Everybody's been discovering things in Google Street View. While Microsoft and Amazon did this sort of thing much earlier, there's been a lot more publicity about Google doing it because it's Google, and it's much more high resolution among other things.

But now that it's out, I expect we'll see web sites pop up where people spot the Google camera-car and report on its location in real time. Allowing people to prepare for its passage.

I expect we'll see:

Yesterday, I wrote about election goals. Today I want to talk about one of the sub-goals, the non-provable ballot, because I am running into more people who argue it should be abandoned in favour of others goals. Indeed, they argue, it has already been abandoned.

As I noted, our primary goal is that voters cast their true desire, independent of outside pressure. If voters can't demonstrate convincingly how they voted (or indeed if it's easy to lie) then they can say one thing to those pressuring them and vote another way without fear of consequences. This is sometimes called "secret ballot" but in fact that consists of two different types of secrecy.

The call to give this up is compelling. We can publish, to everybody, copies of all the ballots cast -- for example, on the net. Thus anybody can add up the ballots and feel convinced the counts are correct, and anybody can look and find their own ballot in the pool and be sure their vote was counted. If only a modest number of random people take the time to find their ballot in the published pool, we can be highly confident that no significant number of ballots have not been counted, nor have they been altered or miscounted. It becomes impossible to steal a ballot box or program a machine not to count a vote. It's still possible to add extra ballots -- such as the classic Chicago dead voters, though with enough checking even this can be noticed by the public if it's done in one place.

The result is a very well verified election, and one the public feels good about. No voter need have any doubt their vote was counted, or that any votes were altered, miscounted, lost or stolen. This concept of "transparency" has much to recommend it.

Further, it is argued, many jurisdictions long ago gave up on unprovable ballots when they allowed vote by mail. The state of Oregon votes entirely by mail, making it trivial to sell your ballot or be pushed into showing it to your spouse. While some jurisdictions only allow limited vote by mail for people who really can't get to the polls, some allow it upon request. In California, up to 40% of voters are taking advantage of this.

Having given up the unprovable ballot, why should we not claim all the advantages the published ballot can give us? Note that the published ballots need not have names on them. One can give voters a receipt that will let them find their true ballot but not let anybody who hasn't seen the receipt look up any individual's vote. So disclosure can still be optional.

This week I was approached by two different groups seeking to build better voting systems, something I talk about here in my new democracy topic. The discussions quickly got into all the various goals we have for voting systems, and I did some more thinking I want to express here, but I want to start by talking about the goals. Then shortly I will talk about the one goal both systems wanted to abandon, namely the inability to prove how you voted.

Many of the goals we talk about are actually sub-goals of the core high-level goals I will outline here. The challenge comes because no system yet proposed doesn't have to trade off one goal for another. This forces us to examine these goals and see which ones we care about more.

The main goals, as I break them out are: Accuracy, Independence, Enfranchisement, Confidence and Cost. I seek input on refining these goals, though I realize there will be some overlap.

For many of us, E-mail has become our most fundamental tool. It is not just the way we communicate with friends and colleagues, it is the way that a large chunk of the tasks on our "to do" lists and calendars arrive. Of course, many E-mail programs like Outlook come integrated with a calendar program and a to-do list, but the integration is marginal at best. (Integration with the contact manager/address book is usually the top priority.)

Even people outside of California have heard about proposition 13, the tax-revolt referendum which, exactly 29 years ago, changed the property tax law so that one's property taxes only go up marginally while you own a property. Your tax base remains fixed at the price you paid for your house, with minor increments. If you sell and buy a house of similar value (or inherit in many cases) your tax basis and tax bill can jump alarmingly.

The goal of Prop 13 was that people would not find themselves with a tax bill they couldn't handle just because soaring real estate values doubled or tripled the price of their home, as has often taken place in California. (Yes, I can hear your tears of sympathy.) In particular older people living off savings were sometimes forced to leave, always unpopular.

However, there have been negative consequences. One, it has stopped tax revenues from rising as fast as the counties like, resulting in underfunding of schools and other public programs. (This could be fixed by jacking up the rates even more on more recent buyers of homes but that has its own problems.)

Two, it generates a highly inequitable situation. Two identical families living in two identical houses -- but one has a tax bill of $4,000 per year and the other has a tax bill of $15,000 per year, based entirely on when they bought or inherited their house. I would think this is unconstitutional but the courts said it is not.

Three it's an impediment to moving (as if the realtor monopoly's 6% scam were not enough.) There are exemptions in most counties for moves within California by seniors.

Here's my fix: Each house would, as in most jurisdictions, be fairly appraised, and receive a tax bill based on that. Two identical houses -- same tax bill. However, those who had a low basis value in their home could elect to defer some of that bill (ie. the difference between the real bill and their base bill derived from the price they paid for their home) until they sold the home. There would be interest on this unpaid amount, in effect they would be borrowing against the future equity of the home in order to have a lower tax bill.

Here's a new approach to linux adoption. Create a linux distro which converts a Windows machine to linux, marketed as a way to solve many of your virus/malware/phishing woes.

