Monthly Archives: January 2010

Letter from the Wikimedia Community Health Task Force

My first thought at the sender’s name was that the Wikiworld was going to put its crowdsourcing muscle into crafting a heatlh-care bill. But no, apparently I haven’t been contributing enough to Wikipedia, as I received this email today:

from Wikimedia Community Health Task Force
date Tue, Jan 26, 2010 at 8:43 PM
subject Survey from Wikipedia


We are studying the habits of Wikipedia contributors, seeking to identify and address reasons why people stop contributing. We noticed that you haven’t made any edits in a while, and we’re wondering where you’ve been.

We would appreciate 5 minutes of your time to complete an online survey. We’re constantly looking for ways to improve our community and your responses will help us understand what Wikipedia is doing well and what we can improve on.

Please click on the link below to be directed to the survey.

Thank you for contributing to Wikipedia and for your help in improving our community.

The Wikimedia Community Health Task Force

The Wikimedia Community Health Task Force represents a group volunteers examining ways to improve the health of the communities for the Wikimedia projects, including Wikipedia.

As always, we are very careful to protect your privacy. Responses will be reviewed anonymously and data will be presented in aggregate form only.

This calls to mind the WSJ article a few months back about how 49,000 Wikipedia volunteer editors stopped editing in the first quarter of 2009 (compared to a net loss of 4,900 in during the same period in 2008). Frustration with overzealous editors rejecting work is cited as a big reason. I’ve never had that experience…I’m mostly submitted grammar and style changes which, for the most part, still remain. Also, wikipedia has just become so solid a source that it’s hard to contribute anything that feels valuable without really putting a lot of effort into it. I made a lot more edits back when proper nouns were misspelled. Now, fixing a comma splice doesn’t have the same satisfaction.

The survey’s questions:

1: When did you start editing?

2: When did you make your last edit?

3: During your time as an active editor, roughly how many edits did you make in a typical month?

4: *Why did you start contributing to Wikipedia?
# I saw a typo or small error and wanted to fix it
# There was information that I wanted to add
# I like the idea of volunteering to share knowledge
# I enjoy researching and writing
# I was assigned to do it (e.g., by work or school)
# I wanted to test Wikipedia to see if it was really open for anyone to edit
# Friends of mine were doing it

: * Why did you stop contributing to Wikipedia?
Check at most 3 answers

* I had other commitments (e.g. new job, new hobbies, started a family).
* I contributed enough information to improve the articles I was interested in.
* Writing an encyclopedic article is difficult and/or time consuming.
* Editing and maintaining articles takes too much time for me.
* Wikipedia is too confusing.
* I felt that I was often working alone, with little feedback or support.
* I found the atmosphere unpleasant.
* Some editors made Wikipedia a difficult place to work.
* I haven’t stopped contributing.
* Other:

6: At the time of your last edit, did you personally feel like you still had a lot to add to the Wikipedia?

7: What was your most rewarding experience with Wikipedia? Why?

8: What was your worst experience with Wikipedia? Why?
(Answers will be kept anonymous and no action will be taken. This is for survey purposes only.)

9: *Did the difficulty of the work have an impact on your decision to stop contributing?
Check at most 3 answers

* Yes. Writing an article is too difficult, or too much work.
* Yes. I had difficulties with the editing interface.
* Yes. I had difficulties with the discussion interface.
* Yes. Watching and maintaining multiple articles was difficult/took too much time.
* Yes. I had trouble understanding the rules about Wikipedia content.
* Yes. I had trouble understanding the rules about volunteer behavior.
* No. Complexity was not a major reason in my decision to leave.
* No. I haven’t stopped contributing.

10: Did the community have an impact on your decision stop contributing?
Check at most 3 answers

* Yes. I asked for help, but did not receive the help that I needed.
* Yes. I did not receive much feedback or appreciation for my work.
* Yes. I was warned or sanctioned and decided to leave.
* Yes. It took too much time to discuss content and build support for changes.
* Yes. Several editors were rude to either me or my peers.
* Yes. Several editors were too stubborn and/or difficult to work with.
* Yes. My work kept on being undone.
* No. The community was not a major reason in my decision to leave.
* No. I haven’t stopped contributing.
* Other:

11: *On a scale of 1-5, how likely are you to start contributing again?

