For now, I’ll leave this in the Department of Unintended Consequences, although Encroaching Corporatism might be a possibility… Turkey prices have gone up significantly over the past few years, and we have also ween a significant consolidation in the concentration of Big Turkey (the top 20 firms). This is still a competitive market—the graphic does show the top 20 firms, after all—but this consolidation happened, at least to some extent, as a result of government policies regarding ethanol, which bumped up costs significantly.
November 30, 2011
November 29, 2011
More security notes.
- The US military appears to be pushing for more offensive operations against hackers. I wonder what this will turn into in practice.
- Full-disk encryption is very hard to crack. To me, this is pretty obvious, given attempts by law enforcement officials to try to have people held in contempt of court if they don’t release hard drive encryption keys and passwords.
- Apache has a vulnerability in their reverse proxy. This isn’t the first one, either.
- Hackers hacking hackers (via HNTV). I’m actually not all that interested in the story itself—it doesn’t surprise me that hackers would target other hackers—but rather in the method of attack. It sounds like the problem was due to the site being on a hosted service, and other vulnerable sites on that hosted service being attacked. If so, I’d hate to say it, but there’s a legitimate externality problem here: we already know that our security depends, in good part, on the actions of a large number of other services and third parties, but typically, we have at least some control over the third parties we allow in: if I install Apache for my web server, I do it by choice and do so knowing at least some of what I’m getting into. But if some bozo who just happens to be on my hosted server gets owned, there are simply too many ways to get root (and thus bypass any user-specific access restrictions).
- SSL is still broken, part 2 (via HNTV). The breach is up to four years old, and the firm is not sure exactly whether any invalid certificates were created during that time.
- Microsoft released a fix for its TTF kernel vulnerability (via HNTV). That fix didn’t make it into November’s Patch Tuesday, so it will probably show up in December.
- The EU has banned X-Ray body scanners in its airports.
- John Strand has an awesome blog post on cross-site request forgery. This is the type of thing which works best for a targeted attack: you need to know that a particular person will be connected to a site in order to get it to work correctly. But if you do have that information, you can do some pretty interesting things as a result.
Read an interesting article from Let’s Go Tribe, my one stop shop for all Indians news. The article suggests that Bud Selig, MLB Commissioner, wasn’t so in favor of fixing bonuses because the owners were losing money on them. It sounds like what he actually wanted was something closer to cost certainty than MLB has ever enjoyed in the past.
Fans of MLB know one thing — the draft is almost literally a craps shoot. Yes, you can study an underused group of players, or focus on one geographic area (like the Braves), but for the most part, there are no guarantees in a draft. Unless you’re phenomenally stupid or have no picks, you’ll get, at bare minimum, a quality starter out of any NFL draft. That’s not the case for baseball. So a much more firm slotting system seems to me to be a good idea; players get drafted where they ought to be drafted, and make a little sense out of the chaos.
I do not like what they’ve done to international scouting — one of the few ways a have-not can play with the haves — although I know an international draft has been a pipe dream of Selig’s for a long time. But on the amateur player draft? I think it’s a solid move.
November 28, 2011
The idea of “Near Poor” is meaningless when 20% of them “own their homes mortgage-free” (emphasis in original). If you already own your own home and don’t have any debts owed to others, two can live fairly comfortably on $20K a year in the Midwest. Even without taking into consideration transfer programs like food stamps and Medicaid, you’d look at about $15K a year after taxes (and a yearly federal income tax refund probably in the $1500 range), or $1250 a month. After covering our expenses, that would still leave a net positive income of $200-$600 a month, and most likely, a “near-poor” person would not have quite as many frivolous expenses as I tend to rack up, meaning you could probably squeeze another $150 or so a month out without cutting too deep.
Furthermore, if only 25% of your target group does not have health insurance and only 28% work full-time, you’re really digging at the bottom of the sympathy barrel here. I’m sure there are some people in this category who are having a hard time of things, but as noted above (and as Kaus points out), large swaths of the group likely are doing just fine and have down-sized their earnings requirements because they simply don’t need to earn as much. If you own your own home, have a fair amount of savings, or are already drawing down on a pension, you don’t need to work so many hours. Some people still will, but there is a pretty decently-sized percentage of that group who probably are working just enough to feed their lifestyles. And unlike what the Times editors want you to think, those people aren’t out begging for sympathy or handouts.
There are a few more outstanding points Kaus makes, but the last one I want to point out is that if this is the “near poor,” it would probably behoove us to take a deeper look into what, exactly, “poverty” (as defined by the government) entails. People who bring this topic up want you to think of urchins and the trappings of pre-industrial society or the fellow working three jobs to make ends meet. But what percentage of those marked “poor” really are poor, in any serious sense of the word? The quick answer: fewer than you would think, due to the fact that the poverty line is a relative term: when you fix the 16th percentile of a nation as “poor,” then don’t be shocked when 16% of the people come up as poor.
November 27, 2011
I’ve got a lot of security notes to catch back up on, so there will be a few iterations of this topic this week.
- There is an ability to open prison doors remotely. I think the likelihood of an exploit of this nature is rather low, however. Most importantly, get those SCADA systems (and the Windows-based control systems) off the Internet.
