Informal sampling of the Fatal Force Database

Police shot dead 1,160 people in 2023. What’s a typical shooting like?

We learn about fatal police shootings through two routes. First, dramatic examples get in national news. However, these are clearly very atypical, or they wouldn’t be in the news. Second, we can compile statistics. The Washington Post’s Fatal Force Database aims to be a comprehensive database of every police-involved killing in the United States since its inception in 2015, and includes a variety of information on whether the suspect was armed, their race, and so forth. But when what you really want to know is how often the police should have acted differently, how do you gather statistics on that?

If you visit my Fatal Force Database informal sampler webapp, you’ll see a randomly selected row from the Post’s database. A few details such as name and location are shown on the page; to learn more about the incident, press “Search Google” for a Google search tailored to find news reports about the killing. A second button, “Sample again”, selects a fresh random row from the database.

I’m not sure if there’s an established name for this technique, but I call it “informal sampling”: to get an informal picture of what a population is like, choose a random member of that population, look into that member by whatever means, and then repeat for another random sample. This seems to me to retain many of the advantages of anecdote in getting a gut feel for a population, without being thrown by rare vivid examples in the way that non-statistical methods often are. I have used this technique in other ways too, such as by trying to work out where all my money goes by sampling on where a randomly chosen penny was spent. One of my main motivations in writing this webapp and this blog post was to promote the idea of informal sampling as a technique; I have very often wished for a tool like this in other domains.

Although I encourage you to try this out and get your own picture of these things, I must warn you that it is all very sad.

See a random example

What about Alpha Centauri?

If we make Sphere the Sun, and Pluto is in San Francisco, where does Alpha Centauri go?

Alpha, Beta, and Proxima Centauri, as taken by Skatebiker

Alpha Centauri is 4.344 light years away, so at our scale of 1:8.855 million, model Alpha Centauri must be placed 12 times further away than the Moon. Not 12 times further away than our model of the Moon in Las Vegas; 12 times further away than the actual Moon. Even if we decide to build a model of Alpha Centauri A which is 1.2 times the radius of Sphere itself, it’s going to be a little tricky to make it stay in place.

Fortunately this contemplation of astronomical distances suggests its own solution. Our model of the Earth will be nearly 5 feet in diameter, enough to portray the continents and oceans in fairly rich detail. Obviously this model will require an arrow pointing at south Las Vegas reading “YOU ARE HERE”, with another arrow pointing 1/16 in away reading “SUN”. We can then also mark the locations of our models bodies from Jupiter to Sedna similarly, in model California and model Oregon. With this done, it is a small extension of our model-within-a-model to put Alpha Centauri 1719 feet away from our Earth model, saying “we didn’t include Alpha Centauri in our model, but here it is in our model-within-a-model”.

We can even extend this to, say, the galactic core, 1956 miles away in our model-model. However the Andromeda Galaxy would need to be most of the way to the Moon at 190,000 miles; for this we would have to resort to a model-model-model.

In conclusion: Space, is big. Really big. You just won’t believe how vastly, hugely, mindbogglingly big it is. I mean, you may think it’s a long way down the road to the chemist, but that’s just peanuts to space.

Thanks to John Cody for inspiring this thought!

Picture credit: Skatebiker, Wikimedia Commons

Make Sphere the Sun

The Sweden Solar System, at a scale of 1:20 million, is the world’s largest scale model of the Solar System, with the Avicii Arena representing the Sun. The Arena was the largest spherical building in the world… until the completion of Sphere in Las Vegas.

It is clear what America has to do.

Sphere is 516 feet in diameter, implying an overall scale of 1:8.855 million, making the model over twice the size of that of Sweden. Even at this scale, most of the planets, dwarf planets and moons are surprisingly small. Earth is the largest non-gas-giant in the Solar System and would be represented by a sphere less than five feet across, about 10 ½ miles from the Sphere; there’s a convenient casino about the right distance and not far from the road towards LA. The Moon would then be a 15 inch sphere 142 feet from the Earth.

