Tasty Beverages


Diet Dr. Pepper tastes more like regular Dr. Pepper.”

That was a previous advertising slogan for Diet Dr. Pepper, my personal favourite source of both caffeine and phenylalanine; I’m drinking it right now as I write this.

The present slogan is the brain-achingly oxymoronic “Diet Dr. Pepper: There’s Nothing Diet About It” – really?  Seems like one ought to change the name then, if the name of one’s product is so misleading as to require its complete and utter disavowal in the slogan.

But that’s not what I want to talk about today. I actually want to talk about predicates.

The word “predicate” is one of those slippery words that has multiple technical meanings depending on the domain, all related but subtly different enough that one really ought to carefully call out how one is using the term.

  • In C# programming a predicate is a function which takes a bunch of arguments and returns a Boolean. customer=>customer.Age < 21, for example.
  • In mathematical logic, a predicate is a function (or relation) which indicates the membership of a set. For example, “all integers x such that x is both even and prime” is a predicate for the set containing only the number 2.
  • In English grammar, a predicate is that part of a statement which claims to represent a fact about the subject. For example, in “Thucydides fought in the Peloponnesian War”, “Thucydides” is the subject and the rest is the predicate. This predicate happens to be true for the subject “Thucydides”, and false for a different subject, say, “Julius Caesar”.

What all of these things have in common is that a predicate is something into which you can “substitute” a value to obtain a result of either truth or falsity.

What on earth does this have to do with Diet Dr. Pepper tasting more like regular Dr. Pepper?

Is “tastes more like regular Dr. Pepper” actually a predicate? If it is then when it is applied to a subject it must produce a statement which can be classified as true or false. Let’s leave the subjective nature of taste aside for a moment; that’s not the fundamental logical problem here.

Rather, consider this utterance: “Diet Dr. Pepper tastes more like”  Is “tastes more like” a predicate? Of course not. That utterance doesn’t make any sense. Tastes more like… what? This utterance cannot be classified as true or false for any subject, so the latter part of it cannot actually be a predicate.

But the same thing goes for “tastes more like regular Dr. Pepper”!  Tastes more like regular Dr. Pepper… than what?

In order to actually be a predicate it needs more objects. For example, “Diet Dr. Pepper tastes more like regular Dr. Pepper than a pint of Guinness tastes like a mango lassi” is a statement which actually has a truth value. Perhaps a subjective and arguable truth value, but at least this sentence has the form of a statement with a subject and a real predicate now. The original slogan’s “predicate” isn’t really a predicate at all; one might think of it as a pseudopredicate.

Advertisers love pseudopredicates. Once you realize that they exist you see them all the time. Advertisers love them because they make no testable claim which could be shown to be false in a court of law. Rather, they rely on either the irrational belief that “more” anything means “better”, or upon your brain’s ability to fill in the rest of the objects which they intend you to infer.

In this particular case, I imagine that the crafters of this slogan intended your brain to fill in “Diet Dr. Pepper tastes more like regular Dr. Pepper than our previous formulation of Diet Dr. Pepper tasted like regular Dr. Pepper” – that is, they want to make the claim that the product has improved without making the admission that the previous formulation was less than delicious.

Or, perhaps they want you to fill in “Diet Dr. Pepper tastes more like regular Dr. Pepper than Diet Coke tastes like regular Coke” – that is, they want to assert that their product is superior to a competing product. This assertion is in my personal opinion true, but the Coca Cola company could potentially take issue with if stated baldly as an objective claim. By relying upon a pseudopredicate to make a slogan which actually is so malformed as to have no truth value at all, the copywriters duck these thorny issues. There are lots of ways that clever advertisers leverage our tendancies to “fill in the blanks” in order to sell products.

That’s not actually what I want to talk about today either.  I actually want to talk about writing secure code.

What on earth does Diet Dr. Pepper tasting more like regular Dr. Pepper have to do with writing secure code?

The other day I got a question about the characteristics of a particular bit of source code obfuscation technology, which we shall call X; what the technology actually consists of and what the precise question was are irrelevant to this discussion.

I answered the question with a question; I asked why it was that the questioner wanted to use technology X. The answer was “To protect the source code”. Leave aside for the moment the fact that I could probably have deduced from the original query that the questioner was interested in protecting some resource. There’s a deeper problem here. In the utterance “technology X protects the source code”, is “protects the source code” a predicate, or a pseudopredicate?

