Passwords bug me. Specifically, password management on most websites is maddening. Here are a few things to keep in mind when designing yours:

List your password-format rules up front. All too often, sites ask for a password with no indication of their format rules, then scream “ERROR!” when you don’t guess correctly. Yell at your users less by telling them what you want first.

Don’t limit the size of a password unless you absolutely have to. Honestly, it’s 2012. Databases can store unlimited-length strings, and the security of a password is improved by length. If your user wants to use the Gettysburg Address as a password, let them go for it.

Ditto for the content. If the user wants ancient Greek poetry for their password, then don’t freak out about the character set or complain that it doesn’t contain any numbers. Honestly, I once had a health-care provider prevent me from using spaces and punctuation in a password. “Alphanumeric characters only”. Way to be secure, guys.

Don’t limit the password format at all unless a compromised account will damage your service as a whole. No minimum length, no “special characters” requirement, no “at least one number”. I know, this is a tough one to swallow. Take an honest look at the worst a malicious user could do; if the only harmful effects are to the user choosing the password, then let them choose whatever they want.

Rate the strength of a password as the user types, and give hints on how to improve it. If you do this, though, get it right. It’s annoying to type in “correct horse battery staple” and have some out-of-date algorithm tell me it’s “Weak“. It’s worse if the system rejects it outright, but even the knowledge that your algorithm sucks makes me doubt the overall security of your system.

Check that your login fields are friendly to automatic login. I’m more likely to choose a unique password for a site when I can hand off the job of remembering it to my browser or keychain. Each time I have to click “forgot password”, though, my choice is going to be easier to remember (and probably less secure).

If you’re in Southern California on January 5th, you might get a chance to see two space stations in the sky at the same time. (Pretty cool, right?)

If it’s clear enough, and if I’ve read the magnitudes and times and directions correctly on Heavens Above, here’s what I’ll be doing that night:

1. At 5:00pm I’ll go outside and stand in a nice dark spot. (I live in the middle of San Diego, so that takes a few minutes to find.)
2. At 5:05 I’ll look to the northwest for a bright object moving toward the northeast. If it’s moving slowly and not blinking, it’s the International Space Station. Population: 6. I’ll wave to Daniel, Anton, Anatoli, Oleg, Donald, and Andr.
3. At 5:07, when the ISS is as far up as it’ll get in the northeastern sky, I’ll look to the southwest for a dimmer object moving toward the northeast. If it’s moving slowly and not blinking, it’s Tiangong 1, the first part of China’s space station. Population: 0 so far.
4. Until about 5:10, when Tiangong 1 is right overhead and ISS drops below the eastern horizon, I’ll watch the two of them share the sky.

Thanks to Allan Manangan for passing along the news from David Dickinson on Twitter.

I just read an intriguing article on the Mpemba effect at Skulls in the Stars. Between the history of the effect and the continuing puzzle of what causes it, this is the best example of science-as-a-process I’ve ever seen:

Mpemba made his accidental discovery in Tanzania in 1963, when he was only 13 years old and in secondary school. In spite of widespread disdain from his classmates, he surreptitiously continued experiments on the phenomenon until he had the good fortune in high school to interact with Professor Denis Osborne of the University College Dar es Salaam. Osborne was intrigued, carried out his own experiments, and in 1969 the two published a paper in the journal Physics Education.

…

So what did Osbornes research show? He placed a 100 cm beaker filled with 70 cm of water on a sheet of insulating foam in a freezer, and timed how long it took for the water to freeze. For temperatures up to 20 C, the time was roughly proportional to the temperature above freezing, up to a maximum of 100 minutes at 20 C. For higher temperatures, however, the time dropped dramatically, down to 40 minutes for 80 C water!

Be sure to read the complete article for the whole story, including many attempts to characterize the Mpemba effect over the years. 50 years later there still isn’t a strong consensus about what causes the effect, and in many cases it’s supposed to be difficult to reproduce.

To me, this is crying out for a citizen-science experiment with lots of participants, similar to the way Biocurious works. The experiments themselves are dirt simple (and cheap) to implement; all they really require is water, a heater, and a freezer. The rest is a matter of documenting all the (potentially) relevant variables, including the heater and freezer used, the source of the water, the type of containers, and even the geocoordinates of the experimenter. (Hey, who knows, right?)

A second generation of citizen-science experiments could then be designed based on trends in the first-generation data. The fun thing about this step is that (as Galaxy Zoo has shown) the data often suggests results that weren’t expected before it was being collected. (That shouldn’t be surprising; this is science after all.)

The point of each subsequent generation would be to build more accurate predictions of which experimental setups would or would not produce the Mpemba effect. Eventually it should be possible to make a set of statements like, “Heating 50 ml of 20 C tap water in a 100W microwave for 90 seconds is 90% likely to reduce the time required to freeze it in a 1 m freezer by 35%.”

