Don't worry, I haven't yet sold out to The Man, so this isn't an advertisement for this awful show (read up if you haven't heard about it). Rather, I wanted to share this video, which is currently making the rounds on the internets.
I'll save you the time of reading the comments on this video from digg, reddit, etc...they basically sum to "OMG that guy is such a fool!!"
Of course, I have to agree. However, I feel that this situation opens up an interesting psychological question. My parents watch Deal or No Deal on occasion, and they always complain of "stupid" people who get "too greedy". I always laugh at this, because due to the nature of the game, you're really being greedy as soon as you eliminate a briefcase. (In fact, this judgment has been passed on many others, e.g., the characters in the movie 21. Some say when viewing the movie, "why didn't they just quit while they were ahead?!?!?")
Allow me to explain: Deal or No Deal is a game of 100% luck. There is absolutely no strategy involved in picking which case you want to be eliminated, nor is there a way to "outsmart" the bank. Interestingly, in my one quick viewing of the show, I thought that the bank offer was a straight average of the remaining cases.
As it turns out, the average is weighted, and as the game progresses, the average approaches the straight average. In other words, the bank will offer a "bad" deal in the beginning of the game, and a relatively "good" deal at the end.
Anyway, back to the story. I always find it funny when people judge the decisions of people on the show, saying something like "I can't believe it! Just take the deal and walk away! You have (insert amount here) already!"
Of course, this is not sound logic. At what point is it silly to not take the deal? Since each deal is worse than a straight average of the remaining cases, is it ever really silly? Of course, the deal is worse because it is a balanced alternative to risk. But I digress- imagine this:
play while cases > 0:
------>if logicalToDeal then return
------>eliminate case x with $y in it. //This raises/lowers my overall average, and thus, my bank deal.
At what point does logicalToDeal become true?
If you imagine playing a game, what determines the value of logicalToDeal?
Probably the only way to play the game is similar to generic smart money strategies: set a limit and stick to it. I will determine a money value X, where X is enough to make the game worthwhile. If I ever get a bank deal >= X, then I will stop playing.
Two things:
1) What is X?
2) What if you never reach X?
#1 is interesting in this case because you cannot lose money in this game. Unlike setting a limit for yourself at a casino, where you really have to set both an upper and lower bound, in Deal or No Deal, the worst that can happen is you walk away with the briefcase with the least amount of money. For sure, that would be a disappointment relative to what you could've won, but nothing truly bad will happen if you play too risky.
(This goes back to the kids in 21- at what point should they just have walked away?)
My overall point is that it is meaningless to simply state that one is a fool for not making a deal, walking away, etc. There is no set point where one path becomes more logical than the other in games like these, so the point where one should give up is mostly arbitrary and personal.
PS: wouldn't it be nice to be a contestant on this show? You don't have to have any intelligence, because there is no possible way to strategize, and you always win money. Sounds awesome!
Friday, October 31, 2008
Monday, October 27, 2008
Illusion of Security
Bank of America's SiteKey is vulnerable to a very simple man-in-the-middle attack. Who would've thought? By the way, this is similar to the most elegant way to defeat Captchas (via CodingHorror).
Man-in-the-middle attacks are a simple and powerful concept. The basic concept as it applies to the two cases mentioned above is to present the user with the image needing cracking under false authority. For Bank of America, it would be a phishing website posting your SiteKey, and for Captchas, it would be some sort of incentive website requiring a Captcha solve to view the content requested.
Pretend that I want to hack into your credit card account. In the good old days, I would send you an email claiming that I, the President of Bank of America, require you to change your password using this link: http://bank0famerica.com. Then I would grab your password out of my website, and use it to log into the REAL http://bankofamerica.com, and I would be rich. Hurray!
Then, Bank of America instituted a SiteKey, which is an image and a title that you pick to recognize when you try to login to their site. The idea is that my bank0famerica wouldn't know your SiteKey and thus you would immediately unplug your computer to protect yourself from the nasties. (Ignore the fact that most people probably glaze over their SiteKey...these are, after all, the people who have already clicked on a link from an email to do something important, failed to notice the wrong website domain...etc)
Unfortunately, if I'm going to go through the trouble of setting up bank0fAmerica, I think I'd figure out in short order how to defeat the SiteKey. Namely, I ask you to enter your online-ID, just as BankOfAmerica does, and then send that ID to the real website. When I get the SiteKey back from the real website, I feed it to the fake website presented to you. Then you think it's really BankOfAmerica and proceed.