12: Please read the following statements and select all that you believe are TRUE.

Check any that apply

* I stopped contributing because of something that happened in my life: it had nothing much to do with Wikipedia.
* I regret that I had to stop editing Wikipedia.
* When I think back on my time editing Wikipedia, I feel anger, frustration, or other unpleasant emotions.
* I would (or do) tell my friends to consider editing Wikipedia.
* I think I am very different from the typical Wikipedia editor.
* I will never edit Wikipedia again.
* I hope one day to edit again, if changes in my personal or work circumstances make that possible for me.
* I hope one day to edit again, if changes at Wikipedia make that possible for me.

13: Is there anything else you would like us to know?

14: What is your Wikipedia username? (Optional)

15: *Would you be willing to have someone contact you for a 10-minute phone call or online chat to further discuss your experience with Wikipedia?

I’m guessing that the “Wikimedia Community Health Task Force” is a new initiative, as a google search for that term brings up this blog entry as the first result.

ProPublica tracks the bailout, a year or so later

Today, my ProPublica colleague Paul Kiel and I put out some graphical revisions to PP’s bank bailout tracking site, including our master list of companies to get taxpayer bailout money:

Graphic: The Status of the Bailout

Graphic: The Status of the Bailout

Bailout List Page

Bailout List Page

Nothing fancy, mostly made the numbers easier to find and compare. The site itself has been far-from-fancy at its inception, since it was my first project after taking a crash course on Ruby on Rails. Back when the bailout was first announced in Q4 2008, the Treasury declined to name the banks it was doling taxpayer money to, for fear that non-listed banks would take a hit in reputation. Paul was one of the first few people to comb through banks’ press releases and enter them into a spreadsheet. His list of the first 26 – put into a simple html table – was a pretty big hit.

As the list grew into the dozens and hundreds, it became more cumbersome to maintain the static list, which was nothing more than the bank’s name, date of announcement, and amount of bailout. Plus, it was no longer just one bailout per company; Citigroup and Bank of America were beneficiaries of billions of dollars through a couple other programs.

So, I proposed a bailout site that would allow Paul to record the data at a more discrete level…up to that point, for example, most online lists showed that AIG had several dozen billion dollars committed to it, but not the various programs, reasons, and dates on which those allocations were made. A little anal maybe, but it gave the site the flexibility to adapt when the bailout grew to include all varieties of disbursements, including to auto parts manufacturers and mortgage servicers, as well as the money flow coming in the opposite direction, in the form of refunds and dividends.

I saw the site as more of a place for Paul to base his bailout coverage on (he’s been doing an excellent job covering the progress of the mortgage modification program), as I assumed that in the near future, Treasury would have its own, easy-to-use site of the data. Unfortunately, that is not quite the case, nearly a year and a half later. Besides some questionable UI decisions (such as having the front-facing page consist of a Flash map), the data is not put forth in an easily accessible method. It could be that I need to take an Excel refresher course here, but trying to sort the columns in these Excel spreadsheets just to find the biggest bailout amount, for example, throws an error.

Only in the past couple of months did Treasury finally release dividends in non-pdf form, and even then, it’s still a pain to work with (there’s no way, for example, to link the bank names in the dividends sheet to the master spreadsheet of bailouts). I would’ve thought that’d be the set of bailout data Treasury would be most eager to send out, because it’s the taxpayers’ return on investment. But, as it turns out, there is a half-empty perspective from this data (such as banks not having enough reserves to pay dividends in a timely fashion), one that would’ve been immediately obvious if the data were in a more sortable form.

ProPublica’s bailout tracking site doesn’t have much data other than the official Treasury bailout numbers; there’s all kinds of other unofficial numbers, such as how much each bank is giving out in bonuses, that people are more interested in. American University has gathered all kinds of financial health indicators for each bailout bank, too. There’s definitely much more data that PP, and other bailout trackers need to collect to provide a bigger picture of the bailout situation. But for now, I guess it’s a small victory to be one of the top starting points to find out just exactly where hundreds of billions of our taxes went to. And the why, too; Paul’s done a great job writing translations of the Treasury’s official-speak on each program.

