Tuesday, April 29, 2014

NBA Bans Donald Sterling

Full transcript of Adam Silver on Donald Sterling ban. Nicely done.

Capital in the Twenty-First Century by Thomas Piketty

In my week of films (that's still continuing) apparently there was much talk about French economist Thomas Piketty's new book, Capital in the Twenty-First Century. From the Amazon summary:

"Piketty shows that modern economic growth and the diffusion of knowledge have allowed us to avoid inequalities on the apocalyptic scale predicted by Karl Marx. But we have not modified the deep structures of capital and inequality as much as we thought in the optimistic decades following World War II. The main driver of inequality--the tendency of returns on capital to exceed the rate of economic growth--today threatens to generate extreme inequalities that stir discontent and undermine democratic values. But economic trends are not acts of God. Political action has curbed dangerous inequalities in the past, Piketty says, and may do so again."

David Warsh writes briefly giving the thesis and some background on Piketty, Paris Takes Its Place. Jared Bernstein explains why the book is taking the world by storm, A Good Question Re the Piketty Book.

Krugman: The Piketty Panic. "Other books on economics have been best sellers, but Mr. Piketty’s contribution is serious, discourse-changing scholarship in a way most best sellers aren’t. And conservatives are terrified. Thus James Pethokoukis of the American Enterprise Institute warns in National Review that Mr. Piketty’s work must be refuted, because otherwise it “will spread among the clerisy and reshape the political economic landscape on which all future policy battles will be waged.” Well, good luck with that. The really striking thing about the debate so far is that the right seems unable to mount any kind of substantive counterattack to Mr. Piketty’s thesis. Instead, the response has been all about name-calling — in particular, claims that Mr. Piketty is a Marxist, and so is anyone who considers inequality of income and wealth an important issue."

David Brooks wrote, The Piketty Phenomenon. "His book “Capital in the Twenty-First Century” argues that the real driver of inequality is not primarily differences in human capital. It’s differences in financial capital. Inequality is not driven by young hip professionals who arm their kids with every advantage and get them into competitive colleges; it’s driven by hedge fund oligarchs...Piketty predicts that growth will be low for a century, though there seems to be a lot of innovation around. He predicts that the return on capital will be high, though there could be diminishing returns as the supply increases. He predicts that family fortunes will concentrate, though big ones in the past have tended to dissipate and families like the Gateses give a lot away. Human beings are generally treated in aggregate terms, without much discussion of individual choice."

Krugman retorts: "So, two points. Piketty doesn’t just assert that fortunes will concentrate, he shows that they have in fact concentrated in the past. That’s the whole point of his extended analysis of Belle Epoque France, with its dominance by inherited wealth. And for every Bill Gates, there are many families that do all they can to perpetuate dynastic wealth. Remember, the 10 wealthiest Americans include 4 Waltons and two Kochs."

Krugman has a lengthy review in the New York Review of Books, Why We’re in a New Gilded Age.

Jared Bernstein is reading it and responding to Dude, Where’s Your Piketty Review??!! "–In that sense, it’s more Newtonian than Keynesian. The former changed the way we understood the universe. The latter did too (re the economic universe), but to a lesser extent, and what emerged was less a new understanding of the relationships between growth, inequality, capital, and labor, and more a very different, much more activist, policy approach to the business cycle."

Robert M. Solow give a lengthy review of the book in The New Republic.

Here's an hour and half video of a panel at CUNY with Piketty, Krugman and others.

25 Fascinating Charts of Negotiation Styles Around The World

25 Fascinating Charts Of Negotiation Styles Around The World | Business Insider "Language is only the most obvious part of the global communication gap. Different cultures also have distinct approaches to communication during meetings, as described by British linguist Richard D. Lewis, whose best-selling book, ‘When Cultures Collide,’ charts these as well as leadership styles and cultural identities."

"Lewis’ diagrams show how cultures use language to communicate during meetings, with wider shapes showing greater conversational range, obstacles marked in gray, and cultural traits noted as well."

From my very limited experience in the area, these at least seem familiar enough for humor. Also, sorry about the quality, click through to the article for a far more legible graphic.

Sdfv dfvdfuntitled 2

Massive Storm System Spawns Tornadoes Across Southeast

In Focus shows Massive Storm System Spawns Tornadoes Across Southeast "Over the past three days, a chain of deadly tornadoes dangerous has flattened homes and businesses in half a dozen states, forcing frightened residents to take cover and leaving tens of thousands still in the dark. At least 28 deaths have been reported so far. As the dangerous storm system rages on, authorities are warning of further severe weather across more than a dozen southern states. [28 photos]"

T01 RTR3N0IC 500

It's amazing to me that the wind did this. More from The Big Picture

Friday, April 25, 2014

2014 National Geographic Traveler Photo Contest

In Focus on the 2014 National Geographic Traveler Photo Contest "The 26th annual National Geographic Traveler Photo Contest is under way, and entries will be accepted for another six weeks, until June 30, 2014. First prize winner will receive an 8-day Alaskan expedition for two. National Geographic was once more kind enough to allow me to share some of the early entries with you here, gathered from four categories: Travel Portraits, Outdoor Scenes, Sense of Place, and Spontaneous Moments. Photos and captions by the photographers. [30 photos]"

Just go look, every single one is astounding.

Thursday, April 24, 2014

Wednesday, April 23, 2014

What’s the liberal equivalent of climate denial?

Ezra Klein follows up the discussion his first post on Vox started, What’s the liberal equivalent of climate denial?.

