Evil Almond Butter

8 parts almond butter
1 part soy sauce
1 part fresh ginger, destroyed

Mix together. Use as you would almond butter (for sandwiches or whatever), but with the added taste of Evil™.

The recipe works with peanut butter, too.

Just chopping the ginger into small pieces isn’t enough for this recipe; it should be destroyed. I use a grater, but “grated” isn’t the right word for the result, which is a mush plus fibers. Being fibrous, ginger isn’t easy to grate with an ordinary hand grater, but the Microplane variety, originally made to cut wood, does fine, as does a grater blade on a food processor.

Banksters: The Heist

The word “banksters” is thrown around a fair bit these days. But most of the time it doesn’t seem quite right: yes, bankers have gotten a lot of money from the government, but for the most part they “stole it fair and square”: their arguments were made in public, and approved by elected officials, by regulatory bureaucrats, and by most of the press. This is not gangster-like behavior. It is not bankers’ fault that too few others saw through their arguments and refuted them.

But via Matt Levine at Dealbreaker comes a different sort of story. The innocently-seeming getting into a position where backstabbing would be possible (Morgan Stanley was the “clearing bank” for Lehman Brothers, handling its transactions; despite being a Wall Street giant, Lehman somehow couldn’t perform that function for itself) … the strike right at the moment of weakness (a demand for $6 billion in collateral in Lehman’s last day of existence, when it was madly trying to juggle creditors’ demands) … the selection of the most vulnerable point (certain people within Lehman who, despite not having the formal authority to transfer money to accounts where Morgan Stanley could siphon it off, neverthelss were technically able to do so) … the ruthless lethality (the $6 billion siphoned off, Lehman was immediately finished) … these were truly banksters pulling off a heist.

Making the situation even more familiar to criminals, the law wasn’t exactly in Morgan Stanley’s favor — thus the lawsuit from which I am getting these details. As Levine says, the document is unusually readable and interesting.

Memo to the press: please stop abusing the word “militant”

A request to members of the press: please quit using “militant” as a euphemism for “terrorist”. It just doesn’t work: by the normal usage of the English language, that isn’t even remotely what “militant” means. In normal usage, one might speak, for instance, of the militant members of Churchill’s cabinet, who wanted to impose sanctions on Japan, or of the militant members of the United Auto Workers, who wanted to go on strike. In neither case are these people who blow up women and children. Members of Churchill’s cabinet might risk war, and innocents might end up getting blown up as part of that war, but blowing them up isn’t the chief tactic or even something that will necessarily happen at all. Likewise, union violence has sometimes gotten ugly, but the accusation of ugly violence is in no way implied when one talks about “militant” union members. (If you screw up the language enough, in future it might be, but it isn’t now.) Even talking about “militant Islam” doesn’t yet imply that one is talking purely about terrorists, or even just about physically violent people: some aggression is implied, but it need not be physical; it might just be “lawfare”.

I am not asking you to give up euphemisms, or even to give up being mealy-mouthed about terrorism. I know the world is a big complicated place, which contains a lot of people who will kill you (or just deny you access to information) if you don’t write euphemistically about them. To ask you to try to ignore that would be inhuman. It’s just that there are better words to use. “Insurgents” is often appropriate, particularly in places like Iraq or Afghanistan. Applying that word to Pakistan’s jihadists might be questioned, since there is often a suspicion (or more than a suspicion) that they have governmental backing, whereas “insurgents” by definition want to overthrow the government. But insurgencies have often had sympathizers and helpers inside the government, so the word still is reasonably applicable. When the government is sponsoring terrorism outside Pakistan, as in Mumbai, there’s just no good word for that but terrorism. Sometimes “bandits” is the best word, as when a group is operating mainly for profit and is just a local entity. In a more urban environment, “gangs” can be appropriate. The word “guerrillas” almost seems reserved, these days, for Communists, but it long antedates Communism, and could be used for armed struggles by other movements.

Admittedly, choosing between these sorts of words requires a bit of thought and knowledge of the language. It’s harder than just adopting the mindless policy that ‘whenever an authority says “terrorist”, replace it with “militant”’. (That often seems to be the policy — except of course in direct quotes, which aren’t supposed to be altered; thus the same article will switch from “terrorist” when directly quoting someone to “militant” when paraphrasing him.) But it’s not inappropriate to ask you to think a bit and to know the language; that is supposed to be the business you’re in.

