Quotulatiousness

April 9, 2014

XKCD on the impact of “Heartbleed”

Filed under: Technology — Tags: , , , , , — Nicholas @ 11:00

Update: In case you’re not concerned about the seriousness of this issue, The Register‘s John Leyden would like you to think again.

The catastrophic crypto key password vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also affected.

The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers.

Hackers could potentially gain access to private encryption key before using this information to decipher the encrypted traffic to and from vulnerable websites.

Web sites including Yahoo!, Flickr and OpenSSL were among the many left vulnerable to the megabug that exposed encryption keys, passwords and other sensitive information.

Preliminary tests suggested 47 of the 1000 largest sites are vulnerable to Heartbleed and that’s only among the less than half that provide support for SSL or HTTPS at all. Many of the affected sites – including Yahoo! – have since patched the vulnerability. Even so, security experts – such as Graham Cluley – remain concerned.

OpenSSL is a widely used encryption library that is a key component of technology that enables secure (https) website connections.

The bug exists in the OpenSSL 1.0.1 source code and stems from coding flaws in a fairly new feature known as the TLS Heartbeat Extension. “TLS heartbeats are used as ‘keep alive’ packets so that the ends of an encrypted connection can agree to keep the session open even when they don’t have any official data to exchange,” explains security veteran Paul Ducklin in a post on Sophos’ Naked Security blog.

The Heartbleed vulnerability in the OpenSSL cryptographic library might be exploited to reveal contents of secured communication exchanges. The same flaw might also be used to lift SSL keys.

This means that sites could still be vulnerable to attacks after installing the patches in cases where a private key has been stolen. Sites therefore need to revoke exposed keys, reissue new keys, and invalidate all session keys and session cookies.

Bruce Schneier:

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

Half a million sites are vulnerable, including my own. Test your vulnerability here.

The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.

At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

Amity Shlaes on “progressive” tax rates

Filed under: Government, USA — Tags: , , — Nicholas @ 09:36

The US tax system, like those in many Western countries, incorporates the concept of “progressivity” — the higher the income you earn, the higher the tax you pay on the last dollar. Your income is divided into blocks where each block of dollars is taxed at a different (rising) rate. In other words, the lower your personal income the less tax you pay per dollar of income. Amity Shlaes explains why this mechanism makes reforming or cutting taxes such a challenge:

Over the hundred years intervening, studies have shown that generally people do think that the greater the wealth, the more dollars wealthy people should pay in tax, proportionally. But that is not a progressive rate structure. That is a flat tax. A progressive tax increases rates as you earn more, disproportionally.

Nor are many people aware that under a progressive structure the last dollar is taxed at a different rate from the first dollar. The top marginal rate is not necessarily the average rate. In the early 1980s, scholar Karlyn Keene found that many Americans, when interviewed, thought flat taxes fair. Before Keene, Walter Blum and Harry Kalven at the University of Chicago studied attitudes toward progressivity and its functions and came away, despite their liberal predilections, concluding that the case for progressivity is “uneasy.”

[…]

Vanity of two sorts provides answers. Most Americans are unwilling to concede that they may not understand or be comfortable with long formulas and complex economic ideas. So, like the Enron audit committee, they simply nod and go along.

The second vanity involves not intelligence but a kind of Puritan pretension. No American wants to be caught appearing unfair, even if in the most fleeting snapshot. “Progressivity” sounds like “progress.” Nobody wants to be seen opposing progress, even if that progress is regress and unfair to boot.

In any case: That willed American ignorance is the single greatest reason our progressive income-tax rates have moved, at times, into the 90 percent range, up from that original 7 percent.

Worse, the attitude makes progressivity hard to undo. When you cut taxes for all in a progressive rate structure, the rich necessarily get a larger tax break because they pay a greater share of the taxes. But “larger tax breaks for the rich” are impossible to sell. A redistributive corollary: benefits for the poor. This week Paul Ryan is getting scourged because his budget cuts affect the poor more than the rich. That is because the poor get more of the benefits in the first place.