"Does politics make Republicans dumber than Democrats? Paul Krugman thinks so. "Can anyone point to a liberal equivalent of conservative denial of climate change, or the ‘unskewing' mania late in the 2012 campaign, or the frantic efforts to deny that Obamacare is in fact covering a lot of previously uninsured Americans?" He asks. Jonathan Chait mostly agrees. "In American politics," he writes, "reliance on empiricism is an ideology" — and, to be more specific, that ideology is liberalism."

"No one can personally investigate the vast array of issues facing the country. In terms of getting the right answers, the most important decision people make is choosing whom to trust. In politics, that typically means choosing a party, or at least a political coalition. If one party is systematically better at assessing the evidence than the other that's a huge deal."

He doesn't answer the question, he just asks it again.

10 historical software bugs with extreme consequences

Stumbled across this article from 2009, 10 historical software bugs with extreme consequences.

Tuesday, April 22, 2014

Movie Review: The Case Against 8

The Case Against 8 is playing this weekend as part of IFFBoston. Conveniently it had a screening tonight at Harvard Law School, so I got to extend to IFF by a day and avoid a conflict or two in scheduling.

The movie tells the story of the legal battle to overturn California's Proposition 8 which was passed in 2008 and defined marriage as between one man and one woman. The battle to overturn it started with someone having lunch with Rob Reiner (really) who mentioned that a brother-in-law of someone (his? his wife?) knew lawyer Ted Olson and he might be interested in the case. Olson was a non-obvious choice being one of the most prominent conservative lawyers in the country; a founding member of The Federalist Society and infamously winning Bush v. Gore. More surprisingly he teaming up with his Bush v. Gore opponent David Boies to take the case.

It started with them searching for plaintiffs. They found two couples one gay and one lesbian living in California who wanted to marry to represent. They were picked to be perfect plaintiffs, nothing wrong in the background, good families, etc. The movie follows as they prepare for and argue the case before the US District Court and then the appeal of the ruling to the US Supreme Court.

If you follow the news at all you know what happens. They win. (I really don't think that's a spoiler). So the question is how does the movie decide to tell the story. It turns out they knew this was going to be an important case for history and decided to film it from the beginning. They were a little hampered by the decision of the court to now allow the District Court trial to be broadcast (though it was apparently filmed and the film is now under seal for no great reason). So it's a legal story but it's also an emotional one so they follow the plaintiffs as they prepare for the trial, and are nervous the night before, and happy at winning and then getting married immediately after the Supreme Court decision.

Now I'm probably in the minority in this but I wish there was more law in this film and less personal drama. I'm already on the plaintiffs side and don't need to be convinced that "they're just like ordinary people" or that "letting them marry won't hurt anyone else" or that they've experienced discrimination in their lives. At 109 mins this isn't a short movie, there's lots scenes of lawyers typing and looking seriously at big stacks of paper and milling in and out of offices and cars, all to deliberately passed serious sounding music. The legal stuff is covered but there are two parts that sounded fascinating and are just mentioned.

It seems David Boies is a genius cross-examiner. At one point in the film Olson says that Perry Mason moments only happen on television and when Boies is cross-examining and it happened in this trial. The defense called several witnesses but they weren't that impressive. Their last was David Blankenhorn, a vocal advocate against same-sex marriage but not an actual expert in much. Boies apparently asked him a series of questions, and Blankenhorn gave a series of answers and by the end he was saying that the plaintiffs should be allowed to marry. The film interviews him and he says he'd answer them the same today. He's since come out in support of gay marriage. I wish the movie covered this more, in some cases they read briefly from the transcript but not much if any from this.

The other was Olson's closing statement. Boies says it's the best argument he's ever heard in a court, but we don't get to hear any of it. Now both of these happened at the District Court, after this we follow them to the Supreme Court which ends up the deciding the case on standing. That is a technicality in whether the plaintiffs of that case can show harm that happened to them giving them the basis to sue. The court decided in an unusual 5-4 grouping, Roberts, Scalia, Ginsburg, Breyer, and Kagan for and Kennedy, Thomas, Alito, and Sotomayor against. The film doesn't cover that at all and doesn't address the issue that this wouldn't change any minds on the merits of the case as the District Court ruling details might.

The movie is good. I'm sure most people will be very moved by the personal journey of the two couples. At 109 minutes I think there's a fair amount of filler (and random scenes with Rob Reiner in the background) and I wish there was a little more in it that would actually convince someone that this is a real civil rights issue and is about treating people equally and fairly. The film had the opportunity, David Blankenhorn was convinced (and he is interviewed in the film) but didn't dive into it. As I read about the case on wikipedia I see there's a play called 8 that might be more to my liking.

Apple - Environmental Responsibility

I guess Apple is going all out for Earth Day. Their site has a section Apple - Environmental Responsibility that describes all their efforts to make products that are better for the environment. It's also very beautifully designed.

Also, Steven Levy has an article in Wired, Apple Aims to Shrink Its Carbon Footprint With New Data Centers. He toured an Apple data center with Apple VP of Environmental Initiatives (and former head of the EPA) Lisa Jackson. It's powered 100% by renewable energy sources.

Heartbleed as Metaphor

Dan Geer writes in Lawfare Heartbleed as Metaphor and people should read it.

Only monocultures enable Internet-scale failure; all other failures are merely local tragedies. For policymakers, the only aspect of monoculture that matters is that monocultures are the sine qua non of mass exploitation. In the language of statistics, this is “common mode failure,” and it is caused by underappreciated mutual dependence. Here is the National Institute of Standards and Technology (NIST):

A common-mode failure results from a single fault (or fault set). Computer systems are vulnerable to common-mode resource failures if they rely on a single source of power, cooling, or I/O. A more insidious source of common-mode failures is a design fault that causes redundant copies of the same software process to fail under identical conditions.

