Tag: policy

Posted on

Learning in Progress: Equality Has Many Definitions

This is a Learning in Progress post. Contents are brief thoughts based on few sources, and have not been checked for accuracy or usefulness.

These notes are based on a section of Equality by Darrin M. McMahon. I haven’t finished reading it, and a bug deleted most of my notes from the first ~200 pages, so it is even less complete than it might otherwise be.

People are different, and this makes them inherently unequal. This has been used to justify bigotry on arbitrary differences throughout history, but declaring equality of all doesn’t make people equal either. Everyone has needs and capabilities, and the only path to equality is to have all people use their capabilities collectively to fulfill their collective needs.

Stalinism took “From each according to their ability, to each according to their need.” and replaced the word “need” with “work”. By including this seed of meritocracy, anyone injured, disabled, or elderly is excluded from equality. (I think every person has a phase where they see meritocracy as ideal. Fortunately, most people grow out of this phase.)

Nazis promoted equality of a few at the expense of everyone else. (How equality has been used throughout history changes. It is important to recognize that it means different things to different people.) Fascism creates a meritocracy exclusive to one class, relying on the existence of outsiders (who must be murdered1). In this way, fascism must shrink the accepted class to have more outsiders, and eats itself.

We claim all nations are equal, while propping up some, sabotaging others, and we can all see that nations are not equal. WWII’s devastation increased equality (see “four horseman of leveling” in Quotes). Post-WWII, economists claimed that industrialization forms a natural progression of brief extreme inequality that quickly brings in equality. (This is an obvious lie.) At the same time, economists claimed that it was better to make a nation wealthy than to fix its inequality, and that commerce is a leveling force. “When a rich man sells to the poor, they become equal.” cannot be true, and yet it was the predominant claim.

Quotes

  • “self-love is the great barrier to full human equality” I see in many people, especially myself, a critical lack of self-love, so this stood out to me as worth investigating further. It may not be true, or it may be more true than I am capable of recognizing right now.
  • “Christianity is Communism” If you research when and where Christianity was formed, the people were living under a form of communism.2 The ideals of Christianity are communist ideals, but have been changed and replaced by centuries of adaptation and interpretation.
  • “iron law of oligarchy” In every government, an elite few control all. There are many systems to stop this, but they have all failed so far.
  • “four horseman of leveling” – war, revolution, state failure, disease. These are all common things that have caused increases in equality by hurting everyone.

Questions

  • Does communism only work at small scales? It is implied to have only worked when implemented by communities instead of countries.
  • Does Marxism rely on individualism? The more I learn, the more I see that individualism is the biggest threat to progress. (Ever heard “divide and conquer”? Individualism IS self-division – a destruction of community. It makes us weak.)
  • What makes immigration “good”?3 From my education, I “know” that immigration has always had benefits, but what are those benefits? Why do we call them beneficial? As far as I know, the benefit has always been cheap labor (exploitation of immigrants). I want to challenge my education, and learn more about the complexities of immigration. (There is never a valid reason to stop immigration.)
  • Should we not want greatness? What IS greatness? Nietzsche argued for a constant personal struggle to achieve greatness, and against many institutions that improve equality. If seeking greatness requires sacrificing others, should we ever want it?
  • What was good/bad about the “New Deals”? They compensated for a destroyed economy, and produced infrastructure still used today, but what were the exact short-term and long-term effects?

Further Reading

  • Capital: A Critique of Political Economy by Karl Marx

Footnotes

  1. Fascism relies on exploitation of the unaccepted classes, which often literally involves mass murder, but also makes the unaccepted people leave. This is why fascists inevitably shrink their accepted class.
  2. Romans were the capitalists of their day, exploiting the people that became the first Christians. Communism is a broad and complex subject. In this context, communism is being used unrelated to the way it is used as a classification for modern countries.
  3. A partner reminds me that diversity is an inherent good, and that immigration increases diversity. (At minimum, diversity brings new ideas and perspectives into focus, and increases resiliency.)

(It’s kind of difficult to keep motivation when hard work is unceremoniously destroyed by a glitch..)

Posted on

Facebook: Violating You Is Profitable

Facebook might owe you money. You should find out. June 26, 2023 is the deadline.

Facebook was recently ordered to pay $725 million to USA’s Facebook users active between 2007 and 2022 for privacy violations1. This most likely applies to at least 200 million2 people, but will not be divided equally, and doesn’t account for attorneys and courts taking up to 25% of the settlement as fees, nor the up to $15,000 to be awarded to each of 8 named plaintiffs (probably because they helped get the lawsuit going).