The four gas giants present a more serious challenge; even the smallest, Neptune, must be 18 feet across. While it’s preferable that all bodies be represented with spheres or hemispheres, in these four cases we might initially follow the example that the Sweden Solar System sets with Jupiter and Saturn, and use a circular representation at least initially. For example we could represent Jupiter as a painted circle, 53 feet in diameter, at the Cima Road truck stop. I’ve put the locations on a road trip from Vegas to SF via LA, since that should maximize visitability and also is most convenient for me. Note that the distances increase rapidly; while Mars can be placed near a race track just outside Vegas, Jupiter is already out of Nevada and into California. Uranus can be placed at a botanic garden in Greater Los Angeles, Neptune at a hotel in SLO, Pluto in the Exploratorium in SF, and Eris in Portland Oregon.

One convenient thing about this scale is that even relatively small astronomical bodies will be visible to the naked eye: for example, Mars’s moon Deimos will be a sphere slightly under 1/16 inch in diameter, around 9 feet from the 30 inch sphere representing Mars itself.

This spreadsheet details the diameter and distance each model needs to be to fulfil our chosen scale, and in most cases suggests a suitable location at roughly the right distance from the Sphere.

The relative distances in the solar system, and the vast space between its bodies, can be counterintuitive. Now that America has claimed the title of the world’s largest spherical building, a grand project to make this the center of the world’s largest scale model of the solar system is the perfect opportunity to capture the vastness of space.

Followup: What about Alpha Centauri? Photo credit: Sin City Las Vegas

Responses to Cade Metz’s hit piece on Scott Alexander

This depraved rubbish got quite a few responses. Please let me know about any I’ve missed. Inner bullets are subtitles or exerpts. Open to adding good Twitter threads too!

Scott Alexander, Statement on New York Times Article
- I have 1,557 other posts worth of material he could have used, and the sentence he chose to go with was the one that was crossed out and included a plea for people to stop taking it out of context.
- I don’t want to accuse the New York Times of lying about me, exactly, but if they were truthful, it was in the same way as that famous movie review which describes the Wizard of Oz as: “Transported to a surreal landscape, a young girl kills the first person she meets and then teams up with three strangers to kill again.”
- I believe they misrepresented me as retaliation for my publicly objecting to their policy of doxxing bloggers in a way that threatens their livelihood and safety. Because they are much more powerful than I am and have a much wider reach, far more people will read their article than will read my response, so probably their plan will work.
Cathy Young, Slate Star Codex and the Gray Lady’s Decay
- The New York Times hit piece on a heterodox blogger is a bad stumble — the latest of many
- The New York Times has wandered into an even worse culture-war skirmish. This one involves bad (and arguably dishonest) reporting as well as accusations of vindictiveness and violation of privacy. It’s a clash pitting the Times against a prominent blogger critical of the social justice progressivism that has become the mainstream media’s dominant ideology in the past decade. The Times does not look good.
Robby Soave, What The New York Times‘ Hit Piece on Slate Star Codex Says About Media Gatekeeping
- “”Silicon Valley’s Safe Space” has misinformed readers.”
- It’s a lazy hit piece that actively misleads readers, giving them the false impression that Siskind is at the center of a stealth plot to infiltrate Silicon Valley and pollute it with noxious far-right ideas.
- The idea that a clinical psychiatrist’s blog is the embodiment of Silicon Valley’s psyche is very odd
- To the extent that the Times left readers with the impression that Siskind is primarily a right-wing contrarian—and Silicon Valley’s intellectual man-behind-the-curtain to boot—it is actually the paper of record that has spread misinformation.
Matt Yglesias, In defense of interesting writing on controversial topics
- Some thoughts on the New York Times’ Slate Star Codex profile
- I think Metz kind of misses what’s interesting about it from the get-go.
- something about the internet is making people into infantile conformists with no taste or appreciation for the life of the mind, and frankly, I’m sick of it.
Tom Chivers, When did we give up on persuasion?
Freddie deBoer, Scott Alexander is not in the Gizmodo Media Slack
Scott Aaronson, A grand anticlimax: the New York Times on Scott Alexander
Sergey Alexashenko, How The Hell Do You Not Quote SSC?
- “The NYT misses the point by a light-year.”
Kenneth R. Pike, Scott Alexander, Philosopher King of the Weird People
Noah Smith, Silicon Valley isn’t full of fascists
Thread by Steven Pinker

NYT plan to doxx Scott Alexander for no real reason

UPDATE 2020-06-25: Please sign the petition at DontDoxScottAlexander.com!