That last part — that “[a] more insidious source of common-mode failures is a design fault that causes redundant copies of the same software process to fail under identical conditions” — is exactly what monoculture invites and exactly what can be masked by complexity. Why? Because complexity ensures hidden levels of mutual dependence. In an Internet crowded with important parts of daily life, the chance of common mode failure is no idle worry — it is the sum of all worries.

Autism and the Agitator

Frank Bruni has a nice op-ed rant against Autism and the Agitator Jenny McCarthy (and the people that gave her a platform).

20 MRI Scans of Fruits and Vegetables

20 MRI Scans of Fruits and Vegetables.. ""

Navigate News With The Upshot

The New York Times has started their own data journalism site. Navigate News With The Upshot

One of our highest priorities will be unearthing data sets — and analyzing existing ones — in ways that illuminate and explain the news. Our first day of material, both political and economic, should give you a sense of what we hope to do with data. As with our written articles, we aspire to present our data in the clearest, most engaging way possible. A graphic can often accomplish that goal better than prose. Luckily, we work alongside The Times’s graphics department, some of the most talented data-visualization specialists in the country. It’s no accident that the same people who created the interactive dialect quiz, the deficit puzzle and the rent-vs-buy calculator will be working on The Upshot.

Perhaps most important, we want The Upshot to feel like a collaboration between journalists and readers. We will often publish the details behind our reporting — such as the data for our inequality project or the computer code for our Senate forecasting model — and we hope that readers will find angles we did not. We also want to get story assignments from you: Tell us what data you think deserves exploration. Tell us which parts of the news you do not understand as well as you’d like."

Their first big story, Who Will Win The Senate?. "According to our statistical election-forecasting machine, it’s a tossup. The Democrats have about a 51% chance of retaining a majority." Lots of very pretty graphs.

Monday, April 21, 2014

2014 Hugo Award Nominees

io9 is Announcing the 2014 Hugo Award Nominees "The nominees for the 2014 Hugo Awards have been announced! This year's nominating ballot saw a record-shattering 1,923 valid nominations. The winners will be announced on Sunday, August 17, during the Hugo Awards Ceremony at Loncon 3. "

Saturday, April 19, 2014

Everything you need to know about economics in 297 words

Ezra Klein writes This graduation speech teaches you everything you need to know about economics in 297 words. "In 2011, Thomas Sargent won the Nobel prize in economics. But in 2007, he gave a graduation speech to Berkeley undergraduates that still stands as one of the greatest, shortest introductions to economics — and to life."

This is why Valve’s business model is so totally brilliant

Ars reveals Steam’s most popular games. "Right now, I can tell you that about 37 percent of the roughly 781 million games registered to various Steam accounts haven’t even been loaded a single time. I can tell you that Steam users have put an aggregate of about 3.8 billion hours into Dota 2. I can tell you that Steam users tend to put nearly 600 percent more time into the multiplayer mode on Modern Warfare 2 than the single player mode." Lots of graphs, assumptions and caveats as they look at what games are popular via bought, players and hours played. They issued this update, Steam Gauge: Addressing your questions and concerns.

I saw this via Brian Fung's article, This is why Valve’s business model is so totally brilliant. "Valve is one of the most successful game companies on the planet. It helped usher in the idea of digital distribution. The company's version of an online app store, Steam, is known for selling games made by third parties, such as Skyrim and Call of Duty. But Steam's real value lies in the way it gives independent publishers equal footing against big corporate game makers."

Towards the end he linked to this interview from 2011 which I found really fascinating, How Valve experiments with the economics of video games

What Does Sound Look Like?

There Really Are So Many More Twins Now

Alexis C. Madrigal writes in The Atlantic There Really Are So Many More Twins Now

"From about 1915, when the statistical record begins, until 1980, about one in every 50 babies born was a twin, a rate of 2 percent.  Then, the rate began to increase: by 1995, it was 2.5 percent. The rate surpassed 3 percent in 2001 and hit 3.3 percent in 2010. Now, one out of every 30 babies born is a twin."

"Older women tend to have more twins than younger women—and older women are having more of the nation's babies. The researchers found this demographic phenomenon accounted for one-third of the increase. They attributed the rest of it to the increase in infertility treatments, specifically in-vitro fertilization and "ovulation stimulation medications." "

How Americans Die

Bloomerberg's How Americans Die is a really interesting graphic. By that I mean it's (1) very pretty, (2) very well laid out and (3) really interesting in how it uses several graphs each with text to slowly make a point about a complex subject.

Nevertheless, I'm not sure what that point is. It shifts between charts of mortality and number of deaths but doesn't always seem to take into account changes in population size (particularly when it concentrates on specific age ranges). But wow, it includes this fact "about a third of all deaths are people 85 and older". That's way higher than I would have expected.

How to Convince People Of Non-Obvious Things

Breast cancer screening is a serious subject that a lot of people have profound personal experiences with. It's also true that Bayes' theorem is often counterintuitive.

This article in the NEJM, Abolishing Mammography Screening Programs? A View from the Swiss Medical Board, makes the case for less mammogram screening. It includes this great graphic:

NEJM1 500x419

A Car on Mars

The HiRISE orbiter took a picture of Curiosity Ready to Drill for Gold at the Kimberley. Click the photo below for a bigger image showing it's tracks in the sand (seen from orbit!)

Screen Shot 2014 04 19 at 2 56 21 PM

Mission-critical satellite communications wide open to malicious hacking

Ars reports Mission-critical satellite communications wide open to malicious hacking.

"Mission-critical satellite communications relied on by Western militaries and international aeronautics and maritime systems are susceptible to interception, tampering, or blocking by attackers who exploit easy-to-find backdoors, software bugs, and similar high-risk vulnerabilities, a researcher warned Thursday."

