Monday, December 16, 2013

Follow the prophet?

It has been interesting the past weeks, what with the Church's recent post of a study aid on Race and the Priesthood.

All kinds of people struggling to make sense of it. A few having full blown Crisis of faith experiences.

Me, I found it to be a relief. First it was nice to get some of the information brought together to a single location. It was nice to have the Church officially correct a few misconceptions regarding the churches position on heritage and "pre-mortal worthiness". I feel I am able to breathe a little more easily when it comes to people talking about Brigham Young too, which is nice. I feel a little less concern about discounting some of the things he has said, that I questioned the validity of.

Of course that is probably the source of many of the Crisis of Faith experiences others have mentioned. "He said something that wasnt' true! He must not be a prophet! My world is collapsing! etc..."

I didn't experience that. Prophets saying/doing stupid things is nothing new.

Look at Jonah. god told him to go preach in Nineveh and he ran for it.

Moses, tried to get out of speaking for the Israelites who were in Egypt, claiming a stutter (That's why Aaron went along as a spokesman).

Then in 1 Kings 13 there is this really messed up story about a young prophet going to call the King to repentance, with strict instructions to say his piece and get out of the country, only an old prophet heard about the young prophet, chased him down, Lied to him and told him the God told the old prophet to invite the young prophet to dinner, then chastised him for accepting the dinner invitation, after which the young prophet went on his way and was eaten by a lion.

Peter denied knowing Christ three times in one night.

Dig around, you will find more. (No, I don't think King David counts, he was a King, not a prophet).

Prophets aren't perfect. Just because they are prophets doesn't mean they suddenly stop saying or doing stupid things. That is why we are expected to develop a close personal relationship with our Savior. That is why we are supposed to study the scriptures, especially those that present the life the Christ, so that when we receive new revelation, we can by comparison determine if it is in harmony with Christs teachings, and so that we can through prayer, receive a direct, personal confirmation.

<joke> If there had been room for an 11th commandment it would have been "Thou shalt Think" </joke>

The second crisis is "I thought the God wouldn't allow a prophet to lead the church astray!". Well, first of all, I have never actually found a scriptural reference to confirm that statement. I can find a few statements where Prophets express that sentiment as an opinion, but no firm scripture, or prophetic utterance.

There is an interesting scripture here, which suggests that God want all of us to be prophets (making a distinction between position of prophet and position of church leadership). Clearly, if all church members had a sufficiently close personal relationship with God they could not be led astray.

If you recall the Story of Moses post-egypt. God presented 10 commandments to the children of Israel. They botched that, and thus wound up with the more specific Mosaic law. It included all this detail about  if your neighbor cut your hand off Justice required that his hand be caught off... eyes for an eye, tooth for a tooth, etc... because apparently "thou shalt not kill, thou shalt not steal, thou shalt not lie,... were somehow not clear enough. In fact, the ten commandments were themselves a more detailed version of the prior two commandments (1. Love God and 2. Love thy neighbor as thyself. Seriously it isn't obvious that is you love your neighbor you won't kill him? rob him blind? take his stuff? Well, clearly it isn't, look at the volumes of law we have created on those subjects).

In other words, what I am suggesting is that maybe Brigham Young's pronouncement of a limitation on priesthood worthiness wasn't what God wanted, nor was it that Brigham young led anyone astray, but rather the congregation in whole or in large part, wasn't ready to accept what God wanted, Just as the Isrealites were given the Mosaic Law because they weren't ready to accept the higher law. What if the membership of the Church had been more in harmony with the Saviors vision?

In other words, I am suggesting the Blacks had to wait for the priesthood because the members of the church were operation under an incorrect belief system.

So that begs the question. What blessings are we missing out on today... what blessings are others missing out on... because of our misperceptions... Our attitudes, values, beliefs and behaviors which are not in harmony with the gospel of Jesus Christ?

Wednesday, December 4, 2013

Passwords on Paper

In a previous post, I said I would show you a way to safely write passwords down...

You should never write passwords down, right? There are few things worse than leaving your password on a sticky note attached to your monitor , or under your keyboard.

Let me show you a way around this....

First, you need to create one good password of length of 8-10 characters, which you will commit to memory. This needs to be a good password. It should not contain a dictionary word, it should ideally have letters, numbers, and symbols. But it needs to be easy to remember. Since it is the only one you are going to have to commit to memory, that shouldn't be too difficult.

