Security done right

Just got a message from LivingSocial.

The bad news is that somebody apparently hacked into their server and got their hands on names, e-mail addresses and passwords.

The good news is that the passwords were salted and hashed.

I’m not worried.

And even if I was, the password they stole is quasi-random and never used anywhere else.

Nicely done, chaps!

Shame on you, Microsoft

Or: No, Microsoft, you’re not FaceBook

This post started as a rant at Microsoft. Last patch Tuesday, one of my machines auto-patched and auto-rebooted, causing data loss and corrupted files. However, the damage was minimal, and I got over it. Since then, however, something quite worrying has happened.

I have an old Hotmail address that I occasionally check; I used it before I moved to GMail, which is superior in every way, some years ago. I use the Android Hotmail app to access it from my phone. Some time within the past few days it auto-updated, and when I ran it this morning, it instructed me to “upgrade” to the Outlook.Com app.

Hotmail no workie no mo!

So… I Installed the new shiny Outlook App. Surprisingly, the new app did not remember my login credentials. That is because it is also not an “upgrade” at all – it is a completely different app – the old, now-useless and completely brain-dead Hotmail app was left in place.

When I entered my credentials, it took me to another screen where it asked for permission to access my data.

Wow… that’s asking for a lot of personal information. mail, contacts, calendar, tasks, e-mail addresses, gender, picture, contacts, friends…

But I don’t want another FaceBook clone, just an e-mail client, so naturally I said “No”. And then…

You! Cannot! Pass!

I checked the password. It was OK. Note that this request for information is in the app itself, NOT in the Play store. And before you ask, yes, you can “change these settings at any time”, but any app that is given access to your phone’s information can scarf all the data it needs in half a second, changing permissions later would be like locking the barn door after after the horse had bolted.

This looks like Microsoft is trying to scarf my personal data by stealth, without going through the Google Permission screens. If so, they should be soundly spanked in public for this. How can you tell? Simple. If Microsoft are not trying to… er… “borrow” your data, they will fix this so the app can be used without those “permissions”. If they don’t, just like Verizon’s broken-for-eight-months airtime-usage widget, we will know precisely where they stand.

Until then… Shame on you, Microsoft.

Tax Thoughts

April 15th is now behind us. Some of us have sent away checks, some have received refunds. I filed mine in March, so for me it is ancient history.

I find it fascinating but deeply ironic that after several failed attempts, when income tax became legal, salary was not considered “income”. Your salary was considered the result of bartering your time for money, and hence was not taxable. Things were much simpler then Income was when something came from nothing; like farm crops or investment income. Nowadays, this is called “Capital Gains”. It is also ironic to consider that the United State survived and thrived quite happily for over a century and a half without income tax. Just as ironic is the fact that income tax is a “temporary” tax that has to be voted by Congress. Every. Single. Year.

Nobody likes paying taxes. Taxes are evil. But they are a necessary evil. If we want infrastructure like roads and freeways, infrastructure like sanitation and communications, government-run institutions like schools and prisons, taxes have to be collected. Nearly half of the taxpayers pay no federal income tax, but they get the benefit of all of these things. Fair enough.

If we had to pay our taxes in one big check at the end of each year there would be a tax revolt. So the powers that be institute a “bleed-them-slow” policy that takes a bite out of every paycheck.

If you are a conservative, taxes are always too high – taxes throttle trade and depress economies. If you are a liberal, taxes are always too low – here will always be more poor folks that need “help”, or some deserving cause that needs to be adequately funded. They’re both right, but either way, someone else should pay them.

And so begins the never-ending search for deep pockets. Everybody is looking for someone else who can pay the lion’s share of the taxes. The poor can’t afford to pay taxes. Sad but true, get over it . The rich can afford not to.Get over that too. That leaves the middle class – those who can afford to pay taxes and don’t have the patronage or the power to avoid it by legal means.

Everybody wants tax reform. But nobody wants tax reform that will hurt them. For instance, I would be in favor of dropping all taxable deductions, including home mortgage (if you can’t afford a house, don’t buy one), dependents (if you can’t afford kids…), charitable donations. the lot. Because every tax deduction I get shifts the tax burden on to somebody else.

The problem with this approach is that implementing it would hurt the Real Estate business – people would buy smaller houses because the mortgage deduction would no longer be there. It would also hurt the banks and financial institutions that write the mortgages.