Why the citizen-science approach? I suspect that rather than trying to control all the known factors to produce the desired result, we instead want to track as many factors as possible to characterize the space of results. This particular effect will probably require a “vast multidimensional array of experiments“* to characterize properly, so enlisting a large number of citizen scientists makes a lot of sense.

Besides, each and every one of the test participants can have fun guessing at the real causes involved. Who doesn’t love a little armchair theorizing?

* Yes, I’m ‘citing’ Wikipedia. The original article cited there is inaccessible, and the rest of the Wikipedia summary is informative stuff.

I (and Global Spin) have changed a bit over the last few months. Nothing you’d notice much, but I’ve set aside a few projects and picked up a few others. Specifically, I’m starting the long road toward becoming a licensed scientician.

Long story short: Global Spin is shifting towards science blogging. For the remainder of 2011 I’m going to post something sciencey once a week, probably on Tuesdays.

Older posts will still all be here; in fact, I’ve fixed the archives list in the sidebar so it shows posts going back to 2003. However, the focus going forward will be on science, culture, space, and technology. Those four categories catch most of what I’ve posted in the last two years anyway, so it won’t be a big shock.

I’ve also streamlined the site a bit. It’s not a community place anymore; social-media sites are much better at that now. It’s not even a place to store my personal commentary on the rest of the web; Tumblr and Twitter and Reader (oh my!) fit that need nicely.

One thing I’m going to try (and maybe go back on): I’ve turned off comments on these posts. Again, most of the commentary seems to happen elsewhere, so having those empty boxes at the bottom of each post seems a bit archaic. If you disagree, contact me and I’ll reconsider.

The motto hasn’t changed, though: We still protect our freaks.

To Science!

I don’t fly. Since the TSA put its latest set of security-theater rules in effect, I just can’t do it (or ask my family to) in good conscience.

It comes down to this: I know too many people who would be traumatized by the kind of treatment the TSA has made mandatory. I can think of too many cases where either the backscatter machines or the invasive patdowns would cause lasting damage, the kind no flight is worth:

• My prosthetic b****ts are none of your concern. Even if I’m a man.
• No, my child will not remove her cancer wig so you can check it for weapons.
• No, I will not tell my child that sexual assault by a government official is “a game.”

You get the idea. Privacy is important. For some people, it’s vitally important. And it’s relevant, because I have not committed a crime. Getting on an airplane is not probable cause to believe I will.

Yes, I realize that not all these cases apply to me. I also know that my family won’t necessarily be subjected to the backscatter or the patdown. The pointand to me it’s the only important pointis that no one deserves to be treated this way, and I refuse to support a system that does so.

Each time I choose not to fly, I’ll send a letter to the airline I would have used, the airports I would have gone through, and the TSA to let them know why. I hope that eventually they’ll see reason and do away with these crazy searches. Until then, I won’t fly.

For reasons to stay angry, follow the ongoing news on Reddit’s Flying With Dignity group or get a stream of images from The Daily Patdown.

This may seem like an odd diversion, but John asked about it just this morning so I thought I’d share with the rest of the class.

Electrons, in their secret life as wibbly-wobbly quantum particle-wavey things, have a property called spin. To quote a handy article I just ran across:

One of the things that was clear from experiments was that electron have spin. A first naive picture of an electron – this is not an accurate picture but it’s a start – is as a tiny ball with electric charge – which is what flows when a current flows in a wire. If you spin a ball of electric charge, the electric charge goes around in a circle. You effectively have a tiny current going around, and when you have a current like that you have a magnetic field – the electron becomes a tiny magnet. The presence of that magnetic effect is pictured as the electric charge spinning around. If the electron was still, it wouldn’t have this magnetic effect.

It gets better:

Among the many counterintuitive properties of the electron is the fact that it has spin one-half. This is the mathematical way of saying that if you rotate an electron through 360 degrees, it doesn’t look like it did before you started! There is no parallel for this in our everyday world – we are accustomed to being able to turn objects through 360 degrees and get them back to where they started.

Oh, but there is a parallel in the everyday world, or at least in my slightly-twisted mind. Think of it like so:

1. Imagine a reel-to-reel film projector. Running a short length of film through end-to-end works like you think it would.
2. Tape one end of the film to the other; now you have a continuous loop of film that repeats itself. This would correspond to a spin of 1, because it looks the same after one loop.
3. Now tape one end of the film to the other backwards, to make a Mbius strip. The film still loops, but now it does one loop with the frames reversed left-to-right. It doesn’t repeat itself exactly until the film has looped through twice, corresponding to a spin of 1/2.

Does this mean that electrons are actually tiny loops of film? No. It only provides an analogy for this one property, and even then it might not go very far. Still, as soon as someone says “there is no X”, I have to find a counterexample. :)

I had to post this in response to the flurry of rumors around NASAs announcement that this Thursday they will discuss an astrobiology finding that will impact the search for evidence of extraterrestrial life.