For this example, I am going to use M2bh@fn4. 
I built that from the phrase "My bologna has a first name". Using the first letters of every word gives Mbhafn. I then counted the letters in the first and last word(My=2, Name=4), and put that number after the respective letter (M2bhafn4). Finally, to get a symbol in there I replace the 'a' with '@'.

Now, as a matter of good security practice, you would write this password down on a piece of paper, seal it in an envelope, and put it in a locked file. That way it is recoverable in the event of a tragedy (memory loss, or an incapacitating illness or accident, requiring a close relative or friend to access your systems for one reason or another). But apart from that, this password DOES NOT GET WRITTEN DOWN ANYWHERE!


Okay now we get to the individual systems. For each individual account, create a 8-10 character password, which you will write down on a slip of paper. You will keep this slip of paper in your purse, wallet, or planner...  Something that you already carry with you and protect because it contains credit cards, cash, and other important items which you don't want stolen. This slip of paper will look something like this...

Chase bank - 1whD6&fk
gmail - rej8(fhkl
facebook - weh903Ldm


Again, for reason of security, you should make a copy of this, and lock in in a file. Now here is the trick. What you have written down is only half of the password. The part you have memorized is the other half. SO your password for Chase bank would actually be:

M2bh@fn41whD6&fk

and gmail would be

M2bh@fn4rej8(fhkl

Those are 16-20 character random passwords. They are unique for each account due to the part you have written down, and easy to remember due to the part you have committed to memory.

What if someone steals your slip of paper? They will only have one half of your password. They will still have to brute-force guess the other half. And since you will quickly become aware that your password slip is missing, you will be able to go home, get your backup copy,  log in and change all your passwords within a day or so, rendering the old list useless.

Pretty cool huh? There is still one point of risk to consider. What if someone were to steal your password slip, copy it, and return it without your knowing? Then they gain more time to try cracking your password. The ways to reduce that risk are as follows:

1. Take extra special care of that piece of paper. Never let it out of your site.
2. Make the memorized part longer, say... twelve to twenty characters long (the longer the password, the longer it takes to guess).
3. Continue to follow the best practice of changing your passwords frequently (every 90 to 360 days. This isn't so painful, since little to no memorization is involved).

And there you have it, your passwords: unique, complex, safely written down... managed.

Wednesday, November 27, 2013

A Happy Thankgiving(?) present from the company: Uncertainty stinks

Yesterday we got called in to an emergency town hall meeting a work. Thermo Fisher is in the process of acquiring Life Technologies. The European regulators decided that would make too large a company, and have required the company to divest itself of one particular business line.

That line is roughly 1/2 to 2/3 of what we do here in Logan. I.E. they are going to sell off half of our business unit.

what does that mean? We don't know. Most likely a new company will take ownership of that business and continue to operate it, and everyone will continue to have jobs, get paid, etc..., just half of us will now work for a different company. Probably a competitor. But we won't know until the buyer is selected, and the transaction is completed.

For some of us, it is less certain. Working Information Technology, I cover both sides of the business, so what will happen to me? Which side will end up taking me? Or, since these two business units, belonging to two different corporations - are now half the size they were, will neither side choose to keep me? Or will this be my opportunity to "pursue other interests" (That's what they call it when they kick you out the door).

I hate uncertainty. I hate not knowing what things are going to look like tomorrow, next week, next month, next year.

That's life though. Nothing is certain. And we have more warning than you typically get from... say... a Tornado, or Hurricane, or an Earthquake. And with a higher probability of a positive (or at least a non-negative) outcome. Who knows, maybe this is my opportunity to change my career to Computer or Software engineering (Aligned to my degree). Or maybe this is my chance to keep doing what I'm doing, only slightly less, so I can actually take my days off every year. Or... Who knows... Indeed...

Uncertainty...

Bleh....

Happy Thanksgiving.


Friday, November 22, 2013

Why?

I saw a share on facebook quite awhile ago, from this mommy blog, titled "My Kid's are not the center of my world".