It’s a pseudopredicate. There is an object missing. To make this a predicate, it needs to be something like “protects the source code from casual inspection and editing by snoopy people” – as it happens, this predicate was true for technology X. What I was rather worried about was that the questioner actually had in his head the predicate “protects the database administrator password that I’ve stuck into my source code from discovery and misuse by a determined and intelligent attacker”. That predicate happens to be utterly false for technology X. Because he was not actually stating a predicate that could be true or false of X I was unable to answer the guy’s question about X.

I never, ever lock my car doors anymore. Why? I drive a soft-top convertible. One day I woke up to discover that someone had sliced open the top and unlocked the car. The two bucks in quarters I keep in the car for parking meters was a trivial loss compared to the hundreds my insurance company paid to get the top replaced and the hours of my time wasted in dealing with the situation. The locks are not a mitigation to that vulnerability at all! Locking my car doors makes it more prone to be damaged, not less.

I do, however, lock my house, to protect it against random people wandering in. However, the locks are hardly any mitigation to the vulnerability of the house to determined attack from a wily, hostile burglar. It would be foolish of me to say that “the locks protect my house” without mentioning the threat.

What I’m rambling on about here is this: the fitness of a particular security technology to mitigate a vulnerability can only be evaluated in the context of a stated threat against a stated resource. That’s because every security technology is designed to mitigate specific vulnerabilities to particular threats. When you’re evaluating the benefit of a particular security system, make sure that the predicates you are using to talk about the system are actually predicates, not pseudopredicates; state the threats.

Comments (35)

  1. Xerxes says:

    Wow….I like Dr Pepper too, Eric, but that post was wild and covered far more tangents than any of your others! (…and that’s no pseudopredicate!)

    Suffice to say, the point was that someone misappropriated a technology to hide their bad system design and that fact was conveyed.

    good reading 🙂

    -xerx

  2. Jacob says:

    Old Spice High Endurance Body Wash proudly proclaims "3x clean guaranteed": http://www.amazon.com/gp/product/images/B000GR9OIQ/ref=dp_image_text_0?ie=UTF8&n=3760901&s=hpc

    On the off day that I’m not thinking about code in the shower, and I happen notice that slogan, my head starts hurting…

  3. Larry says:

    On a slightly different tack, I was doing some work for an alarm monitoring company some time ago. Apparently if the alarm company calls the police on a false alarm they can be billed a hefty fee. Since false alarms are significantly more likely than real ones, when the alarm company got an incoming alarm, they delayed calling the police as long as possible, exhausting all other means of investigation. This was even true of the live voice alarms where the central station operators immediately says "the police have been dispatched" as part of their script! (The live voice operators were instructed to speak in a loud, aggressive voice but they occasionally had a hard time not laughing when they did.) In essence the alarm monitoring protects your house from slow intruders but not from fast ones!

  4. Good post, I also enjoyed going back an seeing the Thucydides post. I’ve found that reading ancient books frequently humbles my modern mind.

  5. Andrew says:

    FYI: Phenylketoneurics are people, phenylalanine are what they’re allergic (psychopathic response, not histamine response) to. 😉

  6. Bill Wert says:

    I expected you to say you’d actually come to talk about the draft.

  7. mike says:

    Even a fully predicated version of the slogan — e.g. "Diet Dr. Pepper tastes more like regular Dr. Pepper than Diet Coke tastes like regular Coke” — is unassailable, because it makes a statement about something subjective. The Coca-Cola company could not prove that this statement is not true, because there is, as they say, no accounting for tastes. That’s why advertisers like the word "best" — it’s a measure of opinion, not of fact.

    More in keeping with your actual thesis, I’ll put in a plug for Bruce Schneier’s book "Beyond Fear," in which he brings this kind of analysis to security of all kinds (as you’ve done here). It’s too bad that Schneier is best known for his writings about computer security, because that’s a book that everyone should read, perhaps _especially_ people who don’t deal with computers much or at all.

  8. > Even a fully predicated version of the slogan — e.g. "Diet Dr. Pepper tastes more like regular Dr. Pepper

    > than Diet Coke tastes like regular Coke” — is unassailable, because it makes a statement about something

    > subjective. The Coca-Cola company could not prove that this statement is not true, because there is, as

    > they say, no accounting for tastes

    @Mike – surely the advertiser would be on shaky ground if they made explicit statements like that and only had "it’s subjective" as a defence. For example, do you think Dr Pepper could get away with the following (subjectively true) slogan?

    "Drink Dr Pepper, because Coke tastes like crap"

    Anyway, this was a fun post to read. Thanks Eric!

