Paul Krugman And The Virtue Of Skepticism

Yes, this is a nerdblog. Yes, we focus on technology. No, this post isn’t about technology. Today we turn our attention to Paul Krugman. Why? Your JoeDog studied economics and sometimes he likes to distribute nerdy turd droppings. Consider this a dropping.

In a recent post Paul Krugman devoted time to the virtue of skepticism. In particular, he says, you should be leery of studies that neatly correspond with your own political preferences.

That’s good advice. For illumination he offers this nugget:

For example, I’ve been aggressively skeptical of studies that seem to show a negative relationship between inequality and growth, precisely because that result is so convenient for my political tribe (which doesn’t mean that it’s wrong.)

Now Your JoeDog’s high-level macroeconomic views generally align with the New York Times columnist. Like Krugman, he was schooled on Paul Samuelson’s Macroeconomics textbook. That book provides a framework that is recognizable to Krugman’s readers.  Sadly the similarities end there. Krugman is a Nobel Laureate and Your JoeDog is a guy who yells at him on the Internets.

When he sees Krugman is extra skeptical of views that support his political position, that gives cause for pause.


When Thomas Piketty made a stir with Capital In the 21st Century, Krugman was an early cheerleader. Consider this column. It was written ten days after the book was available in the US. Krugman may have had an advance but how long is the period of extra skepticism? Two months?

Look, Piketty also supports Your JoeDog’s priors but he remains skeptical of his economic analysis. It contradicts much of what he learned in Macro 101. It probably contradicts what Krugman teaches his own students. When we follow the framework that Samuelson provides, we expect wages to rise as unemployment falls, amirite? That’s what happens when companies compete for workers. Supply and demand, motherfsckers.

What stands in the way of 1990s employment levels is politics. When governments prioritize low inflation over low unemployment they do the bidding of wealthy benefactors. Piketty makes more sense when he’s viewed in this context. People with money can (and do) influence policy. From a macroeconomic perspective, his data seems to track the symptom rather than the cause.

If Krugman now practices aggressive skepticism, that’s a good thing. Piketty should be scrutinized. In the meantime, the answers for wage stagnation already exist in Krugman’s own textbooks. Let’s hope he avoids distraction and promotes those ideas more aggressively. In the long run, we’ll know if Piketty was onto something but we already have the tools to fix wage stagnation. That’s is where our focus should be now.

Search, Search, Search … The Boys Are Missing!

bad chart - downward spiralYour JoeDog is confused. He can’t help it; Google can’t keep its story straight.

For example, in Google’s Webmaster Tools, they tell him 16 people clicked search results that pointed to last month. In Analytics, they tell him 11,696 people clicked links over that same period. That’s quite a discrepancy.

Here’s another head scratcher: In Analytics, they say Your JoeDog had just under 50,000 page impressions in May but Adsense says it was over 60,000.  That’s unexpected, right? Many of you are running ad blockers — hey! why are you blocking Your JoeDog’s ads? — shouldn’t we expect more Analytics impressions than Adsense impressions?

The only analytics program we really trust is Webalizer.  That’s a log analysis tool which provides summary reports of all activity. If you make a request, it’s in the logs and therefore in the report. So while Analytics says 50,000 page impressions and Adsense says 60,000 page impressions, Webalizer says “No, yo, it was actually 317,490.”

None of the 260,000 people who eluded Google’s detection are reading this post. They are login attackers, link spammers, referrer spammers and an assortment of other dicks. Your JoeDog doesn’t know all the things they’re doing to this site but he’s confident of one thing: there were at least 260,000 of them last month.

US Government: We Suck At Security; Trust Us With Your Records

navalwarcollegehackers_168457_372093-300x193Your JoeDog is not one of those knee-jerk anti-gub’mint guys but god damn sometimes they test his patience.

By now you’ve heard of that database breach in which the Chinese allegedly stole the personal information of approximately 4 million government employees. About half of those records represent current employees, the rest are for previous workers. According to an unnamed US “official,” the data goes back to 1985.

CNN interviewed “experts” who told the network that the Chinese appear to be building a large database of Federal employees which will help them model the organization and setup insider attacks.

One-third of Your JoeDog’s visitors are from China and we’re starting to feel like an abused spouse. We give you free software and you break down the door and steal our records. Thanks, China. Thanks, a lot.

But here’s the real kick in the ass: US government officials cite this breach as a reason to pass a host of legislature which will, among other things, put more personal information into the hands of government. Information-sharing clauses in these bills will essentially channel more personal data from businesses to the Federal government. That makes Your JoeDog’s head explode. The government is essentially saying, “We can’t secure our own records so give us more records.”

The chairpersons of the select committee on cybersecurity have their hair on fire. They predict dire consequences if we don’t grant them more personal data: “Business and industry leaders warned us of the growing threats during various hearings, and this attack shows why the Senate needs to move quickly on a cyber bill.”

The shittier a bill is the quicker is must be passed, people. Don’t worry your pretty little heads about its contents.

Funny thing: Newton’s Third Law applies to politics as well as physics. For every asshole, there’s an equal and opposite anti-asshole. Are you from Oregon, Dear Reader? Then pat yourself on the back because your senator is our anti-asshole.

I believe sharing information about cyber-threats is a worthy goal, it is unlikely that information sharing by private companies would have made any significant difference in protecting federal employee data. That’s why cybersecurity experts say that passing a bill like this will do little to reduce security breaches.

“This is a bad excuse to try and pass a bad bill.”

Amen, Senator Anti-asshole. Amen.

Now That’s Underhanded

The Underhanded C Contest challenges participants to write straightforward and clearly written code which doesn’t perform its intended purpose. Winning entries should easily pass inspection by other programmers so they can be added to the code base in order to execute their intended purpose which is to miscount votes, shave money from transactions or pass along information to another party, etc.

Some of the techniques used in this year’s contest include the use of K&R style function declarations to circumvent type checks, #include statements that change the package structure, swapping user space #define with system ones and a misleadingly long loop execution.

The winning entry leveraged the __isleap() function in time.h. Because that function is actually a macro it expands into an expression when a user defined macro is invoked multiple times. The winning author placed a subtle bug in that macro which plausibly turns the year into a 0 and writes past a buffer thereby performs the author’s intended purpose: to leak information to the outside world.

[Karen Pease: The Underhanded C Contest Winner]

Siege 3.1.0

With little fanfare and positively no hoopla, Your JoeDog released siege-3.1.0 to an unsuspecting world. This release is better able to handle concurrencies greater than 1024 — please don’t use concurrencies greater than 256 unless you know what you’re doing. Siege is able to accomplish this feat through a combination of select on its first 1024 socket descriptors and poll on each one after that. Again, please don’t use concurrencies greater than 256 unless you know what you’re doing.

Hat tips to Abhishek Bhuyan, cheshirecatalyst, Teoh Han Hui, scooby, webus and Dave Fink for input and testing leading up to this release. We still have more work to do this area but we’re in a better place.

Hey ho — that’s not all! Three-one-oh comes with a new feature. We applied a patch from Eric Abbott which provides improved delay granularity. You are no longer confined to the rigid world of integers, one, two, three, four, etc. You can now use decimal precision like this: –delay=0.05 or this: -d 1.5  But here’s the thing about this feature: It’s kind of embarrassing that we’re adding it in the sixteenth year of the project but you guys never asked for it!

One more thing: please don’t use concurrencies greater than 256 unless you know what you’re doing. If you lay siege to apache with an out of-the-box config, it will not be able to handle the load and all you’ll do is make a mess.


Is Ted Cruz A Retard?

A few months ago, Your JoeDog wrote about Ted Cruz. The topic was net neutrality. Your JoeDog favors it, the Senator opposes it. As a result, one of the more popular search phrases which drives traffic to this site is this question: “Is Ted Cruz a retard?”

Here’s the thing: we never called Ted Cruz a retard. We think he’s either stupid or evil.

And why is that?

In the article Your JoeDog wrote last November, Cruz told an audience that rotary phones became stagnant technology due to FCC regulation but iPhones thrived because the government kept its grubby laws off of them.  In the reality-based world, both devices fall under FCC jurisdiction. As a sitting senator, he should know that. After all, Cruz sits on the subcommittee of which oversees them both.

Now we’re not qualified to say whether or not Ted Cruz is a retard but if you typed that into the Internets and landed here, then you probably already have an answer to that question. Our hunch is this: Cruz doesn’t actually believe any of the stuff he’s peddling. Donors probably gave him large bags of cash to lobby in their interests. Unfortunately, those interests don’t correspond with mine. So if you want to call Cruz a retard, knock yourself out. Your JoeDog is sticking with “evil.”