I though most of her most of her points were good, though I expressed concern that perhaps us "old-timers" didn't necessarily have a good grasp on some aspects of modern day bullying. With the advent of social everything, and with a general social trend toward sarcasm and meanness (It is hard to find a sitcom that isn't primarily an insult tennis match), Bullying has become much more sophisticated, coordinated, and focused. Many such incidents are more reminiscent of brainwashing and psychological torture techniques than the bullying I remember seeing.

A couple days ago, I saw this news write-up of the blog post. Reviewing the comments, I think I am a minority opinion on the subject. Lots of responses about kids needing to toughen up, stop being whimps... about parents needing to stop hovering, stop being over protective... a few comments about overreacting to "kids being kids".

And while I don't disagree with the sentiment that many need to be a little less sensitive, that parents need to let their children take a few knocks, and that we need to accept that people will sometime misbehave...

As I was walking out to my car to drive home today, I thought about the "Kids will be kids" line, and found myself thinking.... Why?

Why do we just accept that kids are going to be mean to each other? Why is that normal? In many places now, home security systems are a standard feature. Millions (Billions?) of dollars are spent on security systems, cameras, sensors, alarms... for what purpose? What useful value do they serve? None! We buy them to protect us from thieves, robbers, home invaders. But why? Why is this an industry? Because theft is so common. We just accept it as a normal part of daily living....

Why? Why do we accept this as "The norm?", Why do we talk act, behave as though this is how it was, is, and always will be? Why will "boys be boys"?


In the Book of Mormon, Helaman, Chapter 6, there is a story about the Gadianton Robbers - a crime syndicate. They were the Mafia of the time. They would rob, plunder, bribe, extort... They would even assassinate government officials in order to place their own in positions of power. They wreaked havoc on the people in the Americas.


Then it tells us in verse 20 of this chapter

 20 And now it came to pass that when the Lamanites found that there were robbers among them they were exceedingly sorrowful; and they did use every means in their power to destroy them off the face of the earth.

and then in verse 37

37 And it came to pass that the Lamanites did hunt the band of robbers of Gadianton; and they did preach the word of God among the more wicked part of them, insomuch that this band of robbers was utterly destroyed from among the Lamanites.



Why can't we do that? Is it really, truly not possible for us to expect better? Can't we at least try? Am I asking too much?

Managing Passwords

In a previous post, I gave some guidelines for creating good passwords (ie relatively long and random, and unique for at least sensitive accounts, if not all accounts).

So, how do you go about creating good passwords? and how do you manage them?

Well I can share one trick for creating them, though I don't use it. On trick is to use a phrase, line from a song, or quote, as your reference, and pick letters from it. An example. Say you are a big fan of Bon Jovi, so you pick the phrase "Whoa, we're halfway there whoa, livin' on a prayer". You could select first and last letter of each word, which would give you "WawehyteWal'onapr" as a password. That is 17 characters long, with a mix of upper and lower case letters, and since it had the word livin' in it, I also have the good fortune to be able to include a symbol. I could also easily add a number to the begining or end, by counting the number of words, or maybe the number of letters int he last word (WawehyteWal'onapr6). That is long, random, and fairly easy to remember... So long as you don't have too many different passwords.

I have over three hundred passwords. each one unique. I have a fairly untrustworthy memory also. So I don't use that technique.

I use a program to store my passwords in an encrypted database, and I let it generate random passwords for each account for me.

I have used two different password managers, and I like both of them. On is Password Agent, a closed-source Application by Moon Software. It is $25 for a single user license.

The other is KeepPass Password Safe.KeePass is open-source and free (Note there is a donation link. If you find the software useful. please consider donating. It is a good program, and people have invested considerable time to make it so).

I was going to link a howto for keepass, but so far, I am not satisfied with any that I have seen.
This youtube video is pretty good other than:

  • I would recommend going to keepass.info (the original source) to download it, rather than cnet (a third party repository). 
  •   
  • For the master password, His example password shows a good quality password. It is imoprtant that this password be hard to guess. This is the password that grants access to all your passwords. Another possibility is to use a phrase, instead of a password (like "I am a really big fan of tom8to spam sandwiches."). Whatever you use here, you MUST REMEMBER IT! If you forget this password, you have lost access to all your passwords!!!
  •  
  • As a matter of protecting your data, you must make sure you have a good backup of your password file. You can also print the password database, place the printout in a sealed envelope and store it in a fireproof safe. 