This is an indicator that the USA federal government values its citizens privacy between $2.41 and $3.62. Whether or not this represents 15 years of privacy violations or is closer to a lifetime value, it is woefully below an accurate value. Ironically, you don’t even have to go that far to see that at least one judge in Illinois understands this. In 2021, 1.6 million users were awarded a minimum of $345 each (with a total of $650 million, alarmingly close to the federal judgement).1

How much money did Facebook make off of these privacy violations?

Let’s start with the most generous estimate possible: Over those 15 years, Facebook reported $168.3 billion net income3. As of 2023, they have 2.96 billion users4. If these numbers went together, that’s $56.85 per user. Ignoring that Facebook makes at least 2x more per North American user than any other user5, and estimating that only 10% of their profit comes from these privacy violations, this settlement is 64% of what it should be.

But we can do better than that. In 2017 Q1, Facebook made $17.10 per user in revenue. This is the lowest value I could find over the range, and it went much higher – so it seems fair to use as an estimate. Assuming this is average for the entire period and using 200 million users in the USA, Facebook brought in $1,026 per user. They only kept 29.7% of their revenue in profit, so that turns into $305.30 per user. This time, let’s pretend privacy violation only gives them 5% of their profits. In that case, this settlement is 23.7% of the profit they made.

(Because of how close this calculated value is to the Illinois settlement, I’d argue it’s at least much closer to an accurate value. The Illinois settlement seems unusually correct in the amount of harm done compared to most large settlements.)

This is complicated, and most of the data isn’t easy to find. Even so, you can see the disconnect between corporate fines and corporate profits. Most companies don’t care about the law, because they know they can make more money than they will be fined for violations.

Will Facebook actually pay $725 million?

It may sound like a silly question, but out of 200 million people entitled to a cut of this settlement, how many of us will actually sign up and receive our pay? Not many. The FTC released a study6 a few years back that shows only around 9% of those entitled to large settlements claim their share.

When people don’t sign up, the excess award is sometimes divided amongst those who did sign up – boosting their payment. Other times a designated charity receives the difference (which can be good or bad). The third option? The defendant gets to keep it.7 While the rate of claims is not directly proportional to how much a company has to pay, Facebook could get away with paying $65 million or less depending on how the court ordered this settlement.

(If they get away with that, they are paying at most 2.1% of what they should be paying.)

Sources

(Note: All resources are archived using the services linked to on Archives & Sources.)

  1. Have you used Facebook in the past 16 years? You may qualify for payment. (Because Washington Post has blocked Internet Archive from archiving this article when I tried to archive it, I have made a copy of it here.)
  2. Number of Facebook users in the United States from 2018 to 2027. Obviously this is based on estimates beyond a certain point, but it’s close enough to use for calculations.
  3. Annual revenue and net income generated by Meta Platforms from 2007 to 2022.
  4. Essential Facebook statistics and trends for 2023.
  5. Facebook’s Average Revenue per User by Geography (Q1 2017 – Q1 2022).
  6. FTC’s comprehensive study finds median consumer class action claims rate is 9%. (Reuters’ web design prevented Internet Archive from archiving this page correctly, so I made a copy here.)
  7. What Happens to Unclaimed Class Action Settlement Money?

(And if you’re still here, I find it amusing that Facebook’s net margin is a little below the tech sector average.)

All links on this post have been archived on web.archive.org and archive.is.

Posted on

“Doing Nothing” is a Vital Part of Work

Recently, I saw a video of a construction worker hanging from a crane in Toronto. They’re okay, suffering minor injuries to a hand (though, no one talks about mental health, and I can imagine this was a rather terrifying experience). Their hand became stuck in a cable, which is how they ended up in this position, but I have to ask how there wasn’t another person with a radio present to command the crane operator to put this pallet back down immediately after it became apparent there was a problem (or even earlier, before it became dangerous).

No one has an answer to that question at the time of writing, but it brings my attention to an important part of construction work.. doing nothing. There is a trope of seeing construction workers standing around, apparently doing nothing, and this is often used to justify calling them lazy, and construction overpriced.

The beginning of the following video covers what’s actually going on in these situations very well, but the tl;dw of it is: Things don’t always go according to plan, everyone needs breaks, and looking out for problems is very important. Why wasn’t someone standing around to notice a stuck hand before it became dangerous?