"Santamarta said that every single one of the terminals he audited contained one or more weaknesses that hackers could exploit to gain remote access. When he completed his review in December, he worked with the CERT Coordination Center to alert each manufacturer to the security holes he discovered and suggested improvements to close them. To date, Santamarta said, the only company to respond was Iridium. To his knowledge, the remainder have not yet addressed the weaknesses. He called on the manufacturers to immediately remove all publicly accessible copies of device firmware from their websites to prevent malicious hackers from reverse engineering the code and uncovering the same vulnerabilities he did."

British Pathé releases 85,000 films on YouTube

British Pathé releases 85,000 films on YouTube | The British Pathé Archive Blog "Newsreel archive British Pathé has uploaded its entire collection of 85,000 historic films, in high resolution, to its YouTube channel. This unprecedented release of vintage news reports and cinemagazines is part of a drive to make the archive more accessible to viewers all over the world."

Friday, April 18, 2014

HeartBleed in the Wild

SucuriBlog reports on HeartBleed in the Wild

"After 10 days of massive coverage, we expected to see every server out there patched against it. To confirm our expectations, we scanned every web site listed in the Alexa top 1 million rank. Yes, we scanned the top web sites in the world to see how many were still infected.

The results were interesting:

  • Top 1,000 sites: 0 sites vulnerable (all of them patched)
  • Top 10,000 sites: 53 sites vulnerable (only 0.53% vulnerable)
  • Top 100,000 sites: 1595 sites vulnerable (1.5% still vulnerable)
  • Top 1,000,000 sites: 20320 sites vulnerable (2% still vulnerable)

We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues. However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better."

Seems pretty good to me.

Tuesday, April 15, 2014

Scenes of Spring

In Focus shows Scenes of Spring "Temperatures in the northern hemisphere are finally warming, flowers are blooming, and the sunshine beckons us outside once again. On a nice spring day like today, I thought I'd share some recent colorful images of the season from Germany, Japan, Scotland, the United States, and more. [28 photos]"

S21 RTR3K0ZS 500

2014 Pulitzer Prize Winners

Here are the 2014 Pulitzer Prize Winners. Obviously the big ones are the coverage of the Snowden leak and the Boston Marathon Bombings by the Boston Globe. Check out the others too.

Monday, April 14, 2014

Scale Model WWII Craft Takes Flight with Fuel From the Sea Concept

The US Navy announced Scale Model WWII Craft Takes Flight with Fuel From the Sea Concept

Navy researchers at the U.S. Naval Research Laboratory (NRL), Materials Science and Technology Division, demonstrated proof-of-concept of novel NRL technologies developed for the recovery of carbon dioxide (CO2) and hydrogen (H2) from seawater and conversion to a liquid hydrocarbon fuel.

Fueled by a liquid hydrocarbon - a component of NRL's novel gas-to-liquid (GTL) process that uses CO2 and H2 as feedstock - the research team demonstrated sustained flight of a radio-controlled (RC) P-51 replica of the legendary Red Tail Squadron, powered by an off-the-shelf (OTS) and unmodified two-stroke internal combustion engine.

Using an innovative and proprietary NRL electrolytic cation exchange module (E-CEM), both dissolved and bound CO2 are removed from seawater at 92 percent efficiency by re-equilibrating carbonate and bicarbonate to CO2 and simultaneously producing H2. The gases are then converted to liquid hydrocarbons by a metal catalyst in a reactor system.

I'm not sure what the climate effects, if any, of this are but it's pretty amazing.

Sunday, April 13, 2014

'The Simpsons' Launches On FXX With Longest Continuous Marathon Ever

'The Simpsons' Launches On FXX With Longest Continuous Marathon Ever "This summer, the FXX network will launch 'The Simpsons' in style with a 12 day marathon, showing all 552 episodes consecutively. The marathon will start August 21st and continue through Labor Day. '“It will be the longest continuous marathon in the history of television.'"

No I will not watch it all. Thankfully it's in the summer and not during winter hibernation.

Saturday, April 12, 2014

Heartbleed

TLS and its predecessor SSL are the protocols used to encrypt Internet traffic and verify the identity of servers. It's the "S" in "HTTPS" and it's what makes the little padlock appear next to the URL in your browser. OpenSSL is an open source package that implements them and is widely used (because it's free and security programming is hard). There are other implementations that are widely used too.

Last week a bug in OpenSSL was announced. It's known as the Heartbleed bug. It's in a new feature of TLS known as a heartbeat. Since setting up a secure connection is an involved process, if one is going to be reused, it's better to keep it open. Once a connection is set up, a client sends a ping to a server and asks for a response to know it's still alive and to know to keep the connection open.

The heartbeat request includes a string of text for the server to return so the client knows it's a current response. It's kind of like kidnapping victims posing in photos with today's newspaper. Dealing with strings can be tricky with computers, the request includes the number of characters in the string. The bug is that the server doesn't verify the stated length compared to the actual string length. An attacker, can send a malformed request and get random memory from the server. This memory can have anything in it. xkcd explains the bug really well:

So how bad is this? It's pretty bad but maybe not for you. It's in code that runs on servers, so unless you run a web server, there isn't any software for you to upgrade.

It's also a little difficult for an attacker to exploit. An attacker can send a malformed message whenever they want, but each time they'll get back random stuff in the server's memory and they'll have to figure out what that is. It's not like they hacked in and stole the password file and can then work at cracking passwords. I've seen differing reports about what information is potentially in the vulnerable portions of a server's memory, but the latest I've seen is that it can be a lot of sensitive stuff, virtually anything.

To be on the safe side, vulnerable sites are telling their users to change their passwords, but I think there are some issues with that blanket statement.