  9. Or how about "Coke tastes MORE like crap" – is that unassailable?

  10. Matt says:

    Nice article,

    Someone on a forum I frequent once posted an (obfuscated) class and asked what string it contained.

    The response inside 10 minutes rather shocked him.

    He then tried a slightly improved set of options and made the string not directly embedded (building it in some convoluted way)

    I skipped decompilation, attached a debugger and got the string out then in no time at all.

    He realized the futility of this approach for anything other than casual introspection at that point.

  11. Phylyp says:

    You’ve been spiking the Dr. Peppers again, haven’t you, Eric?

    Seriously though, that was a nice setup for your discussion on predicates – seemed to be almost a non-technical post until you brought it back onto the usage of (spoken) predicates.

  12. Jon Skeet says:

    Related pseudo-predicates: "Structs perform better than classes" (and similar statements).

    Just like the security pseudo-predicate, this requires a context – basically a series of operations (ideally running on a particular version of the framework/OS, on particular hardware – and in the face of other factors such as what else the system is doing).

    Great post.

  13. Great elucidation of a tricky logic topic, Eric.  I’ve had a similar problem for years, specifically people talking about "needs".  People claim they need something, and I always react by saying "in order for what?"

    "I need to eat" is only true "…in order to continue living", and it’s this missing portion of the predicate that is assumed, taken for granted, etc.  Needing to eat is trivial, though.  What’s scary is when people talk about business needs, software needs, etc.

    However, when I bring up this "technicality", people look at me with a blank stare.  So now I can REALLY confuse them by talking in terms of predicates.  🙂  Thanks!

  14. Gil-Ad says:

    Thanks for the article…

    What amused me was that I read the slogan as “Diet Dr. Pepper tastes more like regular Dr. Pepper. than regular Dr. Pepper”… 🙂

  15. Kyle Lahnakoski says:

    Listeners have an obligation  to use common historical context to fill in the missing object of the pseudopredicate and construct the proper understanding with less words.  The listener’s job is to choose the most obvious, or most relevant, or most recent object to fill in the pseudopredicate’s blank.

    For example: “These cookies taste better”- If I had cookies with the person making this statement, I would assume “These cookies taste better than the last batch of cookies X made”.  Or maybe X never made cookies, but we had shared cookies before, then I would assume “These cookies taste better than the last batch of cookies we shared”.  Or maybe I do not remember any cookies in our common past, and then I would assume “These cookies taste better than the X we just finished eating”.  Etc.

    With the historical context in mind, and having a reasonable expectation of what contexts others have when receiving the same statement,  I would assume “Diet Dr. Pepper tastes more like regular Dr. Pepper” to mean “Diet Dr. Pepper tastes more like regular Dr. Pepper than our previous formulation of Diet Dr. Pepper tasted like regular Dr. Pepper”.  It seems obvious to me that the missing object is the one that is most similar to the subject; and that can only be a comparison between previous versions of Diet Dr. Pepper and Dr. Pepper.  Furthermore, only the most recent Diet Dr. Pepper is most relevant.  (comparing Dr. Pepper to Dr. Pepper is silly).

    Why would anyone think that “Diet Dr. Pepper tastes more like regular Dr. Pepper”’s missing object is a comparison with any other family of objects?   If you choose “…than Diet Coke tastes like regular Coke”, then what justifies bringing in whole new subject matter (eg. the Coke line of products)?  I consider it disingenuous, on the listener’s part, to fill in the blanks with subjects the speaker never mentioned, or on subjects the listener had no history of sharing with that speaker.

    The second half of your post demonstrates you exercised your listener’s obligation and correctly assumed “To protect the source code” to mean “To protect the source code from casual inspection and editing by snoopy people”.  As the listener, you have the right to suspect the speaker of being deceptive and meaning something else, so you may want clarification; but the issue of deception is separate from the meaning of the words spoken, which are clear.  As the listener you also have the right to suspect the speaker innocently misspoke, so you have the right to clarification; but this is an issue of uncovering the common context; questioning uncovers the speaker’s context to understand the meaning of their words.

    In summary, communication requires both the listener and speaker to use context to understand the meaning of phrases, if only for the sake of communication efficiency. I do not dispute there may be deceptive or naïve speakers, and clarification is needed to weed out those entities.  But I do dispute questioning the meaning of simple pseudopredicates, that really have only one interpretation by any reasonable listener.  If you seriously demand all instances of “Diet Dr. Pepper tastes more like regular Dr. Pepper” to be replaced with “Diet Dr. Pepper tastes more like regular Dr. Pepper than our previous formulation of Diet Dr. Pepper tasted like regular Dr. Pepper”, then I think you are trying to make the world an uglier place with no real benefit.