In fact, the SiteKey is so easily defeated, it may actually be worse for security! I could be convinced that it provides a false security blanket, such that Joe SixPack's one last vestige of alertness was assuaged when the impenetrable SiteKey verified my site as legit.
So, what's the better option? Well, unfortunately, it's a tough balance to strike between user effort and security. Here's a good place to start if you're looking for more on security. I'll be thinking about an easy way to really secure BankOfAmerica, and if genius strikes, I'll be back to post!
Man-in-the-middle attacks are a simple and powerful concept. The basic concept as it applies to the two cases mentioned above is to present the user with the image needing cracking under false authority. For Bank of America, it would be a phishing website posting your SiteKey, and for Captchas, it would be some sort of incentive website requiring a Captcha solve to view the content requested.
Pretend that I want to hack into your credit card account. In the good old days, I would send you an email claiming that I, the President of Bank of America, require you to change your password using this link: http://bank0famerica.com. Then I would grab your password out of my website, and use it to log into the REAL http://bankofamerica.com, and I would be rich. Hurray!
Then, Bank of America instituted a SiteKey, which is an image and a title that you pick to recognize when you try to login to their site. The idea is that my bank0famerica wouldn't know your SiteKey and thus you would immediately unplug your computer to protect yourself from the nasties. (Ignore the fact that most people probably glaze over their SiteKey...these are, after all, the people who have already clicked on a link from an email to do something important, failed to notice the wrong website domain...etc)
Unfortunately, if I'm going to go through the trouble of setting up bank0fAmerica, I think I'd figure out in short order how to defeat the SiteKey. Namely, I ask you to enter your online-ID, just as BankOfAmerica does, and then send that ID to the real website. When I get the SiteKey back from the real website, I feed it to the fake website presented to you. Then you think it's really BankOfAmerica and proceed.
In fact, the SiteKey is so easily defeated, it may actually be worse for security! I could be convinced that it provides a false security blanket, such that Joe SixPack's one last vestige of alertness was assuaged when the impenetrable SiteKey verified my site as legit.
So, what's the better option? Well, unfortunately, it's a tough balance to strike between user effort and security. Here's a good place to start if you're looking for more on security. I'll be thinking about an easy way to really secure BankOfAmerica, and if genius strikes, I'll be back to post!
The Misapplication of Technology
Believe it or not, there are some things in life that don't need touch screens.
I simply cannot fathom the point of using a touch screen voting system. I'm all for eliminating paper ballots, but this is just so poorly done, it's almost amusing.
You all know about the security compromises in these machines, and the corruption of the company itself, but added to all of that, the machines don't even work properly?
Looking at the interface in the CNN video (I vote absentee so I haven't used one of these yet, thankfully), it's frightening how poorly designed it is. As anyone with an iPhone knows, when you have two small selections bordering each other, your intent can really go either way. Now imagine a less accurate touch screen, mis-calibrated, and you're not used to the specific quirks. Now imagine you're a senior citizen who doesn't even own a computer. Geeeez.
I'm waiting for a good argument FOR touch screens in voting machines. Even if a properly secured system were designed by an impartial company and proven to be zero-defect (an amusing, if inaccurate, list of complaints), what's wrong with putting a few physical buttons on the machine? I just cannot fathom how touch screens are better in any aspect.
The absolute least effort you could do is have a Democrat and Republican button. Use nice, big labels for the elderly, and it's cheaper and more effective! Too easy for the government, I guess. And don't get me started on making November 4th a national holiday...
I simply cannot fathom the point of using a touch screen voting system. I'm all for eliminating paper ballots, but this is just so poorly done, it's almost amusing.
You all know about the security compromises in these machines, and the corruption of the company itself, but added to all of that, the machines don't even work properly?
Looking at the interface in the CNN video (I vote absentee so I haven't used one of these yet, thankfully), it's frightening how poorly designed it is. As anyone with an iPhone knows, when you have two small selections bordering each other, your intent can really go either way. Now imagine a less accurate touch screen, mis-calibrated, and you're not used to the specific quirks. Now imagine you're a senior citizen who doesn't even own a computer. Geeeez.
I'm waiting for a good argument FOR touch screens in voting machines. Even if a properly secured system were designed by an impartial company and proven to be zero-defect (an amusing, if inaccurate, list of complaints), what's wrong with putting a few physical buttons on the machine? I just cannot fathom how touch screens are better in any aspect.