But wait! There’s more! Charitable donations would drop through the floor. I tithe irrespective of deductions, but many people – particularly the very rich – give large amounts of their taxable income to charity, presumably on the assumption that a charity can be trusted more than could the government with the tax dollars that this income would attracts if they kept it. But if there was no incentive to give away the money, how many people would do so?

There is much talk that if all deductions were removed, the effective tax rate could be cut in half and the same amount of money would be raised. This sounds good until you think about Value Added Tax – or VAT. This tax was introduced in the United Kingdom in 1973 as a 3.5% tax on “luxuries”. When I left England twenty-one years later, it was a 17.5% tax on everything but basic foodstuffs.

Deductions also carry an element of social control; the government telling us, in effect, what behavior they consider acceptable. Have lots of kids. Live in a house. Don’t work.

Don’t work? Yes. For the harder you work, the more tax you get to pay. But that is another story for another time.

Morals:

1. Taxes always go up.
2. A “Temporary” Tax will live to celebrate its hundredth birthday.
3. You get more of whatever you subsidize.

Dungeon Quest

I don’t often review Android Games, but I have been playing this game for a month, and it’s high time I said something about it…

The premise is simple enough; run your character — a wizard, no less — through each level, killing baddies, breaking barrels, opening chests and generally grabbing everything that isn’t nailed down, in a bid to improve your weapons, experience and bank balance. The game is divided into “Acts” Each act consists of five levels and a Big Bad Boss to kill to progress to the next one.

I am not a fan of in-app purchases – and I have seen many others complaining – but they fail to mention three important factors:

1. Any In-App-Purchase will remove the annoying but necessary advertising — so you can get rid of the ads for as little as a dollar.
2. It is easy to get lots of gold — just repeat some of the earlier, easier levels.
3. While it is perfectly to complete the game without spending any real-world money, it is not at all necessary.

Speaking for myself, I was happy to throw a couple of bucks their way to turn off the ads and support the developers — the seventy thousand gold pieces that I got for my two dollars were a welcome, but unnecessary addition.  I currently have a grand total of over four hundred thousand gold pieces in the bank. Go figure…

I have a few gripes:

• The control mechanism needs a little fine-tuning; hitting some enemies is difficult if you are using a straight-line weapon. Using a scatter-shot or a seeking weapon helps. On a similar note, It is sometimes difficult to face an enemy without moving toward them. This could be fixed by adding a “dead zone” to the controls.
• Picking up mana or health orbs if the relevant stat is already full does nothing. It just disappears. This seems kind of pointless; the excess mana or health could and should be channeled into making more potions.
• Sometimes loot gets thrown “over the wall” beyond your reach. This will probably be fixed soon, but you should be aware of it.

Having said that, the game is still in beta, and is still in development. There have been several upgrades to the game in the time I have been playing it — indeed, on one occasion, the game updated itself while I was playing it, kicking me out of the game. The developers cannot do anything about this behavior, which is handled by Android — but it can be avoided easily enough by turning off auto-update feature.

Those are minor gripes, though, and detract little from what is truly a lovely game — and a great excuse to buy a Nexus 7.

Within the next month, there will be another major upgrade, and the introduction of the Warrior character.

The bottom line: A beta it may be, but it  is one of the most polished betas I have ever seen. Yes, it could be perfect, yes it could be better, but what do you expect for free?

Just Opt Out!

I recently got this in the mail.

It must have been important, because the accompanying bank statement took pains to clearly refer to it. Basically they are changing their terms so that you have to submit to “Binding Arbitration” in the event of a dispute. Naturally I opted out immediately; there’s nothing in it for me.

I’m not picking on PNC bank; I’ve seen this many times before. It seems that every contract of employment, service agreement, mortgage agreement — in fact, just about any type of legal agreement — has a “Mandatory Binding Arbitration” clause in it somewhere.

The purpose of arbitration is to resolve problems without going to court. That sounds like a Good Thing… until you ponder one simple question: Who pays the Arbitrator? If they (employer/bank/service/bigcorp) is paying them for their services, how can they not be biased? there is a classic textbook conflict of interest — which Arbitrator would bite the hand that feeds them?

Here in the US, The first amendment to the Constitution provides the right to petition (to the courts) for redress of grievances. The Supreme Court has ruled that this does not apply to private transactions, which is all well and good until someone asks: so what’s to stop everyone from doing this? eBay and PayPal — two of the most evil companies around, in my opinion, both did this recently (and made it really difficult to opt out), and these clauses are cropping up in rental agreements and loan paperwork.