The New York Times is planning on publishing an article about Scott Alexander, one of the most important thinkers of our time. Unfortunately, they plan to include his legal name. In response, Scott has shut down his blog, a huge loss to the world.

This will do enormous harm to him personally; some people hate Scott and this will encourage them to go after his livelihood and his home. Not all of them are above even SWATing, ie attempted murder by police. If he does lose his job, it will also “leave hundreds of patients in a dangerous situation as we tried to transition their care.”

However, the greatest harm is to the public discourse as a whole. Shutting people down in real life is an increasingly popular response to all forms of disagreement. Pseudonymity plays an essential role in keeping the marketplace of ideas healthy, making it possible for a wider spectrum of ideas to be heard. If the NYT policy is that anyone whose profile becomes prominent enough will be doxxed in the most important newspaper in the world, it has a chilling effect.

All this might be OK if there was some countervailing public interest defence, if there was a connection between his blogging and his real world activity that needed to be exposed. But as I understand it, no-one is asserting this. The defence of this incredibly harmful act is simply “sorry, this is our policy”. It’s not even a consistently applied policy: a profile of the Chapo Trap House hosts published in February rightly omitted host Virgil Texas’s real name, though they must surely have been aware of it.

I urge you to spread the word on this everywhere you have reach, and to politely contact the New York Times through the means Scott outlines in his post to urge them to do the right thing.

UPDATE 2020-06-25: Please sign the petition at DontDoxScottAlexander.com!

Here’s the letter I wrote:

I am a subscriber, and I am dismayed to learn that the Times plans to doxx blogger Scott Alexander. In an age where people so often respond to disagreement by attacking someone in the real world, whether by getting them fired or by SWATing, pseudonymity plays an essential role in the marketplace of ideas, helping to ensure that a wide spectrum of voices can be heard.
Obviously if there was a public interest defence of publishing this information – if there was a connection between his blogging and his real world activity that needed to be exposed – that would be different, but as I understand it no-one is asserting that. If you plan to do something so tremendously harmful to the public discourse as a whole, please have a reason other than “this is what we do”. You were right not to doxx Chapo Trap House host Virgil Texas; please apply that policy here.

Some more numbers as lambda calculus

On Reddit, u/spriteguard asks:

Do you have any diagrams of smaller numbers for comparison? I’d love to see a whole sequence of these.

I have work to put off, so I couldn’t resist the challenge. Like the previous post, these are Tromp diagrams showing lambda calculus expressions that evaluate to Church integers.

My own large number, f_{ω^ω + 1}(4) in a version of the fast-growing hierarchy where f_0(n) = n^n

Code to generate these diagrams is on Github; I generated these with the command

./trylambda --outdir /tmp/out demofiles/smallernums.olc demofiles/graham.olc demofiles/fgh.olc demofiles/slow.olc

A picture of Graham’s Number

One of the first posts I made on this blog was Lambda calculus and Graham’s number, which set out how to express the insanely large number known as Graham’s Number precisely and concisely using lambda calculus.

A week ago, Reddit user u/KtoProd asked: if I wanted to get a Graham’s Number tattoo, how should I represent it? u/FavoriteColorFlavor linked to my lambda calculus post. But in a cool twist, they suggested that rather than writing these things in the usual way, they use a John Tromp lambda calculus diagram. I got into the discussion and started working with the diagrams a bit, and they really are a great way to work with lambda calculus expressions; it was a pleasure to understand how the diagram relates to what I originally wrote, and manipulate it a bit for clarity.

The bars at the top are lambdas, the joining horizontal lines are applications, and the vertical lines are variables. There are three groups; the rightmost group represents the number 2, and the middle one the number 3; with beta reduction the two lambdas in the leftmost group will consume these rightmost groups and use them to build other small numbers needed here, like 4 (2²) and 64 (4³). The three is also used to make the two 3s either side of the arrows. Tromp’s page about these diagrams has lots of examples.