First, it's hard to know if web sites you use have been susceptible. The Heartbleed Hit List: The Passwords You Need to Change Right Now is a list of popular sites and whether they're affected. It turns out a lot of sites I use weren't affected, like Apple, Amazon, Twitter, LinkedIn, and most banks. Google was affected but says you don't need to change your password, but it's probably a good idea. I use Google's two-factor authentication so I'm not particularly concerned (I haven't lost my phone).

Another report says that about 37,400 of the top million sites are still affected as of April 9th. To put some of that in perspective Ars said, "The top domain vulnerable to the Heartbleed bug is Kaskus, an Indonesian social media site" which I've never heard of (the web is big, and not just in English speaking countries). Of course the reason a site is not affected could be good or bad. Maybe they don't use OpenSSL, maybe they're just using an old version (opening them up to other bugs which isn't a pleasant thought). Here's a list of the top 10,000 sites as of April 8th and their vulnerability, lots of popular sites are (were) vulnerable.

Also it doesn't help to change your password until you know the site is fixed. You can check specific sites yourself with this tool. Just enter the site name and it will tell you if it's okay or not.

The Heartbleed bug was introduced into code on Dec 31, 2011 and released in OpenSSL 1.0.1 on March 14, 2012. So sites might have been affected for as long as two years. Or less, it depends when they upgraded to version 1.0.1. My sense is that if information was compromised two years ago, you probably would have seen some effect by now. If you haven't, then you're probably ok. Of course now that the bug is public, if a site hasn't been fixed in the last week it's more likely that someone is using this attack. But if you haven't logged in it's unlikely your information is in the server's memory to be retrieved.

Here's another problem and it's one reason the tech community has been so upset about Heartbleed. It turns out that Heartbleed can allow an attacker to steal a server's private key. The way a user has a password, a server has a private key. As much of a pain as it is for users to change all their passwords, for a server to change its one password it must get it signed by a certificate authority. It turns out that just four companies verify the certificates of 90% of the Internet. They're very busy right now and getting a highly secure certificate involves real world verification that the server is who it says it is (kinda like getting a bank loan and verifying all the details of your employment) and can be expensive.

With a compromised private key, some evil site could impersonate a real site, which means instead of telling the real site information like your password and shipping address, you could be telling a thief that information. Unfortunately there's no easy way to know if a site you use has updated it's certificate since Heartbleed. Your browser can show you the certificate (in Safari you click on the padlock icon) but mine just shows the certificate's expiration date, not the issue date. And remember, more secure certificates take longer to get. You might make some guesses, looking now at Facebook's certificate I see it expires in exactly 1 year, I'm guessing they just got a new one that's good for a year.

Unfortunately it gets even worse. It turns out some networking devices like VPN and switch products are vulnerable to the bug. Juniper and Cisco have issued advisories. I don't really understand the extent of this news. I know that to fix some of these devices people need to buy new hardware. I don't know if network hardware between you and a destination server could be affected and expose your information and if you could tell (though I'm guessing not).

So here's what I'm doing.

  • I checked my commonly used site on the list and found I'm not too exposed. If you are, you should proceed more quickly.
  • I'll wait a little bit (another week or so) and then change all my passwords following the advice I wrote two years ago in Web Passwords. I'm not sure it's needed but it's good password hygiene to change them every once in a while, and it's been two years for me.
  • I'm not opening new accounts on unfamiliar (or small) web sites in the near future. Certainly not without checking their Heartbleed exposure with this tool.
  • I'm not logging into sites I have accounts at until I check their vulnerability. If I haven't logged in in a year, my info isn't in the server's memory to be stolen.
  • I'll go through this list and enable two-factor authentication on as many accounts as I can. I already do it for Google and Apple and it works great and isn't a big annoyance at all.
  • Make sure your browsers are setup to verify certificates. On a Mac that means open Keychain Access and go to its preferences and make the third tab look like this: Screen Shot 2014 04 12 at 3 15 16 PM

A couple of articles I've found interesting...

This seems a pretty level headed description of what it means for the average person on the Internet. Heartbleed and passwords: don’t panic.

This stackexchange posting offers a few views of what to do, Should I change all my passwords due to heartbleed.

This incident makes the case that we need to change how we fund (or currently don't fund) projects providing critical infrastructure of the Internet. How Heartbleed Broke the Internet — And Why It Can Happen Again.

While Man who introduced serious 'Heartbleed' security flaw denies he inserted it deliberately, Bloomberg reports NSA Said to Exploit Heartbleed Bug for Intelligence for Years. "The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said." I note the "two people" appear to be anonymous. However, the NSA denies it knew about Heartbleed, Statement on Bloomberg News story that NSA knew...

I'm guessing the bug was a pure accident and that the NSA probably knew about it before last week.

Here's a slightly fluffy piece, Behind the Scenes: The Crazy 72 Hours Leading Up to the Heartbleed Discovery and a nice first hand account of an affected web service, When servers bleed

And for fun, Why The Security Bug Heartbleed Has A Catchy Logo

Newly Released Color Films Show The Utter Devastation Wrought By WW2

io9 shows Newly Released Color Films Show The Utter Devastation Wrought By WW2 "The Hoover Institution has just release five reels of recently restored color films taken by lieutenant colonel William P. Miller from 1943 to 1945. They provide a rare and disturbingly real glimpse into the era, including shots of the battle-scarred cities at the center of the conflict."

Friday, April 11, 2014

Senate Report on CIA Torture Leaked

McClatchy got a leaked copy of the Senate Torture Report, CIA’s use of harsh interrogation went beyond legal authority, Senate report says.

Spencer Ackerman covers the politics of it, CIA and White House under pressure after Senate torture report leaks.

If this were a West Wing episode, The White House would already being to take the lead in this.