  • One other point he misses- in additon to the executable installer, there is also a zip file, which allows you to place the program on a thumbdrive that you can carry around with you, and use on any computer (make sure you have a copy of your password file on the thumb drive. There are also versions for iphone, android phones...
  •  


This video is another good one, that catches a few of the things the previous one misses, though he makes a few mistakes as well. Between the two, you should get a good idea how it works.


But both of these videos fail to actually show you what to do after you enter the username and password.

The short version, if you have populated the username and password fields, and the url, the easy way to use it, is to:

  • select the entry you wish to use and press ctrl+u to autolaunch the URL in your default web browser
  • make sure the cursor is in the username field on the web page
  • press ctrl+alt+k to return to keepass
  • press ctrl+u to have keepass transmit the username and password to the page.

Hopefully that is enough to get you started. Maybe if there is interest, I will put together a more complete tutorial.


So either of those is a good option. Next time I will show you an option for safely keeping your passwords on a piece of paper in your wallet.

Saturday, November 16, 2013

Good passwords guide



Since I trashed talked biometrics in my last post, I decided I should offer some advice regarding passwords.

What makes a password good? Well, the main feature of a good password is that it is hard to guess.
In the worst case, the hacker has somehow managed to get hold of the password database, which means they can guess passwords as fast as their computer will run through them. I believe the current record is roughly 350 billion guesses in one second. That was on a miniature super computer. A box with special cards designed for performing advanced computations rapidly. It’s a fairly expensive setup, Most hackers are not likely to have that kind of power available to them currently, so it makes a good top end number. For now (Moore’s law suggests that the rate of calculation will double every two years or less ).

So now it is a numbers game. It goes something like this. First pass guessing will be the easy stuff. They will try common passwords, dictionary words (yes, any language), two words together, words with a number… Once those are used up, it’s time to start checking for random passwords. That means trying every possible combination of letters, numbers and symbols (aaaa, aaab, aaac, aaad,…). Since most systems now require at least a 6 character password, that is what will be tried first – every possible combination of  letters, numbers, and symbols six characters long. Then they will try seven characters, then eight, and so on.

Treating this as a game of averages, the hacker is on average going to have to try one half of all those possible combinations in order to correctly guess your password. So you want to pick a password from a pool with enough possible combinations that is will take the hacker longer to try half of them before it is time for you to change your password. That way, by the time he has guessed your password, you have changed it.

There are two factors then that increase the complexity of the password. The number of possible characters in each position, and the number of positions. Below is a chart showing the effects of increasing the possible character types, and the number of characters.


possible combinations
Characters
# of chars
6 characters
8 characters
12 characters
20 characters
a-z
26
308915776
2.08827E+11
9.5429E+16
1.99281E+28
a-z,A-Z
52
19770609664
5.34597E+13
3.90877E+20
2.08962E+34
a-z,A-Z,0-9
62
56800235584
2.1834E+14
3.22627E+21
7.04423E+35
a-z,A-Z,0-9,!@#$%^&*()[]{},.<>;:'"-_=+
88
4.64404E+11
3.59635E+15
2.15671E+23
7.75628E+38

If we take our guess rate of 350 billion per second:

An eight character password - utilizing upper and lower case letters, numbers and symbols - will be guessed (on average) in 1.5 hours.

A twelve character password using just letters and numbers (no symbols) will take on average 145 years to guess. If you add in the symbols that number goes to 10 thousand years

A twenty character password using the full range of characters will take on average 30 quintillion years to guess. It is going to be a while before computing power is sufficient to bring that number down to a practical time to brute force attack.

So the first rule of good passwords, make them at least twelve characters long, random, composed of a mix of small and capital letters, numbers, and symbols.

The second rule is don’t use the same password for different systems.Why? Say the hacker sets up a fake page that looks like the facebook login, and captures your password. That stinks. He’s got access to your facebook. It stinks even more if you used that same password for all your banking sites, and he starts transferring money, making paypal purchases, using your credit card…
You might cheat with you social and email sites, but never never never use the same password for financial sites.

The third rule is to change your passwords regularly. There is still that risk that someone might catch a glimpse over your shoulder or capture it using some social engineering scam. So it is a good practice to change them once in a while, just as a precaution. How often? Most paranoid experts aim for every 30-90 days. I lean more toward every 6-12 months personally. Realistically, if you are using long, random passwords, and you are good about applying safe computing practices, you should be safe going several years between password changes on some systems. I'd still err on the side of caution when it comes to financially related sites, or sites with sensitive information.