As it is, you just look silly; perhaps the silliest thing I’ve seen was a picture of burning oil tankers in Pakistan that had been destined to supply US troops in Afghanistan, captioned as being blown up by “suspected militants”. Now, first of all, when talking about the persons who actually blew up the tankers (and that was the sentence structure of the caption), there is no need to tack on “suspected”. They did it. We don’t know who they are, but they did it. It’s only when talking about people whose identities are known but whose guilt is questionable that “suspected” is appropriate, to protect their reputations. Still, the use of the word “suspected” indicates how much, when you write “militant”, you’re really thinking “terrorist”, and expect people to read the word as “terrorist”. There would be no need to tack on “suspected” to any proper uses of “militant”: militant members of the UAW, for instance, are proud to be militant. It’s only because “militant” here means “terrorist” that anyone thinks of adding “suspected”. The dodge is too transparent to do you any good. It doesn’t even do what you might want it to do here, which is to note that blowing up military convoys is by traditional standards a legitimate operation of war, not something that deserves the label “terrorism”.

Lest it be thought that I am just asking you to be better in deceiving people: no, I don’t like to be deceived. I can tolerate attempts at deception as the price for getting even minimal information out of bad areas, but I don’t like it. And a lot of this equivocation is not forced, but comes out of things like the mantra “One man’s terrorist is another man’s freedom fighter”. Really to be a “freedom fighter” one has to be fighting for freedom — individual freedom, that is: the “freedom” to be ruled by a dictator of one’s own race and color is not freedom; it’s “independence”, and its benefits are dubious. Modern-day terrorists usually don’t even pretend to be fighting for freedom, or have only the shallowest of pretenses (such as saying one thing in English to foreign journalists, and a very different thing in their own language).

Now, this does get complicated: some of them do pretend to be fighting for freedom; and conversely, some people who are genuinely fighting for freedom end up achieving a dictatorship. But when they’re not even really pretending, why should you pretend for them?

As for terrorism, it can be distinguished from terror, which is part of normal military tactics. Military terror is more serious: when an opposing army breaks ranks and flees in terror, it is because if they stayed they would be killed (or captured, if lucky). Tricking an opponent into fleeing does happen, but one needs a very substantial show of force to pull that off. Terrorism, in contrast, is a belief in terror as a force that can move people even when there is only a miniscule probability of them being killed or injured. A common pattern in the language is to add the suffix “-ism” to a word when people take their belief in it to a ridiculous extreme, and terrorism is no exception. Many of its tactics inherently cannot be scaled up into a more potent threat: they rely on hitting people who are unprepared, and if they were used more often people would prepare. Commandeering passenger aircraft for suicide attacks only worked for one day, and even during that day the last set of passengers knew to fight back. Even the military has found that when they try behind-enemy-lines raids too often they end up with a Blackhawk Down style debacle. The trick is to realize the limits of terrorist tactics, and not be fooled into a “they’ll kill us all” sort of mindset, which might result in surrender or in overreaction.

Of course to know the limits of any given terrorist tactic, one has to have a decent grasp of the military art, which is not something I can reasonably ask of you: it’s a full-time job for military officers, which makes it too much to ask of the average journalist. Praise is due to reporters who do have a good grasp of it, like Michael Yon and C. J. Chivers, but they spent years learning. It’s not something that is entirely beyond you, but it does take effort, and whether out of leftist pacifism or out of just not having the time, the vast majority of you haven’t exerted that effort. Still, at bottom, whether to call something “terrorist” is a substantive question: if the violence inherently can’t be scaled up — if its main effect can only be as a bloody show to shock TV viewers — then it’s terrorism; otherwise it’s something else. That’s the way the word is generally used, when it’s used sincerely. Of course it’s also abused, but that’s no excuse for completely refusing to use it. And substituting “militant” for it is just silly.

Double-entry bookkeeping

Ross Anderson’s book Security Engineering (the second edition of which is now available online for free) is generally quite good; but it’s still possible to tell, from the varying quality of the chapters, which subjects he personally has a lot of experience with. One of these is banking; his chapter on banking security is extraordinarily good. It even explains the reason for double-entry bookkeeping.

Double-entry bookkeeping is basically the standard in the financial world. (The phrase is not to be confused with “keeping two sets of books”, which means having a second set of books with fake entries — the second set likely also in double-entry form, for a total of four entries for most transactions.) But though I’d seen the mechanics of double-entry bookkeeping described many times before, I’d never seen the point of it. Okay, each transaction is registered in two places — as a debit to one ledger and a credit to the other ledger. (The convention they use seems backwards: for example, if you have $100 in cash, the “cash” ledger gets assigned negative 100 dollars. But that’s just a sign convention: you can just imagine negating all the numbers, and then it makes sense. Or you can be an accountant for long enough that your brain gets wired backwards, and then it will make sense even as it is.) And okay, the system has the feature that all the ledgers have to add up to zero, which serves as a way of checking it. (To establish this feature, things like “profit” and “debt” ledgers are introduced for what otherwise would be money sources and sinks.) But what does this buy you? Well, obviously it buys you compliance with laws and regulations, which often demand that you use double-entry bookkeeping. But what is the point of those regulations? Why is this particular check likely to catch errors or fraud?