The SEC's just been caught colluding with the banks it's supposed to regulate

Matthew Yglesias wrote in Vox, The SEC's just been caught colluding with the banks it's supposed to regulate

"Reuters finance blogger Felix Salmon had a post earlier this week headlined 'Yes, the SEC was colluding with banks on CDO prosecutions.' This ought to be huge news. The Securities and Exchange Commission is one of the main agencies that's supposed to be regulating Wall Street. But they've been essentially caught red handed working together with Goldman Sachs to make it look like Goldman was paying a huge fine when really they're paying a small one. Sadly, though, the story probably won't get much attention from the general public because the CDO prosecution issue is a little obscure and it hasn't really been in the news for years."

"What is now looking clearer and clearer is that the settlements were not as advertised. The banks paid money — in Goldman Sachs' case $550 million — not to settle one CDO suit, but to settle all the CDO suits. So rather than Goldman paying $550 million for wrongdoing around the Abacus CDO and then facing 10 more charges related to 10 other suspicious CDOs, it was paying a price of $55 million per CDO to settle all 11 cases. Except the SEC didn't want to look like it was letting the banks get away with a slap on the wrist, so it worked out an arrangement whereby both sides would publicly act as if only one case had been settled while agreeing under the table that all claims were now resolved."

Sparkly Mints May Help Explain Puzzling “Earthquake Lights”

Sparkly Mints May Help Explain Puzzling “Earthquake Lights”.

In a recent study by scientists at Rutgers University, researchers found that clumps of granular particles can spontaneously generate electrical voltages just before they break apart into smaller clumps. They first demonstrated the effect by grinding up Tylenol into a fine powder and putting the grains in a slowly spinning cylinder. As the powder stuck to the sides, clumped, and spun, it would reach a certain height and then break up in a mini-avalanche back down to the bottom of the cylinder. Each time it did, it briefly generated 100 volts. That voltage spike sometimes happened as many as five seconds before the actual avalanche occurred. They then showed something even stranger: that the effect worked with a huge range of insulating materials, from plastic disks to glass beads to baking flour. This, they argue, could be what’s causing the lights that people see just before earthquakes.

The authors of the paper acknowledge that this is a very strange effect. “If you take a Tupperware container filled with flour and tip the container, when the flour shifts, voltages of around 100 volts inexplicably appear,” lead researcher Troy Shinbrot told Charles Choi at Our Amazing Planet. “Except for the fact that we cannot get these voltages to go away, I would call this ‘crackpot physics,’ and even as it is, I wish I could hedge my bets, but the voltages are very repeatable, and we have so far failed to account for a spurious influence that might cause them.”

What Do the Koch Brothers Want?

Senator Bernie Sanders of Vermont posted What Do the Koch Brothers Want?. "In 1980, David Koch ran as the Libertarian Party’s vice-presidential candidate in 1980." He's posted the 1980 Libertarian Party platform which is the quite the read. In short they want to abolish:

  • Federal campaign finance laws
  • Medicare, Medicaid and all regulations of medical insurance
  • Social Security
  • Welfare and all "aid to the poor programs"
  • all income taxes (personal and corporate)
  • minimum wage laws
  • all public schools and compulsory education laws
  • all taxes on private schools
  • the FEC, EPA, DoE, DoT, FAA, FDA, CPSC, USPS
  • public roads, highways, inland waterways

Sanders says "And because of the disastrous Citizens United Supreme Court decision, they now have the power to spend an unlimited amount of money to buy the House of Representatives, the Senate, and the next President of the United States."

Now John Roberts would say, that's fine, they can want these things and they can make their case to the public as much as they want and in elections people can decide for themselves if they want these things too. But I wonder, if money equals speech and they have $80 billion speech-bucks, who's going to speak up against them? Who can?

Thursday, April 10, 2014

The DATA Act just passed the Senate. Here’s why that matters.

The Switch reports The DATA Act just passed the Senate. Here’s why that matters.

"'The DATA Act takes a structured data model that has delivered unprecedented accountability in stimulus expenditures and applies it across all domains of federal spending,' says Data Transparency Coalition Executive Director Hudson Hollister, who drafted the initial version of the DATA Act in 2011. 'The DATA Act will turn federal spending information into open spending data – a valuable new public resource that strengthens democratic accountability and spurs innovation.'"

"The final language also requires everything the federal government spends at the appropriations account level to be published on USASpending.gov, with the exception of classified material and information that wouldn't be revealed in response to a Freedom of Information Request. One amendment, added earlier Thursday, gives the Department of Defense the option to request extensions on its implementation of the bill's requirements."

2012 Saw More Babies Named Khaleesi Than Betsy or Nadine

Vox reports Before Game of Thrones, no one named babies "Khaleesi." In 2012, it beat the name "Betsy."

"According to data from the Social Security Administration, were 21 newborns in 2012 named 'Daenerys,' which was never used enough in previous years to show up in official counts (for privacy reasons, the SSA only releases numbers for names used five or more times in a given year).

But wee baby Daeneryses were dramatically outnumbered by newborns named 'Khaleesi' — the title Targaryen earned when she married Dothraki leader (or 'Khal') Drogo. 146 'Khaleesi's were born in 2012, making it more popular as a full name than 'Betsy' or 'Nadine':"

LHC makes clear identification of a weird particle made of four quarks

Ars Technica reports LHC makes clear identification of a weird particle made of four quarks "With that much data, physicists were able to determine the composition of the Z(4430)-: it consists of a charm quark, a charm anti-quark, a down quark, and an up antiquark. The '4430' part of the name indicates its mass: 4,430 million electron-volts, which a little more than four times the mass of a proton (938 million electron volts). The combination of quarks gives the Z(4430)- a negative electric charge, hence the '-' in the label. The particle is highly unstable, so none of them are expected to be seen in nature."