But those rules which make for good passwords do create a rather serious problem. How does one manage a whole bunch of long, hard-to-guess passwords?

I’ll share some strategies next time.

Thursday, November 14, 2013

Biometrics:Reality Check

I saw this article on Biometrics today. The article starts with a fairly practical discussion regarding using biometrics (fingerprint scans, retina scans...) to identify people. It then moves into the (to me) uncomfortable territory of using biometrics to replace passwords. The idea is that you can scan your fingerprint, or retina or..., and that will be sufficient to identify you as you to your computer, your car, the store, ... No more passwords to remember. How wonderful would that be?

I cringed a bit at that. I cringed even more after reading one comment in particular. It started out as a sales pitch for the iPhone; talking about how great and secure the biometric features are in the new one. A few eye-rolls later and I get to this part...

"Hackers and thieves want you to think biometrics are not secure. Don't be fooled. Hackers love cracking passwords, and they do it all the time. But a password married to a biometric authentication makes it far more difficult for them, and they will do or say anything to try to keep people from adopting these new layers of security. Every PC and tablet should function in the same way to put an end to most remote hacking."

I'm thinking people are learning too much about security from the movies. You frequently see the "Hacker" pull out some little gizmo, or run some program that interfaces with the password challenge, and proceeds in a matter of a few seconds to discover the password one character at a time.

It doesn't work like that.

In most modern systems, your password is stored as an encrypted entry in a password database, which is only readable by a very few system accounts (the super admin, the backup system,...). When you enter your password, assuming the application developers are not idiots, the password is passed from your computer through a secure channel to the authentication system. It runs the encryption algorithm on the password, and passes it to the password query system. Which compares it against the entry int he database, if they match, it returns a "yes" and you are granted access, if they don't match, it returns a "no" and you are not granted access.

To remotely guess your password, the "Hacker" has to try a password, then another, then another... until he manages to stumble on the right one. That could take hours, days, years (unless you use a really bad password). Most good systems now will detect bad password attempts and will alert when multiple bad attempts occur in a short time frame.

To get around this, the "Hacker" could steal the Password database, then he can run a program on his local computer to rapidly try guesses. If your password is shorter than twelve characters, or is a dictionary word, or two words put together, or one or two words with an number somewhere, and he has some reasonably powerful computing resources, he stands a far chance of getting it within a week. If your password exceeds 12 characters and is reasonably random, it could take years. (As computers become more powerful, this time will grow shorter, and your password will have to be longer). But, to steal the password database, he has to obtain admin access to the system. If he has full access to the system, does he even need to waste his time figuring out your password?

Most modern "Hackers" aren't interested in your password. That is just a means to an end. What they really want is your bank account, credit card information, something that allows them to obtain money. IT is a business, and like any other business, the goal is profit. Spending weeks trying to guess your password so they can steal hundred bucks is not efficient. Being smart businessmen, then look prefer to work smarter, not harder.

So they employ social engineering. They get you to go to a web page what looks like your bank's web page, and enter your username and password. Or they get you download and run a program that scours your hard drive for banking information, or that records your keyboard activity. It's less work.

So what is biometrics really going to do for this? Not very much in most cases. Most biometrics systems can be gamed (collect a fingerprint and copy it onto latex, gelatin...). Biometrics fail in some circumstances (I remember a bank that put fingerprint readers into their ATM's in a cola mining town, the coal dust gummed them up, and the fingerprints of half the clientele were 'sanded' off by work and thus virtually unreadable.

Then there are the unanswered questions that really make me nervous.

Like, do I really want to risk having some nut cut off my hand or gouge out my eyeball, so he can get into my bank account? Many of the scanners actually have mechanisms to prevent this strategy from working, But will the stupid criminal know that?

Of greater concern, what happens if a "hacker" gets hold of the biometric database? If they get the password database, you can change your password (so long as you are notified), and that is the end of it. If they have your fingerprint, or your retina, how exactly are you going to change that?

 

Tuesday, November 12, 2013

Why I am leery of "The Cloud"

I am very reluctant to use web based applications. I avoid DRM'd content, and even with local applications, I shy away from proprietary file formats (I am pretty neutral on open-source but media/document formats and standards are another matter altogether). All of these create artificial roadblocks to the safety and security of my data.