There’s a simple solution for this: change the law so that unilaterally-enforced (“take-it-or-leave-it”) Arbitration requirements cannot preclude or pre-empt the courts. I’m ok with Arbitration as a pre-litigation step to avoid the need for a lawsuit; what I am not ok with is Corporations using it to sidestep Litigation entirely.

This is clearly Tort Reform by stealth, and it must be stopped. Until that day, Just opt out.

Prepare to Launch!

At the end of my recent piece on Jelly Bean, I mentioned a few annoyances.

• The app drawer scrolls horizontally instead of vertically. My earlier phone – a Droid X2 – had a vertically-scrolling app drawer; I personally found this far easier to navigate than jumping from page to page.
• When you plug your phone in to charge, the screen lights up for no good reason. This is not necessary and is sometimes a distraction – the indicator light is all the feedback I need.
• Unnecessary shutdown/restart confirmation.
• No scrolling wallpaper
• Widgets stop responding. My central home screen is almost entirely widgets. However, they often do not update For instance, the Accupedo widget in the top right “freezes” until the phone is rebooted.

While Googling to find a solution to the first problem, I stumbled across a couple of launchers, called NovaLaunch and Holo Launcher HD.

For those who don’t know, a “Launcher” in Android is the Front-End program that runs the GUI (like “Explorer” in Windows, “Finder” in Mac OSX, or Gnome/KDE in Linux). While Android has a stock launcher that works just fine, most carriers and manufacturers feel the need to “brand” their phones by putting in a custom “skin” – Motorola’s is called “Blur”, HTC’s is called “Sense”. Samsung’s is called “TouchWiz” .

The stock Touchwiz screen

However, there is nothing to stop you from adding an aftermarket launcher – there are some very good ones out there, but the learning curve is steep enough to discourage all but the most adventurous of users. However, for those who are willing to put in the legwork, there is much to discover and enjoy…

So why try a new launcher at all? Simple – to improve the look and feel. Both launchers offer functionality to do things that the stock launcher (TouchWiz, in this case) cannot. For instance, both allow you to change the app drawer from horizontal (swipe sideways to move from page to page) to vertical (flick up and down one big list), and both also allow you to specify the number of rows and columns. TouchWiz limits you to 4×4=16 app icons on a page…

Stock 4×4 App Drawer

, but I have been able to comfortably bump this up to 6×7=42 — more than double the number of icons without sacrificing usability.

Holo Launcher’s 5×7 App Drawer

Similarly I have increased the main screen from 4×4 to 5×5, and cut the total number of screens I use to only three, another improvement in usability.

Improved Holo Launcher screen

So what’s the verdict? Both launchers are excellent, but Holo-Launcher gets the slight edge as it makes the home screen rotatable. No widget freezes at all.

After a week or so of testing out the two launchers, I uninstalled Nova Launcher and made Holo Launcher my default, then I paid a few dollars for the full version; not because I needed the extra functionality, but because I wanted to support the developers on a small way.

Because We Can

Yesterday my local gas stations were selling at various prices ranging from $2.89 to $2.99.

Today everywhere is selling for $3.59.

No wars have broken out of which I am aware, so why did this happen?

Simple: Because they can.

I filled up recently, so I have no need for gas. So I will wait until the price comes down to more sensible levels.

Why? Because I can.

On Frugality

Over the years, I have seen many families who are “gadget-rich/cash-poor” (Big-screen TV, Kitchen full of appliances, all the latest toys, video-games and diversions… but no money). I am related to some of them.

And every Christmas, I see good folks running out to buy the latest must-have gadget for their children, whether they can afford them or not; they are unable to tell their children “No” — but this is hardly surprising; they are often unable to tell themselves “No” either.

They are ruled by impulse, and easily-manipulated by shrewd marketers. They watch the news, and believe everything that they see, and as a result are horribly depressed and prone to hysteria. Not surprisingly, they adopt a “victim” mentality, and often expect the Government to fix their problems.

These days, frugality is a dirty word. But some of the wealthiest people I know are frugal — that may be why they got wealthy in the first place.

Here are a few pointers and principles that I use that help me save money.

