Happy New Year

It's a slow news day. Or maybe William Wan at the Washington Post has been working on this piece for months. If you're looking for an alternative to the traditional NYC ball drop tonight, here are a few alternatives:

Sailboat - Annapolis
Giant peaches and chicken nuggets - Georgia
Sardine - Main
Drag queen - Key West
Pickles, giant Peeps, stuffed goats - Pennsylvania
Love stamp - DC (abandoned)
Crab - Easton, MD
Duck decoy - Havre de Grace, MD
Lamp (pineapple backup) replaces pear - Fredericksburg
70-pound tangerine - somewhere

along with an academic discussion of why we do such things.

Happy New Year!

Idle curiosity

I have written before about the predictability that people who have access to sensitive data as a part of their job are likely to misuse it. A recent article reports that the individual who peeked at several high-profile passports has been sentenced to probation and community service.

I wonder if this will help. Will the fact that someone else got caught and managed to destroy his career have any effect on the next bored computer administrator who decides to snoop on his users, or the next just-past-adolescence technician who is supposed to be looking for terrorists but is instead enjoying spicy telephone conversations? Probably not.

This news will receive some notice in the security community, but most of the people involved are not in the security community. The passport snoop was an intelligence analyst, and it’s the folks who do boring work but just happen to do it on sensitive databases who are prone to wander where they shouldn’t be.

A frustrating aspect of this issue is that there’s not a lot you can do to protect yourself. It’s not like you have a choice on where to get your passport or driver’s license, or which telephone lines your conversations use. I suggest picking the most reputable companies possible when there’s a choice, although I really doubt that there’s much correlation between the behavior of the administrator at Joe’s Internet Service and, say, AT&T. Another suggestion is to use as few different companies as possible; if you’ve got information at ten different companies you’re more exposed than if you have it at only one or two.

But the bottom line is that we’re at the mercy of many more people who have access to our personal information than we wish, and there’s not much we can do about it.

US and China - Addiction?

The issue of the relationship between China and the US is an important one in the current economic situation. An article in the New York Times provides an interesting perspective on this from a bit different perspective than you usually see. Part way through the article are these paragraphs:

By itself, money from China is not a bad thing. As American officials like to note, it speaks to the attractiveness of the United States as a destination for foreign investment. In the 19th century, the United States built its railroads with capital borrowed from the British.

In the past decade, China arguably enabled an American boom. Low-cost Chinese goods helped keep a lid on inflation, while the flood of Chinese investment helped the government finance mortgages and a public debt of close to $11 trillion.

But Americans did not use the lower-cost money afforded by Chinese investment to build a 21st-century equivalent of the railroads. Instead, the government engaged in a costly war in Iraq, and consumers used loose credit to buy sport utility vehicles and larger homes. Banks and investors, eagerly seeking higher interest rates in this easy-money environment, created risky new securities like collateralized debt obligations.

“Nobody wanted to get off this drug,” said Senator Lindsey Graham, the South Carolina Republican who pushed legislation to punish China by imposing stiff tariffs. “Their drug was an endless line of customers for made-in-China products. Our drug was the Chinese products and cash.”

So here we have a mutually beneficial relationship that is turning sour for both countries. Comparing it to a drug addition is appropriate. I wonder how withdrawal will affect both parties.

Moby Drift in the Driveway

We didn’t get any new snow last night, but I looked out this morning to discover that the wind shifted during the night, scouring the snow from the front yard and depositing it in the driveway. If you examine the background of the image, you’ll see actual uncovered grass, which is where the snow came from. The drift was about three feet deep, and it was a cross between snow and ice. The wind packs the snow into a dense material that comes out in blocks when you shovel it, and then you have to hack the blocks into pieces to get something that is light enough to lift. This wind was from the southeast, which is out least protected direction and somewhat rare in a normal winter.

This has not been a normal winter.

The folks on the Weather Channel were discussing last night the possibility of flooding in the lower Midwest as temperatures rise, snow melts, and additional rain is added. It was about this time last year that I was deployed to Peoria for the southern Illinois floods. History might repeat itself.

Batik quilt is done

The batik quilt is done. It contains 96 different batik fabrics.

The pattern, bento box is one that I purchased after seeing it used with batik fabrics at the local quilt shop. However, my quilt looks quite a bit different than the one in the quilt shop since I decided to arrange the blocks in a non-traditional manner. The usual method, shown in the small graphic, is to arrange the blocks in sets of four to produce a design that builds on the square. I rather like the zigzag effect from this arrangement, and the quilting emphasizes the zigzag. The last image shows the quilting.

Everyone needs a competitor.

In an op-ed piece in today’s New York Times, Thomas Friedman provides ideas to ponder.

I have no sympathy for Madoff. But the fact is, his alleged Ponzi scheme was only slightly more outrageous than the “legal” scheme that Wall Street was running, fueled by cheap credit, low standards and high greed. What do you call giving a worker who makes only $14,000 a year a nothing-down and nothing-to-pay-for-two-years mortgage to buy a $750,000 home, and then bundling that mortgage with 100 others into bonds — which Moody’s or Standard & Poors rate AAA — and then selling them to banks and pension funds the world over? That is what our financial industry was doing. If that isn’t a pyramid scheme, what is?