Anderson explains: where it makes sense is when you have a large company where each ledger is kept by a different person. (The system was invented in medieval Italy; one imagines a large merchant house with a room filled with scribes, each taking care of his own ledger as other people stream in and out telling them what has been bought and sold.) Then, with double-entry bookkeeping, one person can’t fudge the books on his own; two or more people have to collude.

When the whole system gets put onto a computer, that advantage usually goes away, since the computer (or whoever subverts it) can fudge two ledgers as easily as it can fudge one. Another advantage of the system, back in the pre-computer era, was that the supervisory effort was minimal: just the boss going around at the end of the day, adding up all the ledgers and raising hell if the total wasn’t zero. With a computer there is no point in minimizing the supervisory effort, at least not the part of it that the computer does: even elaborate schemes involving lots of cryptographic signatures would scarcely strain a modern computer.

Still, there’s something that actually used to make sense, there. Anderson writes as if it still can make sense, but it’s hard to see how: your software would somehow have to be organized so that different ledgers lived in different trust domains — say, on different computers administered by different people. For a large multinational company, that might even be a natural thing to do; but for others it would take a lot of extra effort — much more than just buying a “double-entry bookkeeping” software package in order to computer-whip the regulations.

In any case, as traditions go, this is not a particularly harmful one: the multiple ledgers can be useful for categorizing expenses and revenues; and in the process of eliminating the ancient security advantages of the system, modern accounting software also eliminates the inconvenience of having to enter everything twice.


It almost seems to be a rule: any time anyone talks about “cyber-“anything, it’s bullshit. I have little idea why. Maybe the word “cyber” appeals to people who read too much bad 1970s science fiction? But whatever the reason, from the heady dotcom bubble era talk of “cyberspace”, to today’s paranoid talk of “cybersecurity”, it’s bunk when looked at in detail. There are serious things to discuss, but somehow serious people use different words: “computer security”, for instance, or “network security”. The “cyber-“people are not all wrong — being 100% wrong is almost as hard as being 100% right — but there’s enough wrong to make them not worth taking seriously.

Of course this feature of the language is just a transitory thing; charlatans, once unmasked, shift to a different cover. After they abandon “cyber” it may even become respectable, eventually. In any case, no offense is intended to people who use the word in the context of debunking the prevailing “cyber”-nonsense, such as Bruce Schneier or Ralph Langner.

An RSS reader

A couple of years ago, I went looking for an RSS reader. For those not familiar with the concept, an RSS reader is a piece of software that maintains a list of blogs, pulls their RSS feeds, and displays a list of articles in them. And, if the blog maintainer puts the full text of his articles in the feed, it lets you read them. A decent RSS reader also remembers which articles you’ve read, and either marks them accordingly or only shows you the new ones. For subscribing to blogs that are only occasionally updated (like this one), an RSS reader is almost a necessity: it does the boring work of repeatedly checking for new articles when there seldom are any.

My criteria were:

  1. Good integration with the web browser. I don’t want to flip back and forth between two different programs, one to read the RSS feed, and another to read the things on the web that it points to. I also want hyperlinks in the RSS feed to have the usual color indicators of whether or not that I’ve already read them, which probably won’t work if the RSS reader is a separate program, unless someone makes extraordinary effort at browser integration. Thus the RSS readers I’d tried previously were Firefox extensions. But I didn’t particularly like any of them, because I wanted:

  2. Something better than the usual three-panel view (one panel for a list of blogs, another for a list of articles in a blog, and a third for the article itself). For one thing, that layout requires a lot of clicking: you typically have to click on each blog, then on each article. I can go through blogs faster than that just using the normal browser features: middle-click on each blog in a list to open it in a new tab, then hit Control-W to close each tab when I’m done with it. Also, the three-panel layout wastes a lot of screen real estate: I’m going to spend 99% of my time reading the articles, yet those appear in only one of the three panels. That’s annoying even on a desktop-sized screen, let alone tablets or phones.

  3. No web-based services. I prefer to be in control.

What I fairly quickly landed on was mtve‘s program RSSaggressor. This is a Perl script that takes a list of blogs (a plaintext file, one URL per line, containing the URL of an RSS or Atom feed), checks each, and spits out a long HTML file containing everything new in every blog. The user then views that HTML file in a web browser. This way, instead of all the mouse clicking one does with a three-panel reader, reading the updates is just a matter of scrolling. (Well, except if the blog chooses not to put the full text in the RSS feed; then it’s back to the ‘middle-click to open each article in a new tab’ procedure.) This way there are no browser integration issues, aside from running the program in the first place and then opening its output HTML file in the browser. The original author runs the program as a cron job; I run it whenever I feel like checking what people have to say.