While keeping a watch for safety is a specific job that is only employed for certain activities at certain times, everyone who is standing around is another set of eyes that can notice a problem before it becomes dangerous (or even just.. a problem that will hinder the construction effort), or who can respond in the event of an emergency.

Breaks are important, and supervising takes less effort than physical labor. People standing around to take a break are also supervising the work. They may not have the documents or job title to say they should be watching, but everyone with experience watching activity onsite is helpful.

The above was written in July, shortly after the publication of the embedded video. I have much more to say about work, but it has been half a year without publication. I feel it is important to not leave this draft lying around.

Updated 2024-10-02 to link to how to take a break.

Posted on

A Luke-Warm Political Hot-Take

Back in 2016, I published a blog post1 about the major election results for my state and country (California, USA). While I probably agree with most of my feelings at the time, I know for a fact that I made some bad choices with my votes, and an invalid hot take. I want to revisit this, and respond to it with a little more knowledge and hindsight.

Hilary Clinton vs Donald Trump

The voting system in this country is a joke. The only countries less democratic are those without any voting, and maybe “votes” with only one candidate.. which includes portions of the US. This is a large topic, but one of the easiest problems to attack is the presence of the electoral college. The popular vote doesn’t actually matter, what matters is a select group of 507 representatives. Most of the time, they vote according to what the populace votes for, but not accurately. Fortunately, the National Popular Vote Interstate Compact intends to fix this.

The more immediate problem is who got elected that time. Trump is a moron, and caused a lot of harm.. and that’s even before COVID-19 became a problem. He is directly responsible for the deaths of hundreds of thousands of Americans, and partially responsible for millions worldwide. Of course, every American president has a body count2 3, but Trump is a special level of stupid, careless, and evil.

That said, I’m still not sure he was the wrong person out of the two choices available4. Hilary wanted to go to war with Russia, a decision that could easily be civilization-ending when promoted by a competent politician. Of course, Russia interferes with all US elections, and in this case assisted the winner.

Flavors of Bad

I don’t know much about the particular candidates that ran for Senate and House of Representatives’ seats, but the Republican Party won the majority, and have a history of helping the wealthy grow their wealth at the expense of worldwide suffering. That said, I’m not holding the Democratic Party up as some kind of hero. They are responsible for the majority of the harm that Republicans have not caused, and have a history of pretending to be held up by Republicans when nothing of the sort has occurred.

Californian Propositions

I’m going to skip over propositions I can’t have a valid opinion on, as I lack knowledge on the specifics, with the exception of stating that on the surface 51-57, 59-65, 67 seem like progress. Of these, the following passed: 51, 52, 54-57, 59, 63-65. (Full results.)

58 (English-only schooling) and 66 (limiting death penalty appeals) are objectively bad propositions that passed, discriminating against non-English-speakers and increasing support for state-sanctioned murder. 62 (death penalty removal) might’ve been a good step towards prisoners’ rights – but did not pass. Of course, US prisons are somewhere between a death camp and slavery on average5.

I previously agreed with 58. At that time, I did not realize how much of a discriminatory it is to allow English-only schools. On the surface, it sounds fine, the majority is English-speaking, and should not have to be hampered by provisions for non-English-speakers in areas where there aren’t any non-English-speakers, right? The problem is these areas don’t really exist, and this just hides them farther under the rug6.

Many of us believed that 67 (single-use grocery bag ban) was a positive. I was led to believe that the benefits were grossly outweighed by unintended costs and increases in plastic usage to make reusable bags. For example, it would take a “reusable” bag thousands of uses to make up the difference in environmental impact of its creation vs a single-use bag. This is a feat that is not likely to be achieved. In fact, this post was written poo-pooing this proposition until I went to gather sources.

Turns out, it’s a lot more complicated!7 While the negative facts I’d heard are true, the result of California’s ban is the majority of purchases are being made without any bag use. Turns out, they just didn’t need them for the most part. (It is important to specify that these results are not generalizeable to any population, however.)

I am somewhat conflicted about 63 (background checks for purchasing ammo, prohibition of large-capacity magazines). My gut tells me this is a good thing, because gun control is a good thing. However, I have heard evidence that suggests that these kind of half-assed measures are easily worked around and serve no actual prevention of gun-related harm. At the time I went all-in on my gut feeling, instead of doing more research on the topic. At this time, I have not gone back to check sources to find out if this measure is actually helping.

There is much more to be said, but that also requires research. Please comment if you would like to see that done on these or other political topics.