I’m obviously biased, but this is my favourite of the suggestions in that discussion. If u/KtoProd does get it as a tattoo I hope I can share a picture with you all!

Update: Some more numbers as lambda calculus

Update 2020-02-24: I’ve added the ability to generate these diagrams to my Python lambda calculus toy. After installation, try ./trylambda demofiles/draw.olc.

More thoughts on TCRs

A few more notes regarding target collision resistant functions, following up from my $1000 competition announcement.

Second preimage resistance

There is a simple way to construct a secure TCR compression function given a second-preimage-resistant compression function—just generate a key which is the length of the input, and XOR the key with the input. So if we can build a fast second-preimage-resistant function, we can build a fast secure TCR.

The history of hash functions shows that we have been much more successful at achieving second-preimage resistance than collision resistance. From the excellent Lessons From The History Of Attacks On Secure Hash Functions:

The main result is that there is a big gap between the history of collision attacks and pre-image attacks. Almost all older secure hash functions have fallen to collision attacks. Almost none have ever fallen to pre-image attacks.

Secondarily, no new secure hash functions (designed after approximately the year 2000) have so far succumbed to collision attacks, either.

Tweakable target collision resistance

In the definition of target collision resistance, the attacker supplies a single message, but in practice, we usually want to hash many messages with the same key, eg when constructing a variable-length TCR from a compression function that takes a fixed-length message. This is OK because there’s a straightforward security reduction which shows that if an attacker can find a collision for a single message with probability ε, then they can forge a collision for any of n messages with probability at most nε.

However, when the messages to be signed are large as they are in Android, this linear falloff is kind of a shame. One possible advantage of TCRs is that it can be secure to use much shorter hash outputs, say 128 bits, which will make Merkle trees much smaller, saving disk space and improving performance. But if the hash function consumes, say, 128 bytes at a time (like BLAKE2) and the system partition is 1GB, it will be broken up into 2²³ messages, leaving us with only 105-bit security at best. I’d like to do a little better than that, and so I’d like to build multiple-message security into the security definition. I propose a new kind of primitive, a tweakable TCR, which takes a tweak as well as a key and a message. The attacker faces the following challenge:

Attacker chooses n messages m₁…m_n and n distinct tweaks t₁…t_n
Attacker learns random key K
Attacker chooses i, m’
Attacker wins if m’ ≠ m_i but H(K, t_i, m’) = H(K, t_i, m_i)

If each of the 2²³ messages gets a distinct tweak, we can preserve 128-bit security across large partitions. I therefore encourage people to design not just TCRs, but TTCRs!

$1000 TCR hashing competition

In my day job, I do cryptography for Android. I have a problem where I need to make some cryptography faster, and I’m setting up a $1000 competition funded from my own pocket for work towards the solution.

On Android devices, key operating system components are stored in read-only partitions such as the /system partition. To prevent an attacker tampering with these partitions, we hash them using a Merkle tree, and sign the root. We don’t check all the hashes when the device boots; that would take too long. Instead, at boot time we check only the root of the tree, and then we check other sectors against their hashes as we load them using a Linux kernel module called dm-verity.

This likely works pretty well on phones sold in the US, which will have the ARM CE instructions that accelerate SHA2-256. But a lot of devices sold in poorer countries don’t have these instructions, and SHA2-256 can be pretty slow, and hurt overall system performance. For example, on the 900MHz Cortex-A7 Broadcom BCM2836, hashing takes 28.86 cpb [eBACS 2019-03-31], limiting reading speed to 31.2 MB/s. One partial fix is to switch to a hash function that is faster on such processors. BLAKE2b is nearly twice as fast on that processor, at 15.32 cpb. However, this is still a lot slower than I’m happy with.

Where sender and receiver have a shared secret, authentication can be very fast; a universal function like NH can run at around 1.5 cpb on such a processor. But this isn’t an option for verified boot, because it’s hard to keep the key out of the attacker’s hands, and given the key it’s trivial to forge messages.