- SSL is totally broken.
- Good news: one of the bigger scumbags on the Internet has been taken down. Here is some more information on the takedown.
- A new version of sqlninja is out. I’ve looked at sqlmap so far, but will pay some attention to this product as well.
- Kicking Charlie Miller out of the iOS development group isn’t a great idea. If I were working for Apple, I’d much rather that a responsible discloser (like Miller has been) find my problems than somebody truly malicious.
- I like OpenID and OpenAuth, on the basis that I am willing to trust a professional who puts a lot of effort into creating a secure system more than a typical programmer who may or may not know how to do it right. Unfortunately, the pros get things wrong, too.
- In the Dog Bites Man category today, most Android malware originates in China.
November 26, 2011
Before that, Hinderaker was showing yet another example of how the wheels are falling off of this money-making scheme. Dr. Tim Ball argues that, regardless of whether the phenomenon of global warming is real, it cannot possibly be due to human-caused increases in carbon dioxide.
And since then, Steven Heyward has piled on a bit, pointing out a study which notes that the 66% probability range for anthropogenic carbon emissions has dropped from 2-4.5K (median @ 3K) down to 1.7-2.6 (median @ 2.3K).
Time to start looking for another money-making scheme.
November 25, 2011
Here is an interesting post on design problems inherent in touchscreen-based technology (via Brent Ozar PLF’s weekly list). There is something to be said for tactile interfaces: typing on an old IBM keyboard provides much better feedback than trying to type on a similarly-sized touchscreen keyboard (not to mention a much smaller touchscreen keyboard).
The other problem that I see is that most of our daily experiences are three-dimensional in nature: the relative thickness of a book, as pointed out, tells you a pretty good amount on its own: it tells you how far along you are, roughly how much more there is to go, and how big the book is compared to other books. Without that third dimension, you need page numbers, or you’re lost. The lack of a notable third dimension certainly keeps devices portable and light (I’m not complaining about being able to store hundreds of books on my nook, and I can lay my nook flat and expect to be able to read from it without holding the thing open) but comes with some tradeoffs. When it comes to something like a keyboard, or some other device in which constant visual observation is a bad thing, the model falls apart, leaving us to cope with subpar design.
November 24, 2011
- Michael Swart has a good post regarding data reading and yield. Unless you have snapshot isolation on, yield has the potential to blow up pretty quickly.
- FatherJack reminds you always to make sure your jobs notify you in case of problem.
- Gail Shaw has a great series on advanced indexing: part 1, part 2, part 3.
- Robert Young wants us to expand our database model beyond the relational model and incorporate inferential statistical models. This is actually meaningful for us at work: our organization does a lot of statistical modeling using SPSS and SAS, so it’s interesting seeing what is easy in SQL versus what is easy in SPSS. Even something like calculating a median is relatively difficult in SQL Server; more advanced statistical analysis is all the more difficult. The way I see it, statistical analysis tools could (and perhaps even should) be built on top of relational databases or OLAP warehouses. Making it easier for data analysts to plug into SQL Server and do their work limits problems like needing all kinds of flat file data sets, overlapping data, out of date date, etc. from being a problem. Anyhow, important notes: IBM bought SPSS, so I could see that in DB2; in addition, Oracle is incorporating R into their database. SQL Server could also include R—it is open source, after all—and this would be a good opportunity to get in on the ground floor.
November 23, 2011
- I sincerely hope that Newt Gingrich is not the Republican candidate for President in 2012. Charles Rowley and Mickey Kaus provide a few of the more salient reasons why.
- A flawed balanced budget amendment went down. I would consider a BBA to be, at best, an indirect method toward getting back on the right track. It is not, on its own, a great measure, especially given the way taxes and spending are de-coupled.
- Interesting question: will Josh Mandel run for Sherrod Brown’s Senate spot? Mandel has jumped through a few offices and would certainly make that an interesting race.
- Political Math: Occupy Wall Street should be Occupy Foreclosed Homes. Point 6 would never, happen, though: these are people who obviously have no ability to keep anything clean.
Despite my love for Cleveland sports teams (well, except the soccer team, which I’m pretty sure doesn’t exist any more, because metric football is for girls and Europeans), I own exactly one Cleveland jersey — #24 Grady Sizemore. I bought it at a game in 2004; it was either that or Victor Martinez, but I know that catchers tend to break down and have short careers, so I chose the centerfielder instead.
Fast forward to the end of this season. The Tribe, quite sensibly realizing that Sizemore doesn’t currently possess the “sixth tool” — staying healthy — did not pick up the $9 million option. Instead, they paid the buyout (a reasonable 500k). I worried that another one of my favorite Cleveland players was going to leave.
I wake up this morning to this.
This makes a lot of sense. The Indians farm system has been decent at producing pitchers and infielders but outfielders are few and far between. For Sizemore, testing free agency on last year’s stats is probably a bad move, long-term, and he gets a chance to prove himself before either resigning with the Indians or, maybe, getting flipped at the deadline for some prospects, which is how we got #24 to begin with (thanks, Bartolo Colon!)