Yes, for a long time linux distros have installed themselves on top of a windows machine dual-boot. And there are distros that can run in a VM on windows, or look windows like, but here's a set of steps to go much further, thanks to how cheap disk space is today.

• Yes, the distro keeps the Windows install around dual boot, but it also builds a virtual machine so it can be run under linux. Of course hardware drivers differ when running under a VM, so this is non-trivial, and Windows XP and later will claim they are stolen if they wake up in different hardware. You may have to call Microsoft, which they may eventually try to stop.
• Look through the Windows copy and see what apps are installed. For apps that migrate well to linux, either because they have equivalents or run at silver or gold level under Wine, move them into linux. Extract their settings and files and move those into the linux environment. Of course this is easiest to do when you have something like Firefox as the browser, but IE settings and bookmarks can also be imported.
• Examine the windows registry for other OS settings, desktop behaviours etc. Import them into a windows-like linux desktop. Ideally when it boots up, the user will see it looking and feeling a lot like their windows environment.
• Using remote window protocols, it's possible to run windows programs in a virtual machine with their window on the X desktop. Try this for some apps, though understand some things like inter-program communication may not do as well.
• Next, offer programs directly in the virtual machine as another desktop. Put the windows programs on the windows-like "start" menu, but have them fire up the program in the virtual machine, or possibly even fire up the VM as needed. Again, memory is getting very cheap.
• Strongly encourage the Windows VM be operated in a checkpointing manner, where it is regularly reverted to a base state, if this is possible.
• The linux box, sitting outside the windows VM, can examine its TCP traffic to check for possible infections or strange traffic to unusual sites. A database like the siteadvisor one can help spot these unusual things, and encourage restoring the windows box back to a safe checkpoint.

You've all seen it many times. You hit the 'back' button and the browser tells you it has to resubmit a form, which may be dangerous, in order to go back. A lot of the blame for this I presume lies on pages not setting suitable cache TTLs on pages served by forms, but I think we could be providing more information here, even with an accurate cache note.

In a chat I had recently with another communications geek, we talked about the well known problem of videoconferencing systems. You look at a person on the screen, and the camera is not where you are looking, so eye contact is not possible.

Ok, I couldn't resist. If this makes no sense to you, sorry, explaining isn't going to make it funny. Look up lolcats.

Thanks to David Farrar for the original ICANN board picture.

I wrote recently about the paradox of identity management and how the easier it is to offer information, the more often it will be exchanged.

To address some of these issues, let me propose something different: The creation of an infrastructure that allows people to generate secure (effectively anonymous) pseudonyms in a manner that each person can have at most one such ID. (There would be various classes of these IDs, so people could have many IDs, but only one of each class.) I'll call this a QID (the Q "standing" for "unique.")

The value of a unique ID is strong -- it allows one to associate a reputation with the ID. Because you can only get one QID, you are motivated to carefully protect the reputation associated with it, just as you are motivated to protect the reputation on your "real" identity. With most anonymous systems, if you develop a negative reputation, you can simply discard the bad ID and get a new one which has no reputation. That's annoying but better than using a negative ID. (Nobody on eBay keeps an account that gets a truly negative reputation. An account is abandoned as soon as the reputation seems worse than an empty reputation.) In effect, anonymous IDs let you demonstrate a good reputation. Unique IDs let you demonstrate you don't have a negative reputation. In some cases systems try to stop this by making it cost money or effort to generate a new ID, but it's a hard problem. Anti-spam efforts don't really care about who you are, they just want to know that if they ban you for being a spammer, you stay banned. (For this reason many anti-spam crusaders currently desire identification of all mailers, often with an identity tied to a real world ID.)

I propose this because many web sites and services which demand accounts really don't care who you are or what your E-mail address is. In many cases they care about much simpler things -- such as whether you are creating a raft of different accounts to appear as more than one person, or whether you will suffer negative consequences for negative actions. To solve these problems there is no need to provide personal information to use such systems.

I've just returned from the 25th reunion of my graduating class in Mathematics at the University of Waterloo. I had always imagined that a 25th reunion would be the "big one" so I went. In addition, while I found myself to have little in common with my high school classmates, even having spent 13 years growing up with many of them, like many techie people I found my true community at university, so I wanted to see them again. To top it off, it was the 40th anniversary of the faculty and the 50th anniversary of the university itself.

But what if they had a reunion and nobody came? Or rather, out of a class of several hundred, under 20 came, many of whom I only barely remembered and none of whom I was close to?

In 2005, John Scalzi burst on the scene with a remarkable first novel, Old Man's War. It got nominated for a Hugo and won him the Campbell award for best new writer. Many felt it was the sort of novel Heinlein might be writing today. That might be too high a praise, but it's close. The third book in this trilogy has just come out, so it was time to review the set.

It's hard to review the book without some spoilers, and impossible for me to review the latter two books without spoiling the first, but I'll warn you when that's going to happen.