The absolute least effort you could do is have a Democrat and Republican button. Use nice, big labels for the elderly, and it's cheaper and more effective! Too easy for the government, I guess. And don't get me started on making November 4th a national holiday...
Sunday, October 26, 2008
Unit Bias
Here's an interesting article about the unit bias of food. This article finds, through various experiments, that the amount of food consumed has some correlation to the unit size presented.
In other words, for some reason, we are conditioned to consume more food if it is presented in a large serving size, i.e., if we can consume a large amount with just one "take". The article presents various plausible explanations, including social pressures and what I would like to label "expert pressure".
Expert pressure is the influence that any authoritative-seeming person has on a person's beliefs. Perhaps the simplest explanation would be a combination of herd instinct and something I couldn't find on the cognitive bias page (a wonderful thing to browse), namely the observation that the illusion of knowledge is enough to influence decisions that haven't been made up already.
In this case, expert pressure is the irrational notion that the packagers/presenters of food know the right amount you should consume. Of course, this is not the case, not only because some foods are meant to be shared, but because unit sizes are chosen on purpose.
Logically, I want to say that serving size does not affect how much I eat. However, even if you feel no remorse repeatedly going for chips at a party, don't you feel much more comfortable with a large bag in hand, so you only have to make one trip?
Personally, I feel like small serving sizes can reduce the amount I eat, but I believe only in cases of over-indulgence. If I'm at a restaurant and I get a dessert far larger than I want, I'll probably make a bold effort to finish it anyway because it would go to waste. But at Bowdoin, where the food is all-you-can-eat, and thus largely under my control, I have no such problems.
I eat a lot at each meal, perhaps even over-eat, but I do it consciously, because I know roughly how much food I need to make it to the next meal. Of course, snacking regularly is a healthy way to combat this, but in the end, I'm eating the same amount anyway. Plus, snacks are less healthy and more expensive than Bowdoin meals.
In fact, ever since freshman year, I have kept tabs on how much I eat at each meal. Every once in a while, I consciously eat less than I usually do, to make sure I really need that extra bit. Every time, I end up starving by the next meal, which results in over-eating, or have to snack on whatever is available in my dorm. In fact, I tried this tonight, because I didn't really like the dinner, and sure enough, I'm hungry now.
Well, I feel like this post made very little sense. Sorry about that. I can promise that you will be entertained if you just follow the links I've provided, though.
Till next time...
In other words, for some reason, we are conditioned to consume more food if it is presented in a large serving size, i.e., if we can consume a large amount with just one "take". The article presents various plausible explanations, including social pressures and what I would like to label "expert pressure".
Expert pressure is the influence that any authoritative-seeming person has on a person's beliefs. Perhaps the simplest explanation would be a combination of herd instinct and something I couldn't find on the cognitive bias page (a wonderful thing to browse), namely the observation that the illusion of knowledge is enough to influence decisions that haven't been made up already.
In this case, expert pressure is the irrational notion that the packagers/presenters of food know the right amount you should consume. Of course, this is not the case, not only because some foods are meant to be shared, but because unit sizes are chosen on purpose.
Logically, I want to say that serving size does not affect how much I eat. However, even if you feel no remorse repeatedly going for chips at a party, don't you feel much more comfortable with a large bag in hand, so you only have to make one trip?
Personally, I feel like small serving sizes can reduce the amount I eat, but I believe only in cases of over-indulgence. If I'm at a restaurant and I get a dessert far larger than I want, I'll probably make a bold effort to finish it anyway because it would go to waste. But at Bowdoin, where the food is all-you-can-eat, and thus largely under my control, I have no such problems.
I eat a lot at each meal, perhaps even over-eat, but I do it consciously, because I know roughly how much food I need to make it to the next meal. Of course, snacking regularly is a healthy way to combat this, but in the end, I'm eating the same amount anyway. Plus, snacks are less healthy and more expensive than Bowdoin meals.
In fact, ever since freshman year, I have kept tabs on how much I eat at each meal. Every once in a while, I consciously eat less than I usually do, to make sure I really need that extra bit. Every time, I end up starving by the next meal, which results in over-eating, or have to snack on whatever is available in my dorm. In fact, I tried this tonight, because I didn't really like the dinner, and sure enough, I'm hungry now.
Well, I feel like this post made very little sense. Sorry about that. I can promise that you will be entertained if you just follow the links I've provided, though.
Till next time...
Subscribe to:
Posts (Atom)
Posts