I’ve also made several changes, the notable ones of which are:

1. It displays the author of each article, which is useful for multiple-author blogs.

2. It allows you to specify a condition which has to be met for each article to be added to the output HTML file. To use this, after each URL in the list you add a condition, which is distinguished from the URLs by being indented. For instance, to subscribe to the Volokh Conspiracy weblog, but only to posts by Orin Kerr or Eugene Volokh, not the twenty or so other “co-conspirators”, you can write:

        $author eq "Eugene Volokh" or
        $author eq "Orin Kerr"

The syntax for the condition is Perl syntax; the code uses Perl’s eval() function to evaluate it. The accessible variables are $author, $title, $link (a hyperlink to the web version of the post), and $text (its full text, if you’re lucky). And since the condition can be arbitrary Perl code, you can also do other things with it, including changing any or all of those variables. For instance, Twitter hashad an RSS API, until they decided that offering RSS wasn’t predatory enough, but in it they didn’t publish hyperlinks as hyperlinks, just as plain text. To enable such hyperlinks (or at least nine tenths of them), you can write, for instance (fill in the blank with the screen name of the person to follow):

        $text =~ s((https?://[a-zA-Z0-9_/.+]*[a-zA-Z0-9]))
           (<a href="$1">$1</a>)g ; 1

(If those last two lines look like gobbledygook, welcome to the world of regular expressions.)

This version of RSSaggressor, like the original, can be found on Github. If all my modifications seem to date from the last few days, that’s because I was using an older version of the program previously, and ported my changes to this newer version.

One odd thing about RSSaggressor is that it remembers whether you’ve read articles by storing their MD5 checksum. Thus if the author goes back and edits the article, you get to see it again in its entirety. This has good aspects (you get to see updates to articles you’ve already read) and bad ones (you get to see the whole article again just because the author corrected a typo). I’d prefer to see some sort of diff between the old and new articles, but haven’t found a good diff library that operates on HTML and plays well with Perl. (Suggestions are welcome; patches or pull requests are even more welcome.)

This program hasn’t been packaged up for the casual user who doesn’t know to pull programs from github or install Perl modules (or, on some systems, install Perl itself). Those are not complicated things to do, but instructions would vary depending on the system. (As regards Perl modules, this version of the program might not need any extra ones: the ones it uses are pretty basic, and might already be there.)

Linux web fonts

A couple of quick tips for improving the way the web looks under Linux:

1. Set your web browser’s default fixed-width font (“monospace font”) to Inconsolata. It is clean and highly readable. It first might be necessary to install the font, in which case hopefully your distribution has a package for it, as mine did. (Hat tip to commenters at Greg Kroah-Hartman’s Google+ page for this recommendation.)

2. For the “Georgia” font (one of Microsoft’s “core fonts for the web”, originally released as freeware, and used by a high proportion of websites), turn down the level of “hinting” with which the font is rendered. Most fonts seem best with “full” hinting, but this one I like better with “slight” hinting. This can be accomplished by inserting the following lines into one of your fontconfig files:

<!-- Slight hinting only, for "georgia" font -->
  <match target="font">
    <test name="family"><string>georgia</string></test>
    <edit mode="assign" name="hintstyle"> <const>hintslight</const></edit>
    <edit mode="assign" name="rgba">      <const>none</const> </edit>

(The second ‘assign’ line turns off subpixel rendering, which in this case seems to give the font too much color fringing.) This drastically alters the appearance of the font; before the change it looks like this:

and afterwards it looks like this:

It was the appearance of the uppercase D in the former that got me looking into this. This is of course a matter of personal preference, and others will no doubt prefer the first version in general, but that D is just wrong: it shouldn’t be blurred vertically like that. And to me, the whole change seems like an upgrade. (I still might prefer the first version if I were using a display where the pixels were larger.)

For completeness, here’s the entirety of my local fontconfig file:

<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
  <match target="font">
    <edit mode="assign" name="rgba" >     <const>rgb</const> </edit>
    <edit mode="assign" name="hinting" >  <bool>true</bool>  </edit>
    <edit mode="assign" name="antialias"> <bool>true</bool> </edit>
    <edit mode="assign" name="autohint" > <bool>false</bool> </edit>
    <edit mode="assign" name="hintstyle"> <const>hintfull</const> </edit>

<!-- Disable Autohinting for bold fonts -->
  <match target="font">
    <test name="weight" compare="more"><const>medium</const></test>
    <edit mode="assign" name="autohint">  <bool>false</bool></edit>

<!-- Slight hinting only, for "georgia" font -->
  <match target="font">
    <test name="family"><string>georgia</string></test>
    <edit mode="assign" name="hintstyle"> <const>hintslight</const></edit>
    <edit mode="assign" name="rgba">      <const>none</const> </edit>

I’m not an expert as to where, in general, this file should be placed, but “.fonts.conf” in your home directory is a good place to try. See the above-linked Wikipedia page for more possible locations.