How can I be certain the Vendor won't go out of business, or at the very least stop supporting the specific App? How can I be sure they are sufficiently protecting my data?

I can't.






I'm not feeling all that warm and fuzzy about "The Future is in the cloud"...

Thursday, October 31, 2013

Ten compliments and a big ol' pile of bleh.

I saw this headline, and out of curiosity followed the link to read the article.

10 compliments your husband needs to hear



I didn't expect to be more than amused by it. As I began reading, I found the article quite compelling. As I read each compliment listed, I found myself thinking, "Yeah, I do like to hear that, even hunger for that in a way..."

Just reading them in the article was a bit of a self-esteem booster. I finished the article feeling pretty upbeat. I was also thinking that I could do a better job of complimenting my wife more frequently (Hey, it felt good! Pay it forward!).

Then I made the mistake of reading the comments. Hopefully there are more, and better comments when I read them. There were only a couple at that point. A few men crying that they never get such compliments, a few more cynical posts regarding the (perceived) worthlessness of modern men. A response post to the whiny men, inferring that women are too busy doing much more work, for much less appreciation, to take time and be appreciative of the men (I've seen a few memes carrying that same message of late). It hurt my heart to read them.

My first thought was have we become so absorbed in "Everybody Loves Raymond" and "Married with Children", and etc... that we have completely absorbed them as reality? What happened to "Andy Griffith" and "The Cosby Show", how did we come to be so completely ruled by sarcasm, cynicism, selfishness and jut plain mean-ness?

My second thought was no wonder there is such a problem with cyber-bullying. They learn sarcastic and cynical from their parents. We spend hours laughing at clever insults in television comedies - That seems to be the primary content of modern comedy. we celebrate the endless stream of invectives, the more brutal, the better. How is it that we are even surprised that this is the behavior youth exhibit? Our occasional public messages against bullying are shining examples of hypocricy.

I should've stopped with the story...



Monday, October 14, 2013

Dealing with your spouse's flaws

I figure since it's our thirteenth anniversary, I should take a few minutes to tell on my wife.

First, I have to divulge something about myself. I am horrible with names. I mean really horrible. Like someone from work will walk by - someone I see and interact with daily, and they will say "Hi Ed", and in that moment, I cannot for the life of me recall their name.

Once at church as a youth, the Bishop stopped me and asked "Where is David?".

I thought to myself, "Why is the Bishop asking me about David? Do I even know anyone named David?"

After a pause, he asked "Is your Brother here?". Oh, yes, of course, 'David' is my brother's name...

I don't know what it is exactly, but for some reason, names are groups of letters to me, and people are faces, and events, and the two don't have a very solid mapping in my mind. (Actually, I saw a video a few days back titles what English sounds like to foreigners [I won't  link it because it contains profanity at the end. It pretty easy to find it if you want, and if you exit right when she comes back into the room with the cake, you can skip the profanity.]. And as I watched it, I had a sort of epiphany. That is kind of what English sounds like to me. When people talk, I don't seem to process it in a normal way. It's like I catch the words, but out of order, so I end up having to take a few moments to process the words, re-piece them together, so I can understand what was meant. Anybody else have that problem? But I digress...).

So anyway, I have this problem with names, and I find it very embarrassing, so I generally try to cover it up. I feel awful when I can't remember someone's name. I am always afraid of hurting their feelings.

Enter my wife. I may have sort of vaguely mentioned this problem of mine to her at one point, I really don't recall. I do recall however, a number of times at social gatherings, when she would whisper the name of an approaching person to me. And when we would run into old friends of mine who she didn't know, she would often intervene by introducing herself.

I am very appreciative of the way my wife deals with this flaw of mine. She is truly amazing.

Happy Anniversary Tennille, Love you.

Sunday, October 13, 2013

Gasoline, plumbing and paint: a history of violence

I discovered an interesting article recently (several actually, but this one does a good job of summarizing them all, without getting too involved in the emotion of politics, as so many popular "scientific articles" seem to do of late.

The short story: a number of studies have turned up a very interesting, very strong correlation between childhood exposure to lead, and adult tendencies to violence.