OMW tells the story of John Perry, a 75 year old man living on an Earth only a bit more advanced than our own, but it's hundreds of years in the future. Earth people know they're part of a collection of human colonies which does battle with nasty aliens, but they are kept in the dark about the realities. People in the third world are offered o ne way trips to join colonies. People in the 1st world can, when they turn 75, sign up for the colonial military, again a one-way trip. It's not a hard choice to make since everybody presumes the military will make them young again, and the alternative is ordinary death by old age.

The protagonist and his wife sign up, but she dies before the enlistment date, so he goes on his own. The first half of the book depicts his learning the reality of the colonial union, and boot camp, and the latter half outlines his experiences fighting against various nasty aliens.

It's a highly recommended read. If you loved Starship Troopers or The Forever War this is your kind of book. Now I'll go into some minor spoilers.

Since the dawn of the web, there has been a call for a "single sign-on" facility. The web consists of millions of independently operated web sites, many of which ask users to create "accounts" and sign-on to use the site. This is frustrating to users.

Today the general single sign-on concept has morphed into what is now called "digital identity management" and is considerably more complex. The most recent project of excitement is OpenID which is a standard which allows users to log on using an identifier which can be the URL of an identity service, possibly even one they run themselves.

Many people view OpenID as positive for privacy because of what came before it. The first major single sign-on project was Microsoft Passport which came under criticism both because all your data was managed by a single company and that single company was a fairly notorious monopoly. To counter that, the Liberty Alliance project was brewed by Sun, AOL and many other companies, offering a system not run by any single company. OpenID is simpler and even more distributed.

However, I feel many of the actors in this space are not considering an inherent paradox that surrounds the entire field of identity management. On the surface, privacy-conscious identity management puts control over who gets identity information in the hands of the user. You decide who to give identity info to, and when. Ideally, you can even revoke access, and push for minimal disclosure. Kim Cameron summarized a set of laws of identity outlining many of these principles.

In spite of these laws one of the goals of most identity management systems has been ease of use. And who, on the surface, can argue with ease of use? Managing individual accounts at a thousand web sites is hard. Creating new accounts for every new web site is hard. We want something easier.

The paradox

However, here is the contradiction. If you make something easy to do, it will be done more often. It's hard to see how this can't be true. The easier it is to give somebody ID information, the more often it will be done. And the easier it is to give ID information, the more palatable it is to ask for, or demand it.

In the 1980s, my brother Ty Templeton published his first independent comic book series, Stig's Inferno. He went on to considerable fame writing and drawing comics for Marvel, D.C. and many others, including favourite characters like Superman, Batman and Spider-Man, as well as a lot of comics associated with TV shows like The Simpsons and Ren and Stimpy. But he's still at his best doing original stuff.

First, let me introduce a new blog topic, Sysadmin where I will cover computer system administration and OS design issues, notably in Linux and related systems.

My goal is to reduce the nightmare that is system administration and upgrading.

One step that goes partway in my plan would be a special software system that would build for a user a specialized operating system "package" or set of packages. This magic package would, when applied to a virgin distribution of the operating system, convert it into the customized form that the user likes.

The program would work from a modified system, and a copy of a map (with timestamps and hashes) of the original virgin OS from which the user began. First, it would note what packages the user had installed, and declare dependencies for these packages. Thus, installing this magic package would cause the installation of all the packages the user likes, and all that they depend on.

In order to do this well, it would try to determine which packages the user actually used (with access or file change times) and perhaps consider making two different dependency setups -- one for the core packages that are frequently used, and another for packages that were probably just tried and never used. A GUI to help users sort packages into those classes would be handy. It must also determine that those packages are still available, dealing with potential conflicts and name change concerns. Right now, most package managers insist that all dependencies be available or they will abort the entire install. To get around this, many of the packages might well be listed as "recommended" rather than required, or options to allow install of the package with missing 1st level (but not 2nd level) dependencies would be used.

At our new favourite Indian buffet (Cafe Bombay) they run Bollywood videos on big screens all the time. In Bollywood, as you probably know, everybody is dancing all the time, in wonderful synchronization, like Broadway but far more. I've never been to an Indian dance club to see if people try to do that in real life, but I suspect they want to.

I started musing about a future where brain implants let you give a computer control of your limbs so you could participate in such types of dance, but I realized we might be able to do something much sooner.

Self-driving cars are still some ways in the future, but there are some things they will want that human drivers can also make use of.

Most search engines now have a search box in the toolbar, which is great, and like most people mine defaults to Google. I can change the engine with a drop down menu to other places, like Amazon, Wikipedia, IMDB, eBay, Yahoo and the like. But that switch is a change in the default, rather than a temporary change -- and I don't want that, I want it to snap back to Google.

High posting volume today. I just find it remarkable that in the last 2 weeks I've seen several incredible breakthrough level stories on health and life extension.

While I was at Tim O'Reilly's Web 2.0 Expo, I did an interview with an online publication called Web Pro News. I personally prefer written text to video blogging, but for those who like to see video, you can check out:

Video Interview on Privacy and Web 2.0

The video quality is pretty good, if not the lighting.