Update, 10 April: Here’s a great example of how much tax rates can increase at higher levels (although this particular example is not an income tax). In New York state, a recent change to estate tax rates can result in a marginal tax of 164%:

On its face, the new law seems like tax relief. Under the previous law, New Yorkers paid estate taxes of 3.06 percent to 16 percent on the value of estates over $1 million. The new law raises that exclusion to $2.062 million this year and gradually increases it to more than $5 million by 2017.

But because the law also phases out certain credits related to federal taxes, people who have estates valued just above the $2 million threshold could get massive estate tax bills. An analysis by U.S. Trust found that a New York resident who dies today with a taxable estate of $2,165,625 could have to pay an estate tax of over $112,050. That represents a tax of over 100 percent on the value of the estate over $2,062,000.

It gets worse in a few years. Matz said that assuming that the exclusion rises to $5,250,000, a New Yorker with a taxable estate of $5,512,500 would have to pay an estate tax of $430,050. That’s a marginal tax rate of 164 percent on the value of the estate above the exclusion.

The rise of the bloodmouth carnists

Filed under: Food, Humour, Politics — Tags: , — Nicholas @ 09:13

ESR has a bit of fun at the expense of a militant vegan:

Some weeks ago I was tremendously amused by a report of an exchange in which a self-righteous vegetarian/vegan was attempting to berate somebody else for enjoying Kentucky Fried Chicken. I shall transcribe the exchange here:

    >There is nothing sweet or savory about the rotting
    >carcass of a chicken twisted and crushed with cruelty.
    >There is nothing delicious about bloodmouth carnist food.
    >How does it feel knowing your stomach is a graveyard

    I’m sorry, but you just inadvertently wrote the most METAL
    description of eating a chicken sandwich in the history of mankind.

    MY STOMACH IS A GRAVEYARD

    NO LIVING BEING CAN QUENCH MY BLOODTHIRST

    I SWALLOW MY ENEMIES WHOLE

    ESPECIALLY IF THEY’RE KENTUCKY FRIED

I am no fan of KFC, I find it nasty and overprocessed. However, I found the vegan rant richly deserving of further mockery, especially after I did a little research and discovered that the words “bloodmouth” and “carnist” are verbal tokens for an entire ideology.

First thing I did was notify my friend Ken Burnside, who runs a T-shirt business, that I want a “bloodmouth carnist” T-shirt – a Spinal-Tap-esque parody of every stupid trash-metal tour shirt ever printed. With flaming skulls! And demonic bat-wings! And umlauts! Definitely umlauts.

Once Ken managed to stop laughing we started designing. Several iterations. a phone call, and a flurry of G+ messages later, we had the Bloodmouth Carnist T-shirt. Order yours today!
Bloodmouth Carnist t-shirt

Palin – “A lot of Python was crap, it really was”

Filed under: Britain, Humour, Media — Tags: , , — Nicholas @ 08:38

The funny bits were very funny indeed, but we tend to forget the never-ending interminable repetitive repetitiveness of a lot of the other material:

Michael Palin has finally admitted what many of us have known in our hearts for some time: a lot of Monty Python‘s material was “crap.”

“People forgive you the things that don’t work. A lot of Python was crap, it really was,” said Palin, yesterday, at the launch of a tour called “Travelling To Work” announced at the London Book Fair.

“We put stuff in there that was not really that good, but fortunately there were a couple of things that everyone remembers while they’ve forgotten the dross,” he said.

Palin is dead right, of course. As a child in the 1970s I remember sitting stony-faced through entire episodes of Monty Python’s Flying Circus. But at the time, and ever since, there has existed a powerful omerta whereby no one can admit to finding Monty Python unfunny for fear of being thought humourless or not part of the gang.

Monty Python‘s inflated reputation derives as much as anything, I think, from a combination of obsessive repetition and peer pressure. That is, a lot of their sketches are not particularly funny in and of themselves, but have been conferred the status of classics as a result of being endlessly repeated by drunken students who brandish their knowledge of Python sketches as a way of acquiring cult credibility.