  16. Peter Thatcher says:

    I’ve always been bothered by that Dr. Pepper slogan.  My brain filled in the blanks as "Diet Dr. Pepper tastes more like Regular Dr. Pepper than Regular Dr. Pepper tastes like Regular Dr. Pepper".  I guess that’s sort of like giving 110% effort.

  17. AndrewR says:

    My brain also fills in the blanks like Peter Thatcher’s does…

    Great post, and very well done to write using a context that a hobbyist/non-pro like me can easily digest. Usually I don’t have the brain-space to properly digest your other articles!

  18. Eric Lippert says:

    So, Kyle, what about "Diet Dr. Pepper: There’s Nothing Diet About It" ?  What is the listener’s obligation to the speaker of that particular gem?

  19. Rich says:

    Kyle: I think you make some good points. However, in cases of ambiguity, there are other options than the speaker being deceptive or mis-speaking. There’s also the possibility that the speaker mis-thought or mis-understood. In Eric’s obfuscation example, it’s quite plausible that the speaker thought that "protects the source code" is a predicate all by itself, and if so, that misapprehension needs to be corrected in order to properly answer the question.

  20. Eric Lippert says:

    There are also subtle issues of emphasis in spoken English that convey extra information when there is a shared context:

    THESE cookies taste better (implication: than those cookies)

    These COOKIES taste better (implication: but the cake is still terrible)

    These cookies TASTE better (implication: but they’re still too crumbly)

    These cookies taste BETTER (implication: but still not very good)

  21. Ollie Riches says:

    So where is the car right now? 🙂

  22. JD says:

    Eric,

    I absolutely love the clarity you bring to any topic written on your blog. I think you would make a great teacher!

    Probably become a .NET trainer. I would pay a premium to attend classes where you are the trainer.

    Thanks!

  23. Eric Lippert says:

    Thanks JD, that’s a kind thing to say.  I do enjoy teaching, and might do more if I ever retire from this job.

  24. All this talk of Dr Pepper is making me think of buying one.

    Seriously though, as a lawyer (as well as amateur programmer), much of our work in drafting contracts or bringing or defending claims, I would suggest, is about spotting and challenging the use of pseudopredicates by others, and ensuring that your contract obligations or claims are expressed as full predicates, and better still, the predicates our client had in mind.

  25. Aaron P says:

    "Diet Dr. Pepper: There’s Nothing Diet About It"

    This is what is called a lie. It obviously has something Diet about it, its name.

  26. Pseudo-Predicates in Specifications

  27. Dave C. says:

    Using Dr. Pepper is always a good technique to get me to read a tech blog. Not often does it leads to an excellent and entertaining social commentary on how we ("the unwashed masses") allow ourselves to be lead astray by reading our own goals / hopes / dreams / fears into other peoples (inaccurate) statements.  Nor is it surprising, and worth remembering, that some people out there would use "especially malformed English" to "exploit this weakness" and "cause arbitrary behaviour to executie in the host brain." Vey funny!

    An excellent reminder that “accurate language leads to accurate thinking.”

    Visiting with my cousin, who has her PhD in physics, often reminds me how inaccurate my language becomes. No excuses – but I blame working with business folk all day long. Which leads to the corollary statement:

    “Inaccurate language leads to accepting all sorts of silly thinking.” Remember this one next time you’re in a management or marketing meeting!  😉

  28. Sergio Arizmendi says:

    That’s why I always leave the top off. The day someone wants to steal my car, the top won’t stop them. And I don’t know why obfuscation makes people think their code is "secure", since I’ve seen whole products being reverse-engineered in hours even after obfuscation – you won’t stop smart people with casual solutions. Great article, I’ll recommend it to many consulting friends out there 🙂

  29. AlSki says:

    Here’s a radical thought,

    Does obfuscation actually protect your code less?

    I remember a legal case being bought against a certain technology company we all know on the basis that portions of its code was taken directly from another companies code. With obfuscation your code is likely to produce very similar MSIL but possibly more different than if you and another produced the same algorithm, without obfuscation. So in this manner you have less evidence of code theft.

    Not that I expect anyone here would ever decompile/disassemble a competitors product to solve particular issues.