His comment is in the context of looking at the American economic system from Asia. We’ve always been held in high esteem by countries with developing economies; who are they going to emulate now?

But while capitalism has saved China, the end of communism seems to have slightly unhinged America. We lost our two biggest ideological competitors — Beijing and Moscow. Everyone needs a competitor. It keeps you disciplined. But once American capitalism no longer had to worry about communism, it seems to have gone crazy. Investment banks and hedge funds were leveraging themselves at crazy levels, paying themselves crazy salaries and, most of all, inventing financial instruments that completely disconnected the ultimate lenders from the original borrowers, and left no one accountable. “The collapse of communism pushed China to the center and [America] to the extreme,” said Ben Simpfendorfer, chief China economist at Royal Bank of Scotland.

Sun dogs and happy beer

The temperature in the house this morning was 55°. [My heating strategy is to stop feeding the wood stove at about 5 PM, let the temperature in the house drop to a comfortable sleeping range overnight, then start a new fire the next morning.]
Outside it was a toasty -13°F. Yesterday the temperatures were in the 40s, but the bottom dropped out just after 11 AM. The drop was dramatic, as you can see in the Weather Underground graphic.

Yesterday we cooked an American Ale and this morning it’s bubbling happily. The yeast that we picked:

2112 California Lager Yeast. Particularly suited for producing 19th century-style West Coast beers. Retains lager characteristics at temperatures up to 65° F, and produces malty, brilliantly-clear beers. Apparent attenuation: 67-71%. Flocculation: high. Optimum temp: 58°-68° F

loves these temperatures; it was fermenting at 62° this morning.

I was totally unfamiliar with the term sundog until I moved to Minnesota. This morning we had the most prominent sundogs I’ve ever seen, including the rainbow effect.

Keep warm.

I'll pay you to take my money

One of the news tidbits that I missed last week was T-bills trading at a negative interest rate. The government sold new three-month bills at a rate of 0.005% and four-week bills at zero interest. But the rate on 3-month instruments actually went negative for the first time.

Not that this should come as any surprise, given the demand for a risk-free place to park money, especially since it’s year end. But the idea of investors paying the government for the privilege of using their funds is yet another indication of the state of the economy.

I’m beginning to read advice from stock pundits that this is the time to buy equities. The consensus appears to be that we’re still a few months from the bottom. It will be interesting to look back in a couple of years and compare reality to predictions. On the other hand, just because a given prognosticator was able to hit it on the bottom of this market does not mean that they’ll be able to do the same next time.

Two zero-day vulnerabilities

I’m not sure why I subject myself to the information, but I still receive a few of the newsletters and alerts that I used to use when I was actively working with Internet security. This is edited text from a recent one:

(1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (zero day)
Affected: Microsoft Internet Explorer 7 and possibly prior

Description: Microsoft Internet Explorer contains a remote code execution vulnerability in its handling of certain XML structures. A specially crafted web page can result in remote code execution with the privileges of the current user. This vulnerability is currently being exploited in the wild, and is reportedly not mitigated by the most recent Microsoft patches. No further technical details are publicly available for this vulnerability.

(2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (zero day)
Affected: Microsoft Windows XP prior to Service Pack 3.

Description: Microsoft WordPad is a Rich Text Format (RTF) editor included by default in Microsoft Windows. It is the default viewer for RTF files. It contains a flaw in its Text Converter component. A specially crafted RTF document could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is being actively exploited in the wild and is reportedly not mitigated by the most recent set of Microsoft patches.

Translation: Surf to a malicious web site with a fully patched IE browser and the owner can take over your system. The second one requires that the system’s owner be behind on maintenance and be tricked into viewing an RTF file, but it still applies to the vast majority of systems in the real world.

I’m not knocking Microsoft Internet Explorer. It’s at least as good as other browsers in the security realm and Microsoft responds as well or better than other companies to vulnerability reports. I use Firefox on an Apple platform, so the chances of something like this happening to me are much less, but that’s as much because I’m a member of a much smaller population (and thus hackers don’t target my operating platform as much) as any huge gap in coding expertise or quality of software.

Two things srtuck me when I read these vulnerability reports.

First, I understand why so many Microsoft systems are full of trojans, viruses, and malware of all descriptions. When you factor in the fact that most people don’t even bother to install available maintenance, it’s obvious that there’s a huge population of vulnerable systems out there, and low-hanging fruit is generally irresistible whether it’s an unpatched computer or a car parked with the keys in the ignition.

Second, I wonder why so many people put up with this. I sit here on my Apple, much more cocky than I have any right to be, and pity the masses that are at the mercy of Microsoft. I suppose that the prospect of changing to a different system is enough to convince most people that having their Microsoft-based PC crash regularly is the lesser of two evils. Of course, if lots of people actually did move into the Apple world, hackers would begin to target it and many of the advantages would evaporate. So I suppose what I should be saying is that Apple really sucks and don’t even think about moving off of fine Microsoft products.