Smithsonian Magazine's 2013 Photo Contest

Smithsonian Magazine's 2013 Photo Contest - In Focus - The Atlantic "The editors of Smithsonian magazine have just announced the 60 finalists in their 11th annual photo contest. They've kindly allowed me to share several of these images here, including some great shots from each of the competition's six categories: The Natural World, Travel, People, Americana, Altered Images and Mobile, a new category this year. Be sure to visit the contest page at Smithsonian.com to see all the finalists, and vote in the Reader's Choice Awards as well. [16 photos]"

I don't know how people will pick, they're all amazing in different ways.

S02 uigi2222 500

Wednesday, April 09, 2014

Beth Israel to use Google Glass throughout emergency room

The Boston Globe writes Beth Israel to use Google Glass throughout emergency room

"A patient with bleeding in the brain told Horng he was allergic to certain blood pressure drugs — which the doctor needed to slow the hemorrhage — but didn’t know which ones. Horng had little time to leaf through the man’s medical files or search for records on a computer, but with Google Glass, he didn’t have to. Instead he quickly called up the patient’s information on the device’s tiny screen and saved his life with the correct medication."

"Beth Israel has begun posting QR codes on the doorways to patients’ rooms. Each code is unique to that patient, linked to his records that are stored on the hospital’s electronic database. Before entering the room, the Beth Israel doctor can scan the QR code with his Glass, and the patient’s information is promptly displayed on the screen."

Sounds pretty cool if it can in fact display enough info to be useful and can be used while having a natural conversation with the patient or while performing treatments. Both things the article says they've practiced for a few months and are perfecting.

Tuesday, April 08, 2014

The Ultimate Guide to Solving iOS Battery Drain

Overthought has a very good Ultimate Guide to Solving iOS Battery Drain.

Regarding Step 1 I knew that Facebook used a lot of battery, but hadn't thought to disable it's background app refresh and location services. I've just done that will see what happens.

Regarding Step 4 I've never had push email on at all. I know I'm in a situation that not everyone is, but my thought is this: If someone wants to get a hold of me now, they can call or message me. If they're sending email, that means they can wait until I get to it, that's what email is for. If I want to check email, I just open the Mail app and wait a few for second for it to load, it's no big deal. BTW, this is also how I used email on my computer when I was working, it worked just fine.

The Heartbleed Bug, explained

Ezra Klein's news site Vox launched. The first article I read, The Heartbleed Bug, explained was really good and I thought really accessible for the non-geek.

"The majority of SSL-encrypted websites are based on an open-source software package called OpenSSL. On Monday, researchers announced a serious bug in this software that exposes users' communications to eavesdropping. OpenSSL has had this flaw for about 2 years."

Update: Given this bug, Mac users should do this: Mac users listen up! Enable certificate checking. Mine was already set correctly, I think due to some similar circumstances several years ago.

Update: This advice is good for more than just mac users, Heartbleed Security Bug: What Apple Users Need to Know.

Saturday, April 05, 2014

Friday, April 04, 2014

We've Found A Hidden Ocean On Enceladus That May Harbor Life

We've Found A Hidden Ocean On Enceladus That May Harbor Life "But now, after an analysis of gravity measurements made by Cassini from 2010 to 2012, astronomers have confirmed that a large reservoir of liquid water exists underneath Enceladus's icy surface. And just as importantly, they've confirmed that the tiny moon is a differentiated celestial body; it's comprised of two layers — an external icy layer and an internal rocky core made up of silicates. Excitingly, this layer of silicate rock, in conjunction with liquid water, means that Enceladus features a potentially habitable environment — one that could be even more hospitable to life than Europa."

Wednesday, April 02, 2014

Conservatives Win in McCutcheon v FEC 5-4, More Money In Politics

I haven't read the 94 page opinion in McCutcheon v FEC yet but SCOTUSblog provides Opinion analysis: Freeing more political money "The main opinion delivered by Chief Justice John G. Roberts, Jr., said confidently that corruption in politics will be kept in check by caps — left intact — on how much each single donation can be. Removing the ceilings on the total amounts that may given in each election cycle will not undermine those limits, Roberts predicted. The decision was not as sweeping as the Court’s ruling four years ago, removing all restrictions on what corporations and labor unions can spend of their own money in federal campaigns (Citizens United v. Federal Election Commission), which has led to billions of dollars spent on politics through financing that is supposed to be independent of candidates or parties."

FiveThirtyEight writes, A Few Data Points on the Supreme Court’s Donor-Limit Decision. "First, the parties will become more powerful. Over the past few elections, most people looking to get around donation limits gave tons of money to Super PACs. Now contributors can ingratiate themselves with a party by giving directly...Second, very few donors hit the limits set out by the Federal Election Committee (FEC) in 2012. Per Open Secrets, only 2,972 donors maxed out to committees, and only 591 maxed out to candidates. Maxed-out donors leaned about 3 to 2 toward giving to Republican candidates. Only 646 donors hit the limit on both committees and candidates."

I wonder what the effect would be if you could only donate to candidates that would represent you. I'm not sure how many people donate to other campaigns though I think Elizabeth Warren and Al Franken both got significant money from out-of-staters. Of course parties and PACs present a problem but maybe they'd have to tag donated money for particular districts and states. Though it does seem like one should be able to give to an organization to e.g., promote clean energy.

Update: Lawrence Lessig writes, Originalists Making It Up Again: McCutcheon and ‘Corruption’ He makes the case that an original reading of the word corruption would apply in this case.