ProPublica’s Eye on the Bailout

Haitian: “That’s life…and life, like death, lasts only a little while” (New Yorker)

Edwidge Danticat in this week’s New Yorker has a haunting short essay about his cousins in the Haitian earthquake’s aftermath. The magnitude of that disaster has been too hard to read about on a daily basis, but this obituary has the emotion of a thousand death reports.

The closer:

Everyone sounded eerily calm on the phone. No one was screaming. No one was crying. No one said “Why me?” or “We’re cursed.” Even as the aftershocks kept coming, they’d say, “The ground is shaking again,” as though this had become a normal occurrence. They inquired about family members outside Haiti: an elderly relative, a baby, my one-year-old daughter.
I cried and apologized. “I’m sorry I can’t be with you,” I said. “If not for the baby—”
My nearly six-foot-tall twenty-two-year-old cousin—the beauty queen we nicknamed Naomi Campbell—who says that she is hungry and has been sleeping in bushes with dead bodies nearby, stops me.
“Don’t cry,” she says. “That’s life.”
“No, it’s not life,” I say. “Or it should not be.”
“It is,” she insists. “That’s what it is. And life, like death, lasts only yon ti moman.” Only a little while. ♦

“Haiti, the earthquake, and my family”

NYT: Anti-obesity tax will make soda more expensive than beer

Another one for the Department-of-Unintended-Consequences, from NYT’s City Room:

While the governor is taking aim at obesity caused by sugary drinks, Mr. Eusebio worries that the proposed tax would slim down the beverage industry, which he said pays $6.7 billion in wages statewide and generates billions more for the economy.

But he also mentioned some far smaller numbers that startled a soft-drink drinker.

“A six-pack of soda is going to cost you approximately $4.99” if the penny-an-ounce tax goes through, Mr. Eusebio said, “where you can pick up beer from $2.99 to $3.99.”

Off to the neighborhood supermarket, where it turned out that Mr. Eusebio’s math was not far off. With the tax, a six-pack of Coca-Cola or Pepsi would cost 2 cents more than a six-pack of the cheapest beer in the store.

To be fair, the “cheapest beer” apparently includes such brands as Old Milwaukee…and even the thriftiest, alcohol-friendly consumers will stay with Cola over that. But at $5.61 for a 6-pack of Coke (2 cents per ounce times 6 cans times 12 ounces, plus the 30 cent container tax) is pretty daunting no matter what the alternatives are.

(Update: Headline was reversed…)

NYT: Radiation (IMRT) horror stories; Woman has massive hole burned in chest because several doctors and physicists didn’t know “in” from “out”

Graphic: New York Times

Yet another case study on how the most educated of our professionals are not fail-safe. Not just not-fail-safe, but not not-able-to-tell-up-from-down-safe. The New York Times has an incredible story today, apparently one of many, into the dangers of new radiation treatment called Intensity Modulated Radiation Therapy.

It covers a lot of ground, but one anecdote that sticks out is of Alexandra Jn-Charles, who underwent IMRT to treat breast cancer. IMRT involves delivering radiation as a precise beam to kill a tumor…a great way to avoid the healthy-cell-killing symptoms of traditional radiation treatment.

However, Ms. Jn-Charles ended up with a hole in her chest so big that “you could just see my ribs in there.”

How did it happen? Numerous therapists, and even physicists, failed to notice a simple binary error:

One therapist mistakenly programmed the computer for “wedge out” rather than “wedge in,” as the plan required. Another therapist failed to catch the error. And the physics staff repeatedly failed to notice it during their weekly checks of treatment records.

Even worse, therapists failed to notice that during treatment, their computer screen clearly showed that the wedge was missing. Only weeks earlier, state health officials had sent a notice, reminding hospitals that therapists “must closely monitor” their computer screens.

The series of moronic, tragic errors calls to mind Atul Gawande’s story of the checklist, in which a 5-step list of tasks for doctors, as simple as washing their hands, reduced infection rate for a certain procedure to zero.

What’s the checklist for this cutting-edge radiation therapy?

Maybe there would be one if hospitals weren’t underreporting their accidents, according to NYC’s health department, by “several orders of magnitude.” (According to the NYT, the department apparently did not realize this until the Times started asking).

