OK Stupid

Leave a comment

or:  Truth, Lies, Politics and Web Browsers.

Brendan Eich is a smart guy. He co-founded Mozilla, who created Firefox and many other software products. Over ten days in May 1995, he created JavaScript, the programming language that lives in all of our web browsers.

Back in 2008, he donated some money in support of Proposition 8, a California ballot measure that sought to ban gay marriage in the state, which was subsequently shot down by the Supreme Court. It was his own money, privately donated to a cause he believes in passionately enough to put his money where his mouth is.

As it happens, I share his beliefs on this particular subject: It is not politically correct, and it probably isn’t even a popular stance, but if you define marriage as a sacred covenant between a man, a woman and God, it is hard to believe otherwise.In spite of the hysterical yammering from certain sectors of the press. Given that definition, “Marriage Equality” if effectively an oxymoron in the context it is being used here. This is not a “Gay Rights” issue or even an “Equal Rights” issue – Gays have the same rights as everyone else – no more, no less. It is a “Marriage” issue. That is my privately-held belief, and like all such beliefs, it is not for others to decide or negotiate. You don’t get to tell me what to think, and I won’t try to tell you how to live – capisce?

In an interview with the Guardian newspaper, Eich said his political beliefs were “personal” and that he had “kept them out of Mozilla all these 15 years we’ve been going… there’s a difference here between the company, the foundation, as an employer and an entity, versus the project and community at large, which is not under any constraints to agree on LGBT equality or any other thing that is not central to the mission or the Mozilla manifesto,”

Apparently that is not enough for some, including the match-making web site “OKCupid”, which singles out Firefox users for special attention – as if the browser was in some way at fault. After the resulting sturm aund drang, he resigned as CEO of Mozilla, a post he had held for only sixteen days, and has left the company entirely after fifteen years there.

Who won? Who lost? I wonder…

Mr. Eich’s decision to take an unpopular stand and deal with the consequences has my respect and admiration. It is Mozilla’s loss; those who hounded him from office have not gained anything, and Mr. Eich will not starve; he’s a smart guy, and there are most likely dozens of companies out there – presumably there are some as yet un-infested with the disease of political correctness – who will snap him up in a heartbeat. He is most likely independently wealthy anyway. But the shameful treatment of Mr Eich does the Gay Rights Movement no credit; they who talk about loudest about tolerance have none to spare for those who do not share their beliefs and philosophies.

Practice what you preach, folks.

Andrew Sullivan says it best: “If this is the gay rights movement today – hounding our opponents with a fanaticism more like the religious right than anyone else – then count me out. If we are about intimidating the free speech of others, we are no better than the anti-gay bullies who came before us.”

Equal Pay Day

Leave a comment

Or: Lies, damned lies and statistics.

It is a well-known fact that women earn 77 cents for every dollar that men make. The president even mentioned it in his recent State of the Union address.

Close, but no cigar. The first part of president’s statement (“women make up about half our workforce, but they still make 77 cents for every dollar a man earns...”) and the second part (“That is wrong, and in 2014, it’s an embarrassment. Women deserve equal pay for equal work.“) are not congruent with each other.

It is true that the “average” woman earns substantially less than the “average” man, but the use of “Averages” can be dangerously misleading when not comparing like with like. For instance: The Average Oil Rig worker, Plumber, Farmer or Engineer is male, while the Average Primary School Teacher, Nurse, Cheerleader or Human-Resources Paper-shuffler is female. Which jobs are more hazardous? Which are more valuable? Which should be paid more?

Another factor is personal priorities: Women generally choose jobs that revolve around their lifestyles and family commitments. Man generally arrange their lifestyles and family commitments around their work. “Many working mothers seek jobs that provide greater flexibility, such as telecommuting or flexible hours. Not all jobs can be flexible, and all other things being equal, those which are will pay less than those that do not”. This means that men are more valuable to their employers than women. A man who will travel on business at a moment’s notice is more useful to a company than a women who, quite reasonably, puts her family first. The conclusion is obvious: more useful => more valuable => higher pay.

According to recent government statistics, salaried men and salaried women doing the same job generally get paid within 5% of each other (“Single women who have never married earned 96% of men’s earnings in 2012.”). Sometimes the women earn more (particularly in big cities), sometimes the men. (example: Female pharmacists made $1,871 per week, males made $1,879).

Salaried men work longer hours than salaried women. “Men were almost twice as likely as women to work more than 40 hours a week, and women almost twice as likely to work only 35 to 39 hours per week.” This leads to an alarming thought: If women work shorter hours and get the same pay, who is really being shortchanged?