The rule is simple: When you tell a child anything, they will ignore most of it and leave only the words that benefit them.

Toddler version:

No, dont run into the street.

Blah blah run into the street.

Young child version:

Well go to the zoo if theres time after the store and lunch.

Well go to the zoo blah blah blah.

Older child version:

If you clean your room, you can borrow the car on Saturday afternoon.

Blah blah you can borrow the car blah blah.

Journalist version:

NASA will hold a news conference to discuss an astrobiology finding that will impact the search for evidence of extraterrestrial life.

NASA will blah blah discuss blah finding blah evidence of extraterrestrial life.

and there you go. Good luck on Thursday, guys.

Yesterday I did something dumb, and I only realized it today because I don’t trust an easy success. Let’s see if you can spot the flaw in my reasoning:

Background:

• A process (X) is run on a series of items in a queue.
• Items are added to the queue continuously, about 500 per hour.
• A processor (Z) is started once an hour. It performs X on all the items in the queue, then quits once the queue is empty.
• If there are any errors, the processor emails them to me after it quits.

The problem:

1. I noticed 100 random failures in process X each hour.
2. I hypothesized that X is failing due to intermittent system unavailability.
3. I checked the hypothesis by looking for clusters of X failures at times of high load. (There were.)
4. I “fixed” it by pausing the Z processor for 60 seconds whenever there’s a failure (to let system resources recover).
5. 12 hours after the fix, I got no failure emails and declared victory.
6. Not so fast: Not only did I not fix the problem, I caused something worse.

Can you figure out what I did wrong?

Hints and solution, Invisiclue style (select to view):

• The fix was a single line of code: “sleep 60″ whenever a process X failed.
• The failures weren’t caused by system load; the errors clustered because high load = more items going through the queue. Waiting fixed nothing, so there were still 100 failures per hour.
• Process X normally takes a fraction of a second.
• Processor Z starts once an hour, but that doesn’t mean it stops once an hour.
• Errors are only reported when Z stops.
• The pause makes process X take a minute longer, about 100 times an hour. There are only 60 minutes in an hour.
  
• Since new items are added to the queue constantly, the queue never gets empty and Z never stops. Thus, no errors.
• There are no other hints.
• Really.

These gentlemen are from the future.

You may have noticed how quiet Global Spin has become, yet again. With the rise of Twitter and Reader and Tumblr and other such thing-share-ers, our little community no longer has much reason to post their thoughts to a group blog.

In response, I’m quitting!

checks notes Oh wait, that’s not it shuffles papers One sec, it was right here

Right! In response, I’m going to keep posting the same old things on Global Spin as always. (In a word: monkeys.) I won’t even promise to post more often, because we’ve all seen through that little shadow play. Or something.

For those of you looking for a little more regularity and a little less depth, I give you a cat standing up! (Oh, and I might also share some other things over there, because it’s what all the kids are doing these days.)

That is all.

Lee shared a thoughtful and entertaining Cracked article* by David Wong about the Monkeysphere. In short, the idea is that we can maintain less than 150 relationships (our monkeys**), so there’s no way for us to care about everyone.

Lee also shared a Derek Sivers article that hits right in the gut. As Lee pointed out, reading the two together makes it obvious that the abuses Derek talked about came from people working outside their Monkeysphere. They ended up shouting at their email, not realizing there was a person on the other end.

After reading them both, I had to ask myself: Why do I think I’m different? I do try to treat people with respect, even when “people” are an abstraction so far removed from my life that I need complex software*** to remind me how to treat them well. I also interact with lots of people over the course of the day, far more than the ~150 my Monkeysphere would allow me to care about.

First I thought there might be some notable difference between in-Monkeysphere people and out-of-Monkeysphere people. Maybe I just follow a set of rules about interacting with people (see also: enlightened self-interest), without really feeling it on the inside. Then I read a tweet from Dave Masten:

“My dad’s leukemia just took a turn for the worse. Sad.”

That hit me in the gut, too. And then I figured it out. They *are* in my Monkeysphere. All of them. Sara and Valerie are in there. Dave’s in there. You’re in there, dear reader, even if I don’t know you at all. They’re the 42nd monkey.

Here’s how it seems to work, based on whole minutes of self-examination: one of my monkeys**** is an abstract monkey. Programmers might call it a variable, mathematicians might call it an equivalence class, and politicians might call it a constituent. When I interact with someone who isn’t in my Monkeysphere, that person becomes the 42nd Monkey for that interaction, even if it’s only a few seconds. When the time comes to deal with someone else, they become the 42nd Monkey instead.

The 42nd Monkey suffered a loss. The 42nd Monkey is working toward a deadline. She slept badly last night, and she’s just trying to wake up. He’s glad it’s Friday. She doesn’t have a lot of time, but she’s willing to talk. He wonders if all this trouble is worth it. She hopes she’ll meet someone nice tonight. He’s awkward at parties. The 42nd Monkey, in short, is a real human being.