And then there’s the bad software angle. Varian Medical Systems gets criticized for code that, while allowing for the delivery of a precise and powerful stream of electrons to a tumor, has the stability and error-recovery ability of Windows ME. In the case of Mr. Jerome-Parks, an IMRT machine delivered radiation “from the base of his skull to his larynx” instead of just at the tumor. The reported problem: crash-prone software with poor/non-existent data recovery:

The investigation into what happened to Mr. Jerome-Parks quickly turned to the Varian software that powered the linear accelerator.

The software required that three essential programming instructions be saved in sequence: first, the quantity or dose of radiation in the beam; then a digital image of the treatment area; and finally, instructions that guide the multileaf collimator.

When the computer kept crashing, Ms. Kalach, the medical physicist, did not realize that her instructions for the collimator had not been saved, state records show. She proceeded as though the problem had been fixed.

“We were just stunned that a company could make technology that could administer that amount of radiation — that extreme amount of radiation — without some fail-safe mechanism,” said Ms. Weir-Bryan, Ms. Jerome-Parks’s friend from Toronto. “It’s always something we keep harkening back to: How could this happen? What accountability do these companies have to create something safe?”

Just incredible. Read the whole story here.

Also, a great animated graphic illustrating how IMRT can go awry.

My blog headline says “doctors” when it was “therapists” who apparently missed the “out” and “in” difference 27 times…though, presumably, doctors are involved somewhere in the operational process, even if they aren’t programming the machine themselves.

A NYT reader who says he’s an engineer has this insight:

What did Wedge in / Wedge out really imply to the software programmer? Did he understand the true consequences of the two setting options? Did he have any understanding of medicine at all? Or was his knowledge just limited to what the lines of software code could do?

This person might previously have written software for operating a sprinkler in a garden, where he provided options for turning the sprinkler on and off. Thus, a line of software code could manage Sprinkler On / Sprinkler Off. A similar line of code could also manage Wedge In / Wedge Out. The software is not really all that different; very often, all it does is activate/deactivate one or another relay. But what were the relative levels of importance of the selected options in these two cases? Sprinkler Off would mean the lawn didn’t get watered on one day. No big deal, and easily fixed. What about Wedge Out? Did he know what that could mean for the patient, and how many checks and verifications he would need to include for that in order to take into account situations like the operators of the equipment being mentally distracted, careless, etc.? Should he make lights to flash; warning sounds to be emitted; additional confirmational prompts and checklists each time? To make the system 100% foolproof, would the operator in this case require additional reminders / actions to be taken, which might not be required in the case of the gardener?

I think, now that technology is here to stay and since we are growing increasingly dependent on it, that every person in the chain, including electricians, mechanics, software programmers and others, need to become more medically aware of the implications of his/her particular role in the chain. They should no longer be distanced from the ultimate outcome as they are now, focussed on local actions and completion of job targets.

For instance, this programmer must be made aware that he is setting the radiation scope that could destroy a person. He must think deeply about practical issues and about how to take things like human error into account. He should not get away with just thinking he has met his daily target for number of lines of code written.

I usually don’t use the word “paradigm”, but I think what we need here is a major paradigm shift regarding what we should expect from technology and its providers in medicine. The old saying, “A chain is only as strong as its weakest link”, applies very strongly here.

American Express’s Security Problem: Awful password system

The NYT has a shocking story about a man who accidentally “hacked” his way into someone else’s American Express account. Allan Goldstein, an honest man, immediately called American Express’s customer support to notify them of the accidental breach. He got a rep in India, and then several others who had no clue what the issue was. It took more than twenty days later, six different American Express customer service reps, and a call from a New York Times writer for American Express to get on the ball.

This is the AmEx flack’s explanation:

Ms. Alfonso confirmed Mr. Goldstein’s story for me. She called the problem “an unusual case of two customers coincidentally having nearly identical log-in information, which led one card member to inadvertently log in to another card member’s account.”

Nearly identical log-in information? So perhaps Goldstein and this mystery lady’s account had the same name and the same password? What are the chances of that happening?