It is easy to hear a sympathetic-sounding soundbite and perceive an inequality, but the fact is that women in America already enjoy more protections and privilege than do women anywhere in the world throughout the course of recorded history. But the final nail in the coffin of this dangerous misconception is the straight-face test: If women really did the same work as men for less pay, why haven’t the “greedy” corporations fired all the men, replaced them with a cheaper all-female workforce, and profited off the difference? The answer is obvious: men must bring something to the workforce that women generally don’t.

Happy Equal Pay Day. If you believe that sort of thing.

Statistics taken from The Bureau of Labor Statistics report “Highlights of Women’s Earnings in 2012“.

Quotes taken from “The ’77 Cents on the Dollar’ Myth About Women’s Pay” (Wall Street Journal)

Microsoft as Chicken Little

Leave a comment

I just got this notification from Microsoft on one of my Windows XP machines:

Microsoft Evil

Naturally I installed it, only to find out that now Microsoft Security Essentials (MSE) never goes green. It goes orange – the color that it uses to alert the user of a problem. What’s worse, on every boot, it nags me about XP going out of support on April 8th – even though MSE will be supported until July 2015.

Given that Microsoft last month released an “urgent-but-pointless” update to XP to remind users that Windows XP is about to be “End-Of-Lifed”, this update is completely unnecessary. To make matters worse, they made this “update” impossible to install by itself.

Sickening

The only good news is that it is fairly simple to uninstall and reinstall MSE, which does not (yet) include this update.

As the go-to- guy for my friends and family, I am sick and tired of having to deal with Microsoft’s fearmongering. While Windows 7 is reputedly more secure than XP (though most exploits are common to all versions of Windows), the fact is that most ten-year-old computers are not man enough to run Windows, and until users can afford a machine that is, my advice is simple:

  • Keep your system patched
  • Don’t install anything you didn’t go looking for.
  • Don’t go surfing for porn, warez, illicit MP3s or stuff like that.
  • Keep good backups and fear no evil.

Now I have to add “Don’t install KB2949787″ to the list.

Microsoft, you have crossed the line with this one.You have scared users without needing to – and worse, you have pissed me off.

I view this as a mean-spirited, cynical, dishonest and borderline evil move by Microsoft to scare people into upgrading to Windows 7 or 8. Apparently I am not the only person who feels this way.

Just Say No.

A matter of policy

Leave a comment

I have noticed of late that medical practitioners have started implementing “cancellation policies”; where you have to pay for an appointment if you cancel within 24 hours of the appointment. This is entirely understandable; if a patient does not show up, they are left spinning their wheels and waiting until the next customer shows up.  This is particularly aggravating for Dentists; nobody wants to go to the dentist, and cancellations are common.

This is reasonable if they call you the day before the appointment to confirm, and give you the opportunity to cancel. Recently my Dentist changed this cancellation policy to 48 hours. Eyebrows were raised.

You change your policy on cancelling appointments, and I will change my policy on making them.

I am henceforth implementing an “I-won’t-make-appointments-in-advance” policy. At the end of the appointment, when they ask to schedule the next one, I will politely decline, then set a reminder for the appropriate date… and go on my merry way.

 

Let’s see who wins this one.

A Polite Society

Leave a comment

This morning I went to a gun show for the first time.

I’m not that interested in guns, though I will reflexively oppose anyone who wants to take away my right to defend myself with deadly force if necessary. I did not go there to buy anything; I was there because my best friend had invited me to come along. Everyone needs a friend like that.

The show was held in a huge hall. About half of the exhibitors were selling collectors pieces; they were of no interest to me. Others were selling new and used guns — pistols, rifles and shotguns, or ammunition, or accessories such as holsters.

But it was not the exhibitors who surprised and impressed me the most, it was the attendees. If the media coverage is to be believed, one would expect a gun show to be packed with young yahoos with tattoos and a bad attitude, but the majority of the crowd was composed of older men, with some younger men and a few women. Some of the men had bought their sons with them. The only young men that I saw wearing tattoos were obviously military. At least half of the crowd were obviously armed.

But as surprising as the makeup of the crowd might have been, it was their behavior that was truly unexpected. You see, the hall was crowded, and it was difficult to move about without jostling somebody. And yet people were unfailingly polite — I must have heard the phrase “Excuse me” more than a hundred times. And every last one of them was sincere, even when it was obviously my fault.