• Never buy anything on impulse. There is a multibillion-dollar industry that is dedicated to separating you from your money. It is called the marketing industry. Like the WOPR in “War Games”, the only way to win that game is to refuse to play. Quit watching TV ads. Quit reading ads in magazines, Quit clicking on web ads. You don’t need what they are selling.
• Learn to say no to yourself. For most of us this means finding someone who will hold us accountable by asking questions like “Do you really need it?”. That usually means a spouse or a really close friend – but not someone you are trying to impress.
• Know your weaknesses and avoid temptation. I am a sucker for shiny things, so I have to stay away from places like Best Buy. You may be a sucker for makeup. Or cute shoes. Or sports memorabilia. If you spend too much money in the mall, don’t go there.
• Eschew plastic. We pay our regular bills online, but for groceries and personal purchase, we use cash. We hit the ATM once a week for grocery and “blow” money, and when it’s gone, it’s gone. The hard fact is that you spend more when we use plastic. When we first went to cash, we was uncomfortable. But we stuck with it, and now we wouldn’t have it any other way.
• Hide money from yourself. I don’t know about you, but when I see a large sum of money in my bank account, my inner six-year-old goes “WOO-HOO!”, and starts thinking of ways to spend it. To combat this, I have my salary paid into a savings account, and each month I transfer enough money for that month.
• Pre-spend your money. Know what your expenses will be and when they are due, and put enough money in the bank to cover them. That makes it much easier to tell yourself: “We can’t afford it”, as that big hunk of cash in the bank has already been spent.

No such thing as FREE

“FREE” is one of the most horribly mis-used words of our time. Marketers use it incessantly, as they know that it catches people’s attention. “Buy one get one FREE” (they love to capitalize it) sounds so much catchier than “Two for the price of one”. So when I received an e-mail informing me that my company was offering free birth control, my attention was somewhat piqued.

This is actually part of The Affordable Care Act (aka “Obamacare”) that is being phased in over the next twelve months. It only applies to women, though; apparently, somewhere along the line, women became a privileged class. For all the talk about women’s rights, women’s issues and women’s reproductive freedom, there is no equivalent conversation about men’s rights/issues/reproductive freedom – mention those and women look at you as if you were speaking Swahili.

As things stand, when a woman gets pregnant, the husband/boyfriend/baby-daddy has precisely two options – watch helplessly while she “makes the choice” to have an abortion, or pay for the upkeep of the kid for the next eighteen years.

So much for equality

What about free birth control for men? Don’t make me laugh; some men were never meant to breed — and these are generally the chaps who do. And while we’re on the subject of our right to guilt-free sex, where’s my free Viagra? Ridiculous. And yet the principle – the idea that you can merrily make whoopee inside or outside of marriage without worrying about the consequences – is the same in both cases.

But wait! There’s more! This “free birth control” applies only to women who have private health insurance. No insurance? Tough – pay up. Even so, this legislative giveaway benefits over forty million women. That’s forty million co-pays that “someone else” has to pay. Who? The insurance companies. And who do you think they will pass that cost on to? That’s right – the rest of us.

Now I am old-fashioned enough to believe that sex is best enjoyed within the confines of marriage. Guilt-free, disease-free, regret-free; absolute trust and rampant lust rolled up into one delightful package. It’s the best thing on Earth – trust me on this one. But, ladies and gentlemen, sex – guilt-free or otherwise – is not a human right. It is a privilege reserved for the grown-ups. And if you can’t afford contraception, maybe sex is a luxury you can’t afford.

I have no problem with birth control – if you don’t want children, you probably shouldn’t have any. Some people weren’t meant to reproduce; I’m one of them. But seriously, folks, isn’t this whole “free-birth-control” thing sending out the wrong message to our young people?

Fighting fire with fire

This just in: The “Tinley Park Five” have been sentenced to up to seven years in jail  (more information here and here).

These five were part of a gang of up to 18 people who, armed with hammers and clubs, descended on the Ashford House Restaurant in Tinley Park, Illinois, on 5/19/2012 and basically trashed the place. They were part of an Anti-Nazi group, and had been informed that a bunch of White Supremacists were meeting at the restaurant. Afterwards, they fled the scene in several vehicles.

One car, carrying five of them, was stopped by an off-duty cop. They were detained and charged. Finally, they pled guilty (against the advice of their lawyers) in exchange for leniency.

It is true that a gathering of white men, claiming to be an Irish Heritage group, were eating there at the time. But they were not troubling anyone at the time. To make matters worse, the marauders also assaulted others, including the owner of the restaurant and several other patrons.

These bozos have done something I never thought possible; they actually made white supremacists look good. Their claim to being “Anti-Nazis” is belied by the fact that they also attacked three other patrons of the restaurant who had nothing to do with the white supremacists/Irish Heritage group, along with the owner of the restaurant.

So why is this important to me? My wife was having lunch in the restaurant at the time. But for the courageous action of a cousin, she would probably been injured, if not killed.

As my mother once said: When you fight fire with fire, you just end up with a bigger blaze“