  1. The original will likely go down as part of a site redesign and holds no value as content, so I’ve created an unlisted paste of it.
  2. That list is obviously outdated, as Trump easily makes the top 5. And that’s without even counting foreign deaths.
  3. Another example: Sanctions, which directly lead to somewhere between thousands and millions of deaths, and much more significant suffering.
  4. History shows that Americans rarely have a 3rd option in presidential elections.
  5. This article on modern concentration camps primarily focuses on more recent events, but offers a taste of what I am referring to.
  6. Languages spoken in California.
  7. ABC News’ article on plastic bag bans. I cannot reliably determine the net effect of California’s prop 67, but it seems to be edging into positivity.

(Note: All resources are archived using the services linked to on Archives & Sources.)

Posted on

Password Security 2.0

(This post has been imported from an old blog of mine, and updated March 2018. It is November 2021 at the time of this edit, and this information is still accurate, up to date, and relevant.)

I made a post a while back about how to check if a user’s password is secure from the programmer’s perspective, but looking at it now, I realized I don’t cover a key concept, and I’ve learned about an additional measure that I really should have had on the list.

How to store passwords?

The number 1 most important thing to do is to NEVER store passwords. Instead, you use an algorithm to store a hash generated from a password. Why? In case you get hacked. If your database is downloaded, and it has user passwords, even if you repair any damage or stop the hack, the passwords are out there! But if you use hashes instead, they can’t be used to login.

How you hash matters though. If you use something like MD5, that’s trivial to crack these days. SHA-1 is a bit more secure, but still has been destroyed in usefulness for security. Which algorithm(s) should you be using?

  1. bcrypt: The current de-facto algorithm for password hashing. It can be changed the strength of the algorithm to create stronger hashes even if computers get faster.
  2. scrypt: Builds upon bcrypt by focusing on calculations that are harder to do on specialized hardware. It also can be changed to create stronger hashes, but the factor used to do this is exponential.
  3. Argon2*: Won the Password Hashing Competition in 2015**, the only reason it’s not on the top of this list is that it is relatively new and not as proven as scrypt/bcrypt. (The biggest weakness with bcrypt at the moment is that it can be relatively effectively attacked with GPUs/FPGAs/ASICs, which scrypt and Argon2 protect against by increasing how much memory is required to compute a password hash.)
  4. PBKDF2: Wasn’t actually intended to be used for security, but is rather slow, which makes for a good hash algorithm. (A big part of hash security is using a slow algorithm.)

It is most often recommended to use bcrypt as it is the most tested and known secure algorithm. It will probably be replaced by scrypt when scrypt has been more thoroughly tested and if vulnerabilities are found in bcrypt. PBKDF2 should really only be used if for some reason you can’t use the other two. If you want to use something else, don’t.

* Was added in March 2018 after some further research into the subject.
** I found a couple of sources claiming it was in 2015, but also one that said 2013. I’m not sure which is correct.

What kind of passwords should be allowed?

This was the whole point of the other post, and the first three items are almost identical:

  1. Must not contain more than 6 occurrences of the same character.
  2. Must be at least 12 characters long.
  3. Must not be equal to or contain your username, your email address, the site’s name, the site’s URL, and associated keywords (like, your actual name on sites that store that info; or “Honda” on a motorcycle forum).
  4. Must not be equal to the 10,000* most common passwords.

The change is to say you should have 12 character or longer passwords, and the addition is checking against the most commonly used passwords. The first measure is because computers are always getting better at cracking passwords, and cheaper. The second is because the first two rules don’t completely stop you from using commonly known passwords like password1234567890 or qwertyuiop1234.

* I say 10,000, but the list really should be just whatever most common passwords list you can get. This is something I need to research further myself.

Sources and Further Reading

These primarily relate to Argon2 since that is what I most recently researched when editing this post. (Note: All resources are archived using the services linked to on Archives & Sources.)

  1. Password Hashing Competition
  2. An brief explanation of results from PHC & notes about attacks against Argon2. (This was another reason I put it lower on the list, though I am not a cryptography expert, so this could be unjustified.)
  3. Several comparisons and discussion about configuring these algorithms correctly.
  4. A bit of arguing and discussion about bcrypt and PBKDF2.
  5. More discussion about Argon2.
  6. libsodium is a library for doing cryptography that I would trust with this kind of thing. I haven’t looked too much at it myself, but I pass the recommendation along from experts I trust.