As we were leaving, it occurred to me that I had never encountered a crowd of more polite, well-behaved people  — not at the ballet, not at the opera. During the entire time I was there I never felt threatened or fearful in the least. The most polite people I have ever met are gun owners. Who would have thought?

Robert A. Heinlein was right: An armed society is a polite society.

Don’t judge a book by its cover

Leave a comment

A few weeks ago I commented on the banning of a book on Amazon based largely on what appears to be hysteria.

Mr. V was true to his word and sent me a review copy, which I have read from cover to cover. The contents of the book are beyond the scope of this blog, but I could not leave this matter unfinished.

Verdict: Calling this a “rape manual” is ridiculous; most of the tips are for when she’s in your apartment/in your bedroom/on your bed/naked. The moral of the story is: if you don’t want to have sex don’t go to his apartment, stay out of his bedroom and keep your clothes on. And don’t get offended at a book until you have read it.

He makes his position clear with surprising eloquence here.

The Second Factor

Leave a comment

Or: How to prevent your online accounts from getting hacked.

Every now and them I get an e-mail from someone know, with no message but a cryptic link. That’s right, someone’s e-mail account has been hacked, hijacked or compromised in some way. It is almost always a Yahoo address.

For those of us who just use e-mail to circulate gossip and cat pictures, this is not a big deal.However, if you do your banking online, a hacked e-mail account is a quick way to have your accounts drained.

The problem is that the standard method for resetting your password is an “e-mail loop”. It works like this: you go your bank’s website, click the “forgot your password” link, and a reset e-mail is sent to… your e-mail address… which has been compromised. Now they have the ability to change your password and lock you out of your account. Next thing you know, your hard-earned money is winging its way off to a parts unknown, never to return.

It’s not just banking. Some years ago, my brother found a bunch of bogus auctions on his eBay account, and he had to get in touch with eBay to have them stopped. A few days earlier, while on a business trip, he had used a hotel’s computer to access his eBay account. Evidently the computer had been compromised with a keylogger, which enabled bad actors (villains, that is – not William Shatner!) to get his username and password, and once in his account they could post bogus auctions on his account. If they can succeed in changing eBay’s email address for his account then they could also make off with the money.

So how to stop this? The banks’ came up with the idea of “secret questions”. We’ve all seen this at some time or other; they ask you to answer questions such as “What was your mother’s maiden name?“, etc. But when you think about it, this is just another “something you know”. In other words, it is effectively another password. And since the “secret questions” and answers are stored in the bank’s databases, they too are vulnerable to the kind of “exfiltration” (a posh word for theft of data) that seems to be happening on a monthly, if not weekly, basis,

The banks love this approach for one simple reason — it’s cheap. With security, as with so many other things, there is “Good” security, and there is “Cheap” security. Guess which one corporations prefer. Guess which one works best.

Remember when Bank of America came up with Credit Cards with your picture on it? Ever wonder why they don’t do that anymore? Because they found out that 1) Putting the pictures on the cards cost more than the losses due to to fraud, and 2) most cashiers don’t look at the picture anyway. Which made it 1) Expensive and 2) Not very effective.

The good news is that many big players on the Internet are finally adopting good security. One approach is to use a code transmitted to a cellphone by voice call or text message. The good news is that this approach requires that you have your phone. The bad news is that… this approach requires that you have your phone. If you lose or misplace it, you are stuck until you have jumped through several hoops. And if your phone is stolen and is not protected by a PIN lock, they may be able to crack a whole bunch of accounts at once – the holy grail of identity theft.

Another approach is to use a code generator; a device that generates a unique code each time it is used. This can be done using a hardware device (like the Paypal “Football ” code generator) or a software-based code generator like Google’s Authenticator, which generates a new code every thirty seconds. The cool thing about this is that if a bad guy steals your password, they still can’t get in. And even if they steal the key as well, and is invalid thirty seconds later. I am not even sure if a key can be re-used, but if you are paranoid about re-use (which I am not), you can just wait until it is just about to expire before you use it. Google uses this to secure their e-mail accounts; I used this. If Mat Honen, senior writer with Wired Magazine, had used this approach, the epic hacking of his Apple account could have been easily avoided.

The best security of all requires the use of a dedicated hardware token, such as a swipe card or a cryptographic key. My weapon of choice is a YubiKey – I’ve been using it for some years and it YubiKey guards access to my PayPal account and my password manager.

So there you have it: If you don’t want to get hacked, Get a YubiKey or some other form of hardware-based second-factor authentication. It’s that simple.

Older Entries

Follow

Get every new post delivered to your Inbox.

Join 64 other followers