. BSD licensing, in contrast, seems to be easily understood and stable. “I think it would be *somewhat* harder if you wanted to use a piece of Microsoft or Oracle or Apple Code.” Sure, but they have a sensible reason to protect their code. The GPL requirements, from my perspective, are just selfishness. (Not my original point, and not worth discussing IMO, but since you mention it.) “All you Anti-GPL shills want is to be able to STEAL the code. Like with BSD.” Others have already pointed out that STEAL is a silly word to use in this context. But, in any case, I’m not suggesting that anyone should use GPL code without following the license. I’m suggesting that (where possible) folk should avoid using GPL code, in favour of BSD or similar licenses. Personally, I would prefer that people used the BSD license instead of GPL when releasing their own code to the public, but nobody is going to force you to do so. It’s your choice. But please don’t get rude about it (“shill”???) when, as a result, some of us recommend against using your code.

Re: I don’t understand

Authored by: Anonymous on Thursday, August 18 2011 @ 09:00 PM EDT

“TiVo *gamed* the licence. They did something they *knew* to be against the spirit of the licence, “ I disagree. They didn’t *understand* the spirit of the license, which is a quite different thing. I for one would not have guessed in advance that anyone would object to TiVo’s approach, and keep in mind that many GPL developers (such as Linus) don’t. “Recommending BSD over GPL is, from my perspective, just selfishness.” I accept this as a fact, but cannot comprehend the thought processes that lead you to feel this way. Is my opinion equally opaque to you? (I think it is very similar to most BSD-license developers; I disapprove of duplication of effort, and BSD is the best way to avoid that.) I think we’re getting off topic. Please feel free to go to my blog post on the subject if you want to continue a discussion with me, although I’ll also be checking in here for a few more days.

Re: I don’t understand

Authored by: Anonymous on Thursday, August 18 2011 @ 11:56 PM EDT

It seems to me that it is a lawyer’s job to understand the letter of a contract, not the spirit of it. Of course, I don’t work for TiVo. I’ve never even owned one. So I certainly don’t know whether they were acting in bad faith or not – but it seems to me that you are jumping to the conclusion that they were, with no particular evidence, and I don’t understand why. – Harry

The Doomsday Argument and Life Before Birth

Warning: naive philosophical logic-chopping ahead. – Harry

I first ran across the doomsday argument many years ago (under another name, if I remember correctly) in the novel Manifold: Time by Steven Baxter.  It’s one of those interesting ideas – it’s obviously nonsense, but it’s very hard to pin down exactly where the reasoning fails.  At the time I think I pretty much dismissed it, but it appeared again in an online article a year or two back and I’ve been musing about it on and off ever since.  It turns out to be even more interesting than I thought, because once you do pin down the logical flaw, you realize that it depends on a metaphysical assumption.  This means that, arguably, the Doomsday Argument is the first ever experimental test of a metaphysical idea, which I find fascinating.

For those unfamiliar with the Doomsday Argument, the short version is that, using Bayesian statistics, you can take the fact that you were born now (rather than, say, a thousand years into the future) and use it to predict that the human race is almost certain to become extinct in the near future.  For more information, I’d recommend this site by Professor Nick Bostrom of Oxford University.  There is also a Wikipedia entry but personally I found it disorganized and confusing.

So where do I think the flaw lies?  Well, the DA requires you to reason like this: if the human race is not about to become extinct, what was the probability of my being born now rather than at some point in the future?  The subjective nature of this question is essential to the argument – you can’t, for example, imagine being a visiting alien pointing to someone and saying “what was the probability of such-and-such a person [or people] being born now?”.  It just doesn’t work that way.

Now, that question sounds reasonable.  But consider this: is it really meaningful to ask whether you might have been born at a different time?  What, exactly, does the question actually mean?  If somebody were born in 3000AD with your exact genetic code, would that person be you?  I argue that (s)he would not, because your experiences and memories are at least as critical to your identity as your genetic code.  Even identical twins are not the same person.

It should also be kept in mind that the chances of a person being born with an identical genetic code to you at some point in the future are unaffected by whether or not you were in fact born now.  So if you would consider a person born with your genetic code in 3000AD instead of now to be yourself, you would have to also consider a person born with your genetic code in 3000AD as well as now as being yourself.  In which case there would have been two yous.  So to speak. [1]

At first glance, this would seem to handily refute the Doomsday Argument, but there’s a catch.  What about your soul?  If we suppose that people have souls, and that these souls already exist in some sense before a person is born, then suddenly the DA works again – you can ask “what were the odds that I [i.e., my soul] would be placed in the world at this time, rather than a thousand years in the future?” perfectly meaningfully.

It is, at this point, very tempting to assert that if humanity does not become extinct in the near future that would disprove the existence of the soul.  This would however be dishonest, for several reasons: for one, my reasoning only applies if souls are (so to speak) created ahead of time, which is not necessarily the case; for another, the DA might have one or more other flaws (I believe Professor Bostrom discusses some possibilities in detail, though I must admit I haven’t actually read the book); and finally and perhaps most fatally, the DA also requires you to suppose that your soul is placed in the world at random, which I think according to most religions is unlikely to be the case.

Despite these caveats, I personally find this situation fascinating … as I may have said before.  If you’ve gotten this far without giving up in dismay, bless you, and I hope I haven’t bored you completely to tears!  My next post should be back to normally scheduled programming.

Harry.

[1] English really isn’t a very suitable language for discussing this sort of hypothesis, is it?

GPL Considered Harmful

… first they came for the kernel plugins, and I didn’t speak out because I don’t write kernel plugins. Then they came for the WordPress extensions, and I didn’t speak out because I don’t write WordPress extensions. Then they came for the apps and there was noone left to speak out for me …

When Guest is the administrator

Nommo was kind enough to point me to his latest blog entry which discusses a troubleshooting case where the Guest account had somehow wound up being the only active administrator account on a Windows Vista computer.  This was reasonably easy to reproduce (although I used Windows 7 instead) and, indeed, user management tools don’t work as might be expected.

This is interesting.  In most other respects the Guest account still functions as an administrative account.  At first I thought I understood exactly why this happened (to do with the way LAN Manager handled security way back in the days of DOS) but a bit of experimentation showed I was wrong.  It now looks as though a Guest logon is tagged in some way and prohibited from doing any user management – the Guest account can’t even look up its own details – unless you elevate to it from another account, in which case it has user-level access to account management but not administrator-level.  Weird, huh?

Only the actual Guest account is affected; other accounts that are in both Administrators and Guests are not.

Because only account management is blocked, you can get around this in a few ways.  Probably the simplest in most cases is to download the psexec tool from Microsoft.  Start an elevated command-line window by typing “cmd” into the “Search Programs and Files” box in the Start Menu and pressing Control-Shift-Enter.  Then type:

cd /d c:\directory\where\psexec\was\downloaded\to
psexec -s \\127.0.0.1 net localgroup Administrators /add myusername

pressing ENTER after each line and changing “myusername” to the username of the other (currently non-administrative) account.

Alternately, you could edit the registry as described in my earlier post but you don’t need to boot from external media:

1. Go to the Start Menu and type “regedit” and press ENTER.
2. Open HKEY_LOCAL_MACHINE, then SYSTEM, then Setup.
3. Double-click on SetupType in the right-hand pane.  Enter 2 and press OK.
4. Double-click on CmdLine.  Enter cmd.exe and press OK.
5. Reboot the machine.  A command window should appear.
6. Type “net localgroup Administrators /add myusername” and press ENTER.
7. Type: “exit” and press ENTER.

Again, “myusername” should be replaced with the username of an existing, non-administrative account.  After this procedure, the account is administrative.  You could also use “net user myusername newpassword” to change the password if necessary.  (The same caveat applies as in my previous post: doing this permanently locks you out of any encrypted files in the account.)

Now, obviously Guest shouldn’t be an administrator.  The fact that things behave oddly in this situation is not a bug.  However, if Guest is an administrator the normal recovery options don’t work properly.  In particular you are supposed to be able to log in as Administrator if no usable administrative accounts exist, and in this situation you can’t, and this is a bug.

Hope this helps.

Cultural Values and Racism

The honorable Tariana Turia MP was quoted today in the New Zealand Herald as saying “But when someone denigrates another culture then for me that’s racist.”  I like this quote.  I think it nicely sums up that aspect of our responsibility to treat one another with due respect.

There are two particular points I want to make about it: firstly, this needs to work both ways.  Let me make it clear that I have absolutely no complaints about the honorable Ms. Turia’s behaviour, but the name of one prominent Maori leader does spring to mind whose attitude towards Pakeha culture has often been less than respectful.

Secondly, there is an important difference between denigrating a culture and questioning it.  Where cultural values are in conflict (as in the case of the foreshore) it should be possible to at least discuss our differences openly and respectfully, so as to hopefully reach a reasonable compromise.  I don’t really understand politics, but it seems to me that one of the big problems with the foreshore debate is that this isn’t happening; the Maori party and the National party have reached a compromise, which seems to me [1] to be reasonable, but the discussion was not (as far as I know) open and the philosophical basis (if any!) for the various decisions has not been presented to the public.

Since this is a widely emotional issue, I will refrain from presenting my own viewpoint on the foreshore debate.

Harry.

[1] From what little I understand of it.