Well, pretty slim, but not out of this world, thanks to American Express’s astonishingly weak password protocols. I started an account with them more than a year ago and was amazed to find out that I could not create a password greater than 8 characters. I just checked, and it’s no different today:

Not only is it eight characters, but case doesn’t matter, and non-alphanumeric characters don’t work:

Your Password should:

* Contain 6 to 8 characters – at least one letter and one number (not case sensitive)
* Contain no spaces or special characters (e.g., &, >, *, $, @)
* Be different from your User ID and your last Password

Is there any other major online service today that has such a primitive, limited space for passwords? Eight alphanumeric characters was considered good enough back in the 1970s. Think about it; even your MySpace account has stronger security than your $10,000-limit credit card (ok, don’t know that for sure…it’s been awhile since I had a MySpace account).

Coincidentally, this week the NYT had a story about weak passwords, from a security analysis of the 32 million passwords stolen from the idiots at RockYou:

In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

The problem with an eight-character alphanumeric password limit is that not only is there a limited choice of passwords, but you have less room to make easy-to-remember-but-secure passwords. For example, I’ve used phrases from favorite stories and songs. Something like: “itwastheBestOfTim3$” (this is not particularly secure, since it’s a composition of dictionary words, but you get the idea). So even though there is room for hundreds of billions of password combo…that space is only helpful if human beings can be relied on to generate random strings for passwords. The above NYT article suggests they can’t…so Joe Average, instead of being able to make up something like Password123456!, is limited by AmEx to Passwrd1. Neither is a very strong password, but there’s a chance for many more coincidental collisions in the latter case.

The terrible customer service that Mr. Goldstein experienced is galling…but the root of the problem, assuming the flack’s explanation is correct, is AmEx’s antiquated password-storage system. I hope they don’t keep it in plaintext, as the security-lax folks at RockYou did.

Snowulf wrote about this back in 2007.

Christmas Terror Bombing Hearings: So why don’t we just put EVERYONE on the no-fly list

From Politco (“Obama officials snipe at terror hearing”):

But Director of National Intelligence Dennis Blair fought back, arguing the no-fly list has been subject to political pressure to take names off the list because it was causing problems for ordinary citizens.

“The pressure since 2008 been to make it smaller,” he said. “Shame on us for giving into that pressure. We have now greatly expanded the no-fly list since what it was on Dec. 24.”

Boy, it just sounds like the only downside to expanding the no-fly list are annoying a few civil libertarians, right? What if those negative-nancies could be ignored? Would security be improved if we, say, put everyone on the list?

The most immediate downside to the average person is, of course, the increase in time at the security checkout and the number of strange hands patting you down.

But, the real kicker, is that after all that inconvenience, our security would most likely be worse.

At the end of the Politico article is this gem that reveals how the best-laid security plans fail because of one person’s clumsy fingers:

A worker in the American embassy in Nigeria misspelled Umar Farouk Abdulmutallab’s name when he searched a database to determine whether the young man had a valid U.S. visa, a senior State department official told the Senate Judiciary Committee Wednesday. That was Nov. 20, the day after Abdulmutallab’s father visited the embassy to warn U.S. officials that his son might be involved with radical extremists. The same worker sent a cable to intelligence officials with the correct spelling of the name, but it was incomplete because he hadn’t properly done the searches to realize that Abdulmutallab could get into the U.S.

A simple typo nearly doomed an entire passenger flight. How did this typo happen? Was it the end of the day and the worker was losing his boost from that last cup of coffee? What if it wasn’t a typo? What if the supervisor who gave the worker a name to look up had misspelled it?

The simple breakdown could’ve happened at any point in the information-sharing process.

And simple breakdowns happen more frequently as more tasks are in the pipeline. Think of Peter Provonost’s medical checklist: Doctors, the most rigorously educated members of our society, were killing patients because they failed to do something as simple as washing their hands with soap; a step easy to forget, perhaps, after treating dozens of patients in a day.

How much more likely is it that your average TSA/Homeland Security worker is going to bumble up a comparatively more complicated task, such as a thorough pat-down or a database record retrieval?

And how much does the chance of a screwup increase when the number of people to be patted-down/searched for increases significantly?

Recklessly expanding the no-fly list, or even having the belief that reducing the no-fly list is tantamount to reducing security, is not one that makes us safer.