  30. darrenkopp says:

    "The commercial for Diet Dr. Pepper says it tastes just like regular Dr. Pepper. Well then they ****ed up!" – Mitch Hedberg.

  31. Kyle says:

    Sorry for the late reply.

    Thanks for even responding to my rant.  In retrospect, it was at best tangential to your main points.

    On the subject of "Diet Dr. Pepper: There’s Nothing Diet About It":  

    First, I would expect the listener to assume “Diet” in “Diet Dr. Pepper” means “Low calorie Dr. Pepper”; I get this assumption from marketing claims and ingredient lists of various “Diet” sodas on the market over the years.  

    Second, I would expect the “Diet” in “…Nothing Diet About It” to refer to the taste of the product.  If the listener assumed this second “Diet” refereed to calories, then the sentence makes little sense.  Since the listener has an obligation to try and find what sense was meant,  he must consider other attributes of diet cola that could be different, namely taste**.   Therefore, the listener should interpret “There’s Nothing Diet About It” to mean “It does not have the diet cola taste”.

    “Low Calorie Dr. Pepper: It does not have the diet cola taste”

    **There are other attributes of diet soda that could have been inferred, like maybe aspartame content, or removal of that wholly untested acesulfame potassium.  But since the bulk of society has memory of the  90’s when diet soda tasted markedly different than regular soda, and it was the most common complaint against diet soda, the listener should assume taste is the (second) most known attribute of “Diet” colas.

    Maybe in the future, when the distinctive taste of diet sodas wane, this same sentence will become meaningless.

  32. commenter says:

    Kyle is spot on. The moral of the story is, advertising slogans are not meant to be cast-iron logical propositions, but rather they aim to be brief, memorable, ideally witty, and catchy.

  33. C.J. says:

    Makes me want to go drink some Dr. Pepper.

    Maybe I should go read more about the english language.

    Obfuscation secures one’s code from being maintained by someone else… does that make it a form of job security?

  34. Lazem says:

    two points here:

    -there are a vast difference between calamining the predicate is not a pseudo-predicate-formal logical one- and determining the falsity of it.

    The "Diet Dr. Pepper tastes more like regular Dr. Pepper.”

    is actually a formal premise,which can be regarded as a boor predicate -not because its structure but because something something else i’ll talk about in point 2".

    even though whether this premise is true or false depends entirly on the context which the premise applied into, if the context is me tasting both Dr.Peppers i might truthify the claim depending on my taste,but if the context is a taste expert who uses a scientific methods to differentiate between the tastes,he might falsify it,but in both cases the claim is logical.

    -but what you’re talking about is actually how much specifications to provide our claims;it’s inherent in our brain to generalize elements in put them in sets,but in many cases we use some generalizations to express a subset of the set that this generalization  generalizes,which will be misleading as we mean a specific something while we express it in something more general…

    so while "putting locks protects the house" is misleading generalization, "putting locks protects from a burglar" can also be misleading as a burglar is a set that contains the door breaking burglar,the windows breaking burglar, the floor breaking burglar,the teleporting burglar and many more,so using this generalization can also be misleading,actually using any generalization can be misleading,in our daily use,we infer the specification level using our common sense,which can be easily falsified.in a scientific context the level should be clearly stated to avoid such

  35. Andrew Becker says:

    I never really thought about what the slogan meant, but looking back, I always interpreted it to mean "Diet Dr. Pepper tastes more like regular Dr. Pepper than Dr. Pepper tastes like Dr. Pepper."  In retrospect, probably not what they were intending.

    I think Eric’s right about the intended meaning being "Diet Dr. Pepper tastes more like regular Dr. Pepper than other diet sodas taste like their regular versions."  Kyle asks what justifies that; I’d say that the context of being in a commercial trying to convince people to drink Dr. Pepper instead of other brands is sufficient to justify the leap.  (I don’t really remember the commercials, but if the concurrent video is for example someone drinking from a can of unidentified diet non-Dr. Pepper and grimacing, that would also be justification.)

    As far as the whole pseudopredicate thing goes, though, I agree with Kyle about the English language in general.  Even “protects the database administrator password that I’ve stuck into my source code from discovery and misuse by a determined and intelligent attacker” is vague.  How determined or intelligent?  What kind of resources does the attacker have?  And so on.  We have to rely on people to fill in the blanks, and occasionally they’ll get it wrong.  (This isn’t to say that "protects the source code" is a good predicate; there’s a tradeoff between brevity and clarity, and I don’t think "protects the source code" is anywhere near optimal.  But it seems more a matter of degree than of kind to me.)