But the striking fact about McCutcheon is that the government didn’t even try. Originalism is not the language of liberals. It’s beneath them—the weapon of the enemy. So the government’s brief didn’t even hint at the argument that there was no good originalist reason to restrict the meaning of “corruption” to quid pro quo corruption alone. And Justice Breyer in his classically geeky dissent doesn’t even hint at the possible originalist inconsistency—even though the core of his argument is precisely that “corruption” does not mean “quid pro quo corruption” alone.

This is the much bigger pathology that the partisans on the Court have allowed to evolve. Originalism is a method for interpreting our Constitution. It yields conservative results. It yields liberal results. But the most vocal originalists in modern times have been conservatives. And through a carelessness in the application of their own theory, they have allowed the world to believe that originalism is a tool exclusive to the Right.

L.P.D.: Libertarian Police Department

Tom O'Donnell's L.P.D.: Libertarian Police Department in The New Yorker is hilarious.

I put a quarter in the siren. Ten minutes later, I was on the scene. It was a normal office building, strangled on all sides by public sidewalks. I hopped over them and went inside.

‘Home Depot™ Presents the Police!®’ I said, flashing my badge and my gun and a small picture of Ron Paul. ‘Nobody move unless you want to!’ They didn’t.

‘Now, which one of you punks is going to pay me to investigate this crime?’ No one spoke up.

‘Come on,’ I said. ‘Don’t you all understand that the protection of private property is the foundation of all personal liberty?’

It didn’t seem like they did.

‘Seriously, guys. Without a strong economic motivator, I’m just going to stand here and not solve this case. Cash is fine, but I prefer being paid in gold bullion or autographed Penn Jillette posters.’"

How You, I, and Everyone Got the Top 1 Percent All Wrong

Derek Thompson wrote in The Atlantic How You, I, and Everyone Got the Top 1 Percent All Wrong

"An amazing chart from economist Amir Sufi, based on the work of Emmanuel Saez and Gabriel Zucman, shows that when you look inside the 1 percent, you see clearly that most of them aren't growing their share of wealth at all. In fact, the gain in wealth share is all about the top 0.1 percent of the country. While nine-tenths of the top percentile hasn't seen much change at all since 1960, the 0.01 percent has essentially quadrupled its share of the country's wealth in half a century. "

NewImage

"It turns out that wealth inequality isn't about the 1 percent v. the 99 percent at all. It's about the 0.1 percent v. the 99.9 percent (or, really, the 0.01 percent vs. the 99.99 percent, if you like). "

Your Online World: #ClickClean or Dirty?

Greenpeace put out a report Your Online World: #ClickClean or Dirty?. "Here’s who hosts some of the internet’s most popular sites and services in their data centers – and whether those companies are using dirty or clean energy."

Apple, Facebook and Google scored best.

U.S. Navy Implicated in New Mass Stranding of Whales

Michael Jasny wrote U.S. Navy Implicated in New Mass Stranding of Whales.

Yesterday afternoon, while the U.S. and other navies played war games somewhere offshore, Cuvier’s beaked whales began stranding along the southern coast of Crete.  Those on the scene knew right away what they were dealing with, for yesterday’s strandings were only the most recent in a line of similar calamities in the region, going back two decades.  And in this case, as in the previous ones, all signs point navy.

Cuvier’s beaked whales are a remarkable species.  They have the deepest recorded dives of all marine mammals, some descending an astonishing 3000 meters below the water’s surface before coming up for air.  Favoring deep water, they don’t strand nearly as often as coastal species, and they don’t strand in number, and they don’t strand alive. 

Yet that is exactly what happened yesterday.  Beginning around noon, three Cuvier’s beaked whales came ashore in one spot along the Cretan coast, two others beached some 17 kilometers further west, and two more turned up nearby.  All were alive when they stranded.

For Greece, none of this is new.  In 1996 and again in 1997, dozens of beaked whales of the same species turned up along the Peloponnesian coast; in 2011, they stranded on the island of Corfu as well as the east coast of Italy, across the Ionian Sea.  In each case, navies were training with high-powered sonar in the area.  Indeed, according to the Smithsonian Institution and International Whaling Commission, every beaked whale mass stranding on record everywhere in the world has occurred with naval activities, usually sonar, taking place in the vicinity.

And yesterday was no exception.  For the last week, the U.S., Greek, and Israeli navies have been running a joint military exercise off Crete known as Operation Noble Dina.  The exercise includes anti-submarine warfare training, which requires the use of high-powered military sonar."

Tuesday, April 01, 2014

What Umpires Get Wrong

What Umpires Get Wrong "THIS season Major League Baseball is allowing its officiating crews to use instant replay to review certain critical calls, including home runs, force plays and foul balls. But the calling of the strike zone — determining whether a pitch that is not swung at is a ball or a strike — will still be left completely to the discretion of the officials. This might seem an odd exception, since calling the strike zone may be the type of officiating decision most subject to human foible."

The Line to Kiss Sheldon Adelson's Boots

The Line to Kiss Sheldon Adelson's Boots "It’s hard to imagine a political spectacle more loathsome than the parade of Republican presidential candidates who spent the last few days bowing and scraping before the mighty bank account of the casino magnate Sheldon Adelson. One by one, they stood at a microphone in Mr. Adelson’s Venetian hotel in Las Vegas and spoke to the Republican Jewish Coalition (also a wholly owned subsidiary of Mr. Adelson), hoping to sound sufficiently pro-Israel and pro-interventionist and philo-Semitic to win a portion of Mr. Adelson’s billions for their campaigns."

Carnegie Mellon student Jordan Harrison remixed Lawrence Lessig's TED talk into a compelling three and a half minute argument against such corruption.

Rootstrikers TED Talk remix from Jordan Harrison on Vimeo.