Inbetween these two notions of security is the idea of a “target collision resistant” function, once known as a “universal one-way hash function”. With a TCR, hashing is randomized with a key chosen at signing time once the message to be signed is known. This makes the attacker’s job much harder since they cannot simply search for a pair of colliding messages. Instead, they must choose the first message to be hashed, and only then do they learn the key that will be used at hashing time, after which they must generate a second message that hashes with the first using this key; this problem is more akin to second preimage finding than collision finding. While collision attacks against hash functions are plentiful, second preimage attacks are far rarer.

Collision resistance	Target collision resistance	Universal function
$K \xleftarrow{\$} \mathcal{K}$
$A \leftarrow K \\ A \rightarrow m_1 \\ A \rightarrow m_2$	$A \rightarrow m_1 \\ A \leftarrow K \\ A \rightarrow m_2$	$A \rightarrow m_1 \\ A \rightarrow m_2 \\ A \leftarrow K$
Attacker succeeds if $m_1 \neq m_2$ and $H(K, m_1) = H(K, m_2)$

In principle, the vastly harder job facing the attacker of a TCR should mean that secure TCRs much faster than hash functions are possible. However, the main impetus to research on TCRs was a desire to bolster existing hash functions, when attacks on MD5 and SHA-1 were new and we didn’t know which if any of our existing hash functions would be left standing. As a result several ways to construct a TCR from a hash function with good provable properties were proposed, but none of these could be faster than their underlying hash functions. As far as I know, no-one has ever proposed a TCR as a primitive, designed to be faster than existing hash functions, and that’s what I need. I’m probably not the only one who’d find a primitive for much faster broadcast authentication useful, either!

To me this looks like an interesting, overlooked problem in symmetric cryptology, and I’d really like it to get some attention. So I’m offering a $1000 prize from my own pocket, to be awarded at Real World Crypto 2021, for the work that in my arbitrary opinion does the most to move the state of the art forwards or is just the most interesting.

I offered a similar prize at the rump session at FSE 2019, promising to award it at the end of the year, but I neglected to really tell anyone and didn’t get any entrants. Hopefully this will be a more successful launch for the prize, and see some of you at Real World Crypto 2020!

I’ve moved some technical notes into a subsequent blog post.

Subjective probability

Credits: This way of looking at probability is due to Bruno de Finetti; this particular framing was taught to me by Andrew Critch.

Out of the blue, you get the following email from me:

Dear You:

I extend to you, and you alone, a chance to take part in my free lottery. Please choose at most one of the following options:

Option A: On November 9th, I’ll roll two standard six-sided dice, and if I roll a double one (“snake-eyes”), I’ll send you $200
Option B: On November 9th, if Washington DC has been declared for Clinton, I’ll send you $200

If I don’t hear from you within 24 hours, or if your answer isn’t a clear preference for one of these, I won’t do either. Thanks!

If you know me, you know that I’d straightforwardly honour the promise in the email; for this thought experiment set aside all questions about that. It may help you to know that Obama got over 90% of the vote in DC in 2012. There seems zero benefit in refusing the offer or not replying – it’s totally free, and the worst that can happen if you lose is that I don’t send you $200. Would you reply to this email, choosing one of the options? If so, which one? I think it’s obvious what the right choice is, but stop for a moment and decide what you’d do.

What about if I’d offered you the opposite choice: A’ means $200 if I don’t roll snake-eyes, while B’ means $200 if Clinton doesn’t win DC? Does that change your choice?

I hope you chose B in the first case, and A’ in the second. That’s because it seems very clear that Clinton’s chances of winning in DC are very high, and certainly higher than the chances of snake-eyes on a single roll of two dice, which is 1/36 or less than 3%.

However, for many people, this statement contradicts their understanding of what probability is. The most common and widely taught view of probability is strictly frequentist; it makes sense to say that a pair of dice have a less than 3% chance of snake-eyes only because you can roll the dice many times and in the long run they will land snake-eyes one time in 36. You cannot rerun the 2016 Presidential election in DC many times, so it means nothing to say that Clinton has a greater than 3% chance of winning.

If you’re prepared to choose between the options above – if you agree that a single roll of a pair of dice producing snake-eyes is less likely than a Democratic victory in DC in 2016 – then there’s an important sense in which you already reject this view and accept a subjective view of probability.