Nationalization, and the opposite

Here are two topics that appear unrelated . . . but aren’t.

Nationalization. I thought that perhaps I was the only one using that term in reference to recent government bailouts of financial institutions, and now the auto companies. An analysis article in today’s New York Times expresses the same thought that I’ve been having. “Not since Harry Truman seized America’s steel mills in 1952 rather than allow a strike to imperil the conduct of the Korean War has Washington toyed with nationalization, or its functional equivalent, on this kind of scale.” Perhaps we’ll get to see how company strategy can be screwed up even more thoroughly than it has in the past.

Then there’s the op-ed story entitled “A Whitewash for Blackwater?”. “As with the torture and humiliation of detainees at the Abu Ghraib prison, our government is deflecting all scrutiny from the corporate higher-ups who employed the guards -- to say nothing of the policymakers whose decisions made the shootings possible, if not inevitable.” Certainly the individuals involved are responsible for their actions, but what training and support did they receive that would have allowed them to respond in a more rational way than spraying a public square with gunfire? Why has no legal action been taken against the company or its executives?

In one case we have the Federal government paying too much attention to how companies are run on a day-to-day basis, and in the other we see exactly the opposite.

On a completely different topic . . . we received our first significant snowfall last night. It’s hard to tell how much we actually got because there are places where there’s a foot and other places where you can still see the ground. Snowblowers are wonderful things.

I composed the first part of this hours ago, but discovered that my Internet access was down (my DNS server morphed into a ping server). Then I spent a few hours working on a grant request. Finished by checking on the neighbor’s cats, which entailed shoveling my way to their front door. The joys of being retired.

Credit card debt

An article in today’s Washington Post discusses the dismal November retail-sales numbers and points out that consumers are cutting back on credit-card purchases. Near the end of the article is this paragraph:

Consumer advocates say the credit crunch could be a good thing if consumers learn to spend within their means and retailers adjust to that new reality. The average revolving credit card debt per household has spiked 138 percent over the past 20 years to $6,528 from $2,739, adjusted for inflation, according to consulting firm Innovest Strategic Value Advisors. The shift to cash is forcing many shoppers to take a hard look at their budgets.

It’s about time.

Yes, consumer spending drives our economy, and it has kept us out of recession for years. But at what long-term cost? It can’t be healthy to have an average debt of more than $6000, and I’ve seen that statistic at $8000 in other sources. What happens to the economy when a significant fraction of those individuals cannot pay because they’ve lost their jobs?

I hope that the silver lining on this black recession cloud is that rational people realize that spending beyond their means burns them in the long run. I’m willing to see us suffer some economic pain if we come out the other side with dramatically lower consumer debt. But just as I expect gas guzzlers to become more popular now that the price of gasoline has fallen, I have little hope that the folks with huge credit card balances will learn anything from their experience. Some of them will, but will it be enough?

Contributions when the economy is on the skids

A recent article in the St. Paul Star Tribune reports that the Twin Cities Chapter of the American Red Cross [OK Big Brother, there’s your cue] is reducing staff and terminating programs.

This story serves to illustrate the huge differences between big Red Cross chapters and tiny ones like the one I’m affiliated with in Albert Lea. We have two part-time employees and volunteers do a lot. The Twin Cities chapter is talking about cutting staff by 25, to 48. 48, compared to 1.6. Of course they do a lot more than we do, but still it’s a stretch for me to comprehend how different the operation is.

They’re going to terminate a program that provided free transportation to medical appointments for poor people. I’m sure that it was a fine program and probably one that was much needed. But I have to wonder how the Red Cross got into that business thirty years ago. I hope that they can find another agency to take it over.

The most scary single fact in the article is that their donations are down 70% between July and October from the budget. (I’m assuming that the budget was reasonable; I wish they had given us a percentage decrease from actual contributions in the previous period.) Given the current state of the economy, it’s not a surprise that contributions are down, but that’s a huge decline.

This brings up a related issue – the article describes how the decline in contributions is affecting a local chapter, but it’s also affecting the national Red Cross. The organization is being squeezed in two directions. At the very time that the economy craters and people don’t have the dollars to give, we were treated to tornados, floods, wildfires, and finally a very active hurricane season. The news coverage of these events was largely eclipsed by coverage of the political campaigns and economic issues. Perhaps you think that the Red Cross is reimbursed by Uncle Sam for disaster responses, but that generally doesn’t happen and most of this is financed by contributions from the public. That’s why you see the text, “All American Red Cross disaster assistance is free, made possible by voluntary donations of time and money from the American people” in and on official Red Cross materials and equipment.

Consider including the Red Cross in your charitable contributions. It’s for you to decide whether you prefer to contribute to your local chapter or to the national disaster fund; both accomplish good things but they are different. You can read about the national drive here. If you want to donate to your local chapter, find their web site using Google.

As I sit and watch the snow fall, I hope everyone is having a good Interdenominational Winter Holiday. Keep warm.