I know this because it’s exactly what I did myself at university in the mid-Eighties.

Yeah, well, on that last bit all I can say is “All right, it’s a fair cop, but society is to blame”.

Being “pro-business” does not mean the same as being “pro-market”

It’s a common misunderstanding (especially with people who don’t know what laissez faire actually means):

For years, Republicans benefited from economic growth. So did pretty much everyone else, of course. But I have something specific in mind. Politically, when the economy is booming — or merely improving at a satisfactory clip — the distinction between being pro-business and pro-market is blurry. The distinction is also fuzzy when the economy is shrinking or imploding.

But when the economy is simply limping along — not good, not disastrous — like it is now, the line is easier to see. And GOP politicians typically don’t want to admit they see it.

Just to clarify, the difference between being pro-business and pro-market is categorical. A politician who is a “friend of business” is exactly that, a guy who does favors for his friends. A politician who is pro-market is a referee who will refuse to help protect his friends (or anyone else) from competition unless the competitors have broken the rules. The friend of business supports industry-specific or even business-specific loans, grants, tariffs, or tax breaks. The pro-market referee opposes special treatment for anyone.

[…]

GOP politicians can’t have it both ways anymore. An economic system that simply doles out favors to established stakeholders becomes less dynamic and makes job growth less likely. (Most jobs are created by new businesses.) Politically, the longer we’re in a “new normal” of lousy growth, the more the focus of politics turns to wealth redistribution. That’s bad for the country and just awful politics for Republicans. In that environment, being the party of less — less entitlement spending, less redistribution — is a losing proposition.

Also, for the first time in years, there’s an organized — or mostly organized — grassroots constituency for the market. Historically, the advantage of the pro-business crowd is that its members pick up the phone and call when politicians shaft them. The market, meanwhile, was like a bad Jewish son; it never called and never wrote. Now, there’s an infrastructure of tea-party-affiliated and other free-market groups forcing Republicans to stop fudging.

A big test will be on the Export-Import Bank, which is up for reauthorization this year. A bank in name only, the taxpayer-backed agency rewards big businesses in the name of maximizing exports that often don’t need the help (hence its nickname, “Boeing’s Bank”). In 2008, even then-senator Barack Obama said it was “little more than a fund for corporate welfare.” The bank, however, has thrived on Obama’s watch. It’s even subsidizing the sale of private jets. Remember when Obama hated tax breaks for corporate jets?

QotD: “Perhaps being a boy is a learning disorder”

Filed under: Bureaucracy, Education, Health, Quotations — Tags: , , — Nicholas @ 00:01

… more children are being diagnosed with “autism spectrum disorders” than ever, specifically that diagnoses have gone from one in about a hundred and fifty to about one in sixty eight. A lot of these diagnoses are for children with extremely mild Aspergers, right at the borderline between normal (whatever that is) and Aspergers. Now this may be a result of more people suffering from ASD’s, especially extremely mild Aspergers, as a result of cumulative mutations and pregnant women being exposed to environmental risks. Or it could be that ever since the Fed’s started throwing money at diagnosing and providing educational services for kids with ASD’s they have become the diagnoses de jour. In fact, it is worth noting that since the Feds started throwing more money at ASD’s and less at ADD and ADHD the number of children diagnosed with the former has increased and the latter two decreased. Apparently getting more Federal funding causes learning/psychological disorders and getting funding cut cures them.

That or educators are blowing off the needs of kids with disorders that are not “getting the love.” My own personal opinion is that favored problems get over-diagnosed and those not blessed with Fed money get under-diagnosed. Shame on the education establishment either way.

It should also be noted that whichever disorder is getting attention it seems to hit males about four times as often as females. In fact, it seems that a lot of the descriptors of symptoms for various ASD’s and ADD read like pretty normal behavior for boys.

Perhaps being a boy is a learning disorder (there’s a large number of females who would nod their head in agreement with this thesis).

A.X. Perez, “Old News Interpreted”, Libertarian Enterprise, 2014-04-06

Powered by WordPress