Posts Tagged harmful

The case against bicycle helmet advocacy: a quick guide

Bicycle helmets are tested with vertical drops from a maximum height of about 3m onto flat surfaces (BS/EN 1078:1997). In such testing, helmets definitely help. However, the scientific evidence on helmets & population wide injury rates is far from clear that helmets actually are beneficial.

While amongst cyclists who suffer injury, helmets of themselves do reduce head injuries significantly, they also increase neck and facial injuries, so that there appears to be negligible benefit overall (Accident Analysis & Prevention: … meta-analysis of bicycle helmet efficacy). Study of bicycle injury rates in Australia around the time of introduction of mandatory helmet laws suggests that, though there is a noticeable dip in injury rates around the introduction of the law itself (not necessarily attributable to the helmet itself in my opinion) that injury rates then started increasing again, to the point rates were nearly the same at the end of the study period as before the helmet law, and trending to surpass it! (My Blog: study-shows-australian-cyclist-helmet-law-leads-to-increasing-head-injury-rates). Helmet use also appears to induce risk-compensation behaviour in motor vehicle drivers – they make closer passes (Accident Analysis & Prevention: Drivers overtaking bicyclists…). No doubt the cyclists themselves also are subject to risk compensation. Thus, by wearing a helmet there may be an increased risk of getting into an accident.

There may be further population wide psychological effects caused by a culture of “Must be wearing a helmet to be safe!”. It is sending the message that cycling needs safety equipment, and hence must be dangerous, which surely will put off many – certainly where mandatory helmet use laws are introduced rates of cycling then significantly decrease. The reverse is of course true: the overall health benefits of cycling greatly outweigh the quite tiny risks – risks which are not greatly changed by helmet wearing, the studies appear to say. In other words, by advocating helmet use, one may be harming the rates of cycling by sending the wrong message on safety, and hence harming public health overall.

Further, as cyclist safety on the roads correlates strongly with rates of cycling – more cyclists leads to more awareness & safer roads, and similarly fewer cyclists means less safe roads – this means a culture of helmet use may well lead to increased injury rates amongst cyclists (in addition to the general adverse public health effects of fewer people cycling). This would be very hard to categorically prove or disprove in causal terms, however the Australian experience certainly suggests a correlation, as I think would a comparison of the UK and Netherlands.

Finally, in the Netherlands, one of the safest places for cycling in the world, cyclists almost universally do not wear helmets, including very young cyclists. Thus, we can be quite certain that helmet usage is not a pre-requisite for safe cycling. Indeed, it is in places like the UK and USA, with some of the worst cycling safety in the developed world, where the focus on safety equipment for the cyclist seems to be greatest.

In short, the focus needs to be on those things around the cyclist (e.g. default legal liability to influence motorists’ behaviour, safer road infrastructure, etc) – not what is on cyclists. Focusing on cyclist safety equipment to me seems futile at best, and perhaps even detrimental to the cause of mass, safe cycling, if that’s a cause you believe worthwhile.

NB: Helmet use should always be a personal choice. The issue is complex, the trade-offs may differ greatly in different scenarios – helmets may be very beneficial in some settings, e.g. some kinds of racing. The choice should be your own. However, general advocacy of cycling helmets seems inappropriate and probably harmful, to me.

Comments (20)

Sharing DNS caches Considered Harmful

Eircom have been having problems with internet connectivity. It’s hard to get information about exactly what they’re seeing, but there seem to be 2 aspects to it:

  1. Eircom are getting hit with a lot of packets
  2. Customers have sometimes been directed to strange sites by Eircom’s DNS servers

Justin Mason has a good overview of the news coverage. There some points of his worth correcting though:

I.e. DDoS levels of incoming DNS packets are consistent with a poisoning attack on up-to-date DNS servers, which randomise QID.

The moral of the story here is that using recursive, caching DNS servers that are shared on any significant scale, like ISP nameservers or (even worse) OpenDNS, is just unhygienic. They’re just fundamentally flawed in todays internet environment, as they’re juicy targets for poisoning, until DNSSec is widely deployed. When finally DNSSec is deployed, shared, recursive nameservers remain a bad idea as they terminate the chain of the trust – the connection between the NS and client can still be spoofed.

In short:

  • Technical users and systems admins should install local, recursive nameservers. Preferably on a per-system basis.
  • Operating system vendors should provide easily-installed recursive nameservers and should consider installing and configuring their use by default. (Fedora provides a convenient ‘caching-nameserver’ package, and also a new dnssec-conf package with F11, though not enabled by default).
  • Consumer router vendors already ship with recursive servers, but tend to forward queries to the ISP – they should stop doing that and just provide full recursive service (hosts already do caching of lookup results anyway).

Widely shared, recursive nameservers are a major security risk and really should be considered an anachronism. It’s time to start gettting rid of them…

Comments (11)

Mail-Followup-To Considered Harmful

Dear Interwebs,

If you happen to have responsibility for some software that processes mail, please take the time to check the following:

  • That your software always errs on the side of preserving the Reply-To header, when passing on email. E.g. email list software in particular should not overwrite existing Reply-To headers, even if a list is configured to set a default Reply-To.
  • That your software can process Reply-To headers that have multiple email addresses.
  • That your software provides adequate, interactive cues to its user when they reply to an email, so as to discern what the user wants, in the context of what the sender prefers (so far as that is known).
  • If your software supports various weird, non-standard headers, like Mail-Followup-To, Mail-Copies-To, Mail-Replies-To, etc. deprecate and remove this support. No amount of extra headers can obviate the need for the cues in the previous point – all they do is make the situation worse overall.
  • If your software must support these headers, do not let such support cause the standard and well-supported Reply-To header to be automatically ignored.

If you’re a user of software that honours Mail-Followup-To and/or has buggy Reply-To behaviour, please file bugs and/or send them patches.

So why are Mail-Followup-To et al harmful? The answer is that they increase the number of ways that the wishes of the sender, the respondent and the state of the email may interact. What was already a tricky and murky area is made even murkier when you try add new ways to indicate the desired reply-path. E.g. witness Thunderbird’s help on MFT, or Mutt’s help on Mailing lists. I defy anyone to be able to keep all the rules of their MUA behaves in the presence of the various combinations of Reply-To, From, To, Cc, Mail-Followup-To and Mail-Reply-to in their head. For the few who can, I defy them to keep track of how their MUAs support interacts with the support in other MUAs.

Further, Mail-Followup-To has never been  standardised. The header is described in  DJB’s Mail-Followup-To and the dead IETF DRUMS draft. Both specs effectively say that the absence of MFT when a client does a “followup” reply should continue to go to the union of the From address (From == From or Reply-To), To and the Cc. However, these descriptions carry little authority. Unfortunately Mutt, one popular MUA, behaves differently when in list-reply mode and does not fallback to (From|Reply-To)+To+Cc in the absence of MFT – at least when I last investigated. This means Mutt basically does not inter-operate with other MUAs, when it comes to the standards-track means of indicating Reply preferences.

Before we had the problem of trying to get a few cases of bugs in broken Reply-To handling fixed (e.g. lists that blindly over-write Reply-To) + the UI design issues of figuring out where a user intends replies to go, without annoying them. Now we’ve added the problems of fractured interoperability with new same-but-different headers + the problems of bugs and deviations in the implementations of said new same-but-different headers.

Mail-Followup-To == more mess == even more brokenness.

See also: Archived DRUMS discussion on Mail-Followup-To.

Comments (2)

%d bloggers like this: