Monday, December 30, 2013

How to Pen a Political Takedown Note, in the style of Krugman

One short sentence announcing what is happening, in general, absent of this particular feud. Two sentences stating your opponent's opinion, in a manner that is fair and they they would recognize. A few words stating that they are wrong (or very wrong, or catastrophically wrong, the case being.)

A promise of a detailed explanation later, but first, come context.

One or two or five paragraphs of necessary historical and philosophical context, as most questions deserving of a detailed response are really deserving of essay-length reflections. But this is the internet, five paragraph will have to do.

Two or three paragraphs articulating your rebuke to your opponent, in light of the historical context. The key here is to help the reader put two and two together -- resist the temptation to lean on any sense of authority. Now is not the time to be the delivery person of the Judgement Inc. Corporation. Present the argument fairly and sternly. 

One line calling your opponent a ditwit or some such. By the time you get here, you've earned it

Saturday, September 21, 2013

Health care in America is funded by the government to a greater extent than in Canada (reprise)

Little known fact: Health care in America is funded by the government to a greater extend than in Canada. Between Medicaid, Medicare, Military Health Care, and emergency room services for the non-insured or the under-insured, the American government pays US $2,728 per person per year for health care.

In Canada, the government pays only US $1,893 per person per year. That's 30% less.

With that money, the Canadian government manages to cover everyone with world-class quality care. Even though the American government is paying more per head, its money only manages to cover a small fraction of its population, with the rest being left to fend for themselves with private insurance companies. These companies charge higher prices for coverage than even the USA government spends, let alone the Canadian government (about US $8000 per year) and outright refuses to offer their services to 20% of the population.

This leaves the United States with the largest population in the world without access to health care, and the highest rates of bankruptcy. In the US having a medical emergency often means going bankrupt. Bankruptcies arises whether or not you have private health insurance coverage since private insurances cover so little (when they do offer coverage) that their disbursement are rarely sufficient to avoid bankruptcy. 62% of all bankruptcies are caused by medical events.

The strangest aspect of American health care is the presence of folks who are rabid defenders of the American system, who speak without any awareness of the current system's failings, and without any knowledge of the alternatives.

The case of death panels angst is particularly poignant, since one keystone pillar of the new health law is to force private insurances to abolish their "Do Not Treat" list -- from 20% (mentioned above) down to near zero. The law:
  • Forbids insurance companies from discriminating based on a disability, or because they were the victim of domestic abuse in the past (yes, insurers really did deny coverage for that)
  • Says health insurance companies can no longer tell customers that they won't get any more coverage because they have hit a "lifetime limit".
  • Says insurers can't just drop customers once they get sick.
  • Forbids "pre-existing conditions" for kids under the age of 19.
and on January 1st, 2014,
  • no more refusal of care because of pre-existing condition at all.
The law does all this without establishing any new form of government coverage (Medicare, Medicaid, Military health care, and uninsured health care remain largely unchanged.) What list could "death panels" possibly be referring to? Nothing at all, that's what.

Then there are the claims about the amount of money different governments have to spent, claims that certain numbers ought to be ruinous, yet the arguers never put in the effort needed to look up the numbers. In many anti-Obamacare posts, the key thing to notice are the appearances of the word "handout", which reveal the nature of their conception of the role of government.

While governments are generally constructed to take care of domains where the private sector does poorly (such as health care -- the specific economic reasons are too long for this post, but are covered in most introduction to economics textbooks, if you are curious). Anti-handout people understand governments principally as a transfer of wealth to receivers of handouts. This attitude is also known as class-war-ism, and is one of the most corrosive forces in modern American politics.

Government Number Source, Wikipedia

For more details on the content of the new Obamacare law, read this fantastic post in the fantastic subreddit titled Explain It Like I'm Five.

Thursday, June 6, 2013

Scary hypothetical: Your email account just got hacked

Ouch, your email account just got hacked. Sorry this is happening to you. We live in an age of computer security where the spammers and scammers have the upper hand. Hopefully the wind will turn soon.

Very possibly, the spam the hacker sent went to all sort of people, not just to your contact. Very possibly they also emailed to a list of targets the spammers have grabbed from around the web, and from other hacks. They merely used your account as a conduit to make their email fly with artificial legitimacy, so they wouldn't trip the recipient's spam filter. That sucks, I know.

Here's what you need to do, from most urgent first:
  1. Change your password at Gmail or Yahoo, or whichever service you used. Hopefully you already did this. Preferably, change your password from a different computer than your usual one: In the worse case, there is an attack virus on your computer watching you enter the password updates. That would be bad.
  2. Change your password on all sites where you have used the same password, or a derivative of the password, or a similar password-generation scheme.
  3. Turn on two-factor authentication on your account. This will be a huge win in securing your account going forward. Lifehacker describes the feature in details.
  4. Start using Keepass to generate and store securely a different password for every website you have a password with. Every password will be super random and super long, and thus super secure. See my blog post on this topic here.
  5.  Do a thorough scan of your computer for viruses and trojans. Follow the instructions here. If that seems intimidating, bring your computer to a friendly local computer repair shop.
If you find Keepass intimidating, the alternative is to change all your passwords to fresh passwords generated using XKCD's excellent (and fun!) schema. Then you write them down on a sheet that you keep by your computer. Then make some copies and store them in different secure places, such as where you keep your tax information and what not.

It might seems counterintuitive, but these days, physical security is vastly stronger than online security, so while this practice isn't exactly as strong as using Keepass, and not as convenient, it is sufficiently strong for most purposes. Petty thieves are just not known for rooting around people's house for printed password lists, and if they found the list they wouldn't know what to do with it.

When choosing passwords, adding a punctuation mark doesn't nearly work as well as it used to. The reasons are two-folds:
  1. Most hacks don't actually involve breaking the password. They get in by defeating the security of either the website itself, or that of your computer, or through a phishing email. That's where two-factors authentication really shines. http://en.wikipedia.org/wiki/Phishing
  2. Hacks made by breaking passwords involve a website being hacked and its users password list getting stolen. The thief then cracks as many passwords as they can, offline, using massing supercomputers rented by the hour. They then proceed to attempt to login into other websites using those credentials. You can read the story the devilish effectiveness of this technique in this fantastic long-form article at the always top-notch publication Ars Technica
Thus my recommendations in support of two-factor auth and Keepass.

And in case you are asking, yes, Macs are just as vulnerable. Now that everything has moved online, it doesn't matter much which kind of machine you are running. The more prominent attack vectors I was describing, breaking into the website and phishing, don't involve your machine at all. An attack into your laptop most likely would involve your browser, and those are largely the same across platforms. I know plenty of Macs who have been hacked, and in some ways, getting your Mac hacked is worse, since Apple controls the machine so deeply. A salient story here is that of the famous technology reporter at Wired, Mat Honan, who had his Mac hacked and destroyed remotely.

To end on an up-note, I do feel the wind is turning. This new two-factor authentication feature many websites have began implementing is a huge breakthrough for everyone's security online. As two-factor become popular and widely used, I have great hope that we will see a stunning decrease in the number of people affected by hacks and hackers. Plus, at this point we can more or less trust that hardly no one clicks on the links sent by these attacks, which demonstrate how far we've come along educating each other about this new topic of online computer security that was imposed onto everyone a few years ago. This too, deserves to be celebrated and it bodes well for the future.

Good luck.

Monday, April 1, 2013

Happy World Backup Day!

Today I am grateful that my electronic devices remembers all those pesky little wonderful things for me – such as my wedding pictures and what not.

Would like to invite everyone to check and make sure that all the files are secured and properly backed up at least once a year. And what better day for this than March 31, the day before the Internet goes silly.

In that spirit, I would like to share my very own backuping recipe.

Our two Windows laptops both run Dropbox in order to protect the most important files. One laptop runs on the free plan, the other we pay $8 per month for some extra space. Some of the larger files are are impractical to backup at Dropbox, specifically our videos and raw-format pictures. For these, we have a USB hard drive plugged into a Asus RT-n16 router which acts as a small file server. This drive is the destination for two processes. First, the laptops run the free software Duplicati.org which copies recently changed files to that hard drive over our home Wi-Fi every night. And second, we use the free version of the program Macrium Reflect to make for images of our hard drives every so often. This way if a laptop gets stolen or damaged, we don't have to reinstall everything from scratch.


The story of how Pixar almost lost Toy Story 2

That little hard drive could the stolen at once, so I wouldn't rely on it without some form of off-site backup. For this, I installed a copy of the open source software Tomato on the Asus router which lets me run small Linux programs on it. I have a script that copies the file from the hard drive to Amazon S3 file storage service which offers some of the most inexpensive hard drive space rentals available.

The logic here is, our laptops are not ON at home for as long as you might imagine. In true New York style, we move about town a lot and spend copious amount of time slipping overpriced coffee, using various coffee shop's free Wi-Fi. It would seems impolite to backup large files over their connection. Better to backup to the small drive at home, over the super-fast 802.11n connection, and let the daemon process running on the Asus router upload at leisure throughout the day.

All our hard drives are encrypted using the open source program TrueCrypt, to protect our privacy and identity in case of theft of the devices. All our passwords are unique, randomly generated, and stored encrypted in the open source program Keepass Professional. Keepass's encrypted file itself is in our Dropbox folder, this way it gets backuped in turn.

Finally we upload our music to Google's music locker, at music.google.com/, which is free up to 20,000 songs

I must say, this setup is the best I've felt about our backup setup in years (knock on wood). All our data eventually makes it to off-site storage, and all the most important steps are automatic.


What is your backuping recipe?