In other words, there is a possibility that much of today's violence is the result of childhood exposure to leaded paint, leaded gasoline, and lead plumbing pipes. The suggestion is that childhood exposure to lead impacts normal brain development (there is evidence that it does effect IQ), in a way that causes an increased tendency for violence in later years (we've been trying to outlaw guns, when we should have been outlawing painters and plumbers).

In theory, that means we should expect a continued reduction in levels of violence in the US over the next decade or so, as the last of those who grew up in the leaded gasoline era pass away. Lead paint is already mostly gone in the US. Lead pipes are likely still a problem in older structures, particularly in Larger cities. The middle east appears to still be using the stuff, so they are likely to be mired in violence for the foreseeable future ...

The implications of this, if proven true are considerable. For instance many of the current autoimmune disorders (Crohn's, MS, IBS, etc...) are thought to have environmental triggers. Will a similar correlation be found for these, related to some other, now common substance?

The most notable point is the time span. This correlation was not discovered until decades after contamination occurred. Based on the observed correlation, the symptoms didn't manifest until roughly 20 years after contamination. This is a significant issue considering our relative lack of ability to effectively and accurately, acquire and retain sufficient quantities of data to really see the possible long-term correlations (In fact, a fairly significant effort goes into the hiding and/or destruction of old [often meaning older than three months] data, in an effort to protect against litigation, or preserve "state secrets").

We need to get better at collecting, managing, and understanding data.






Friday, October 11, 2013

Is modern math education broken?

I was helping my daughter with her math homework the other day. It was multiplication of various 2-digit numbers (ie 80x52=?). The instruction were to select a 'method' and then solve using that 'method'. The 'method' was one of a half-dozen or so 'tricks', which the previous days homework had listed and demonstrated. I only remember two of the names ("friendly numbers" and "halving and doubling"), and I only remember how one of them works (using halving and doubling, 20x 12 = 2 x 1/2 x 20 x 12 = 2 x 10 x 12 = 2 x 120 =240).

My daughter only remembered "friendly numbers", and she had turned in the previous homework, thus had nowhere to go for the list of 'methods'. Many tears were shed as we struggled through these problems. One problem, after giving her a hint as to a way to make it easy to solve (changed the previously mentioned problem to 8x10x52), she argued that she couldn't do it because the didn't know the name of the method, and In frustration I told her to call it "the smart way" (I really hope I didn't just kill her straight A streak with that).

Having shared that story, I am going to try and not rant for a minute...

I remember a math teacher by the name of Scott Ziegler. Our first couple days of class he had us start building a notebook. On the first few pages we listed properties, by name and description.
(example:
 Commutative property of addition:    a+b = b+a
Distributive property: (a+b) x c = (a x c) + (b x c)


We then went on to build theorems in the book, which would allow for faster solving of problems, those theorem had to be demonstrated to work, with a valid proof.

Then, when we solved homework and test problems, we were expected to show our work, each step, with the property, postulate or theorem we applied to each step documented to the left of the line on which the step was performed.
 example:
80x52 =
= (8x10)x52       --> Substitution
=8x(10x52)       --> Associative property of multiplication
=8x520            --> substitution
=4160              --> solve



If we didn't explain a step with a property, or if we used a theorem for which we didn't have a valid proof, we'd lose points.

Based on what I have seen of my daughter's homework, and based on posters I have seen in at least one math classroom of one middle school, this mathematical rigor I experienced has been replaced with memorization of tricks. The math classroom I walked through a few weeks ago had a poster, which more or less listed the additive and multiplicative properties, but they were presented with no rigor, no precision. Instead they were presented as 'tricks'.

This concerns me. I have known people who relied on the 'trick' method. They were able to solve problems very quickly, so long as they were problems which fit a 'trick' that they new. But they were completely lost if the problem did not fit one of their problem solving recipes. they were largely incapable of solving novel problems.

I am concerned that this method of teaching (common core? That was written at the bottom of the homework pages) is doing our children a great disservice. They are being trained to be nothing more than code monkeys - able to quickly churn out solutions to problems which have already been solved, but unable to truly innovate, unable to really advance science, technology, or human knowledge in any meaningful way.

I realize I may be looking at this through my particular filter. So I am trying to keep an open mind as I reach out to those working in education. Can you please help me understand this? Is there something I am not understanding about the current teaching method? Or is education seriously broken?