Ransomware Creator: Sorry About That

By now you’ve probably heard of ransomware. It’s a form of malware that encrypts your files and demands a payment for the decryption keys. The whole concept of ransomware says a lot about humans, huh? It says we’re quite clever but we’re also basically dicks.

Last week a new strain of human dickishness was unleashed on an unsuspecting public. Locker is a form of ransomware known as a sleeper. That’s a variant that lies dormant until the administrator wakes it up. Last week the alarm rang. The program rolled out of bed and encrypted files on thousands of PCs.

Now this week an internet user who claims to be the author apologized for that whole making-your-life-suck thing. To prove his sincerity, he released this statement on PasteBin:

I am the author of the Locker ransomware and I’m very sorry about that has happened. It was never my intention to release this.

I uploaded the database to containing ‘bitcoin address, public key, private key’ as CSV. This is a dump of the complete database and most of the keys weren’t even used. All distribution of new keys has been stopped.

He went on to say that automatic decryption will begin today. If your files are already borked by this program, then I suppose you don’t have much choice but to trust the author. Try to decrypt the files with the keys he provided. If that fails, make sure your computer is connected to the internet so you can receive the task signal.

The USA Patriot Act

safe, secure and contentedSee that little Frenchie on the right hand side of this here blog post? That was Your JoeDog under the Patriot Act. He slept the sleep of the contented then.

While the USA Patriot Act was in effect he didn’t worry about terrorists coming to chop off his head. He did lose sleep over bad guys with suicide bombs. He didn’t worry his pretty little head about creeping sharia law. But that was then.

Early this morning — at midnight to be exact — the United States Congress allowed the USA Patriot Act to expire. All those terror fighting tools are out the window now. With no eavesdropping, no metadata, no records seizures. and no extended Secret Service jurisdictions, how’s Your JoeDog supposed to sleep at night?

See that little Frenchie on the right hand side of this here blog post? That’s how.  Good riddance, USA Patriot Act.

Google Cars Drive Like Your Nana

Here’s a nice first hand account of Google cars from Emerging Technologies:

Google cars seem to be a little overly-cautious at intersections where visibility is limited: Think a T-intersection where a big truck or a bush blocks visibility for the road that needs to turn either left or right. The Google car I saw inched forward very slowly with a lot of pauses, as if it was stopping to get its bearings even though it obviously hadn’t pulled forward enough to “see” anything. It appeared very safe, but if I had been behind it I probably would have been annoyed at how long it took to actually commit to pull out and turn.

Google cars are very polite to pedestrians. They leave plenty of space. A Google car would never do that rude thing where a driver inches impatiently into a crosswalk while people are crossing because he/she wants to make a right turn. However, this can also lead to some annoyance to drivers behind, as the Google car seems to wait for the pedestrian to be completely clear. On one occasion, I saw a pedestrian cross into a row of human-thickness trees and this seemed to throw the car for a loop for a few seconds. The person was a good 10 feet out of the crosswalk before the car made the turn.

This is all well and good but will they drive your drunk ass home from the brew pub?

[Emerging Technologies: Californians are OK with Google self-driving cars]

Al Qaeda’s Porn

al qaeda steganographyIn 2011, an al Qaeda operative named Maksud Lodin was arrested in Berlin. Among his possessions was a memory card that contained, among other things, a porn video called KickAss. While that may have raised eyebrows — “a religious holy warrior is carrying beat-off material?” — it wasn’t what authorities were after. To them the “good stuff” is actionable intelligence. According to die Zeit, they found it. Federal police recovered al Qaeda documents that were hidden on the card. Where? The were embedded in the film.

In total, the Germans recovered 141 separate text documents hidden within a .mov file. The discovery confirmed a long-standing hunch that al Qaeda used steganography to hide its information in plain sight. The public was outraged and horrified. “OMG! Al Qaeda is embedding shit inside our porn!!11!1!!”

Your JoeDog was reminded of al Qaeda’s porn when he stumbled across timeshifter. It’s a small utility that lets you to embed messages in regular network traffic. How does it work? By modifying the time intervals between packets, @anfractuosus is able to hide messages in plain site. The system relies on binary encoding. A short delay means 0 and a long delay means 1. By sending messages in this manner, the transmission is unlikely to arouse suspicion.

To implement this system, you’ll need the libnetfilter_queue library and the ability to set iptables rules. All the code is available along with detailed instructions. Check it out.

[anfractuosity: Timeshifter]