Gotcha Jerks

Part of the political content that lately makes me uncomfortable about discussing political things are the gotcha posts. Someone makes a mistake and another person on the “good side” catches them in that mistake and cuts them down in epic style. (We call  it “owning.”) The one I saw prompting this post was a name redacted Facebook post where someone was glad the GOP is going to end Obamacare but did not realize their ACA insurance would go away as that is from Obamacare. It ended with the “friends” gloating about the post still being up and not deleted after getting owned so hard. I also have seen interviews where Fox News, Daily Show, John Oliver, and Tomi Lahren all shut down someone who was on the other side. It is easy find people on our side who does this kind of thing to people on the other side.

And easy to adopt a superior feeling at catching the people on the “bad side” in their mistake. The thing is people on the “good side” make mistakes too. Both (or all) are doing this to each other over and over in a perpetual pointless cycle. Catching a person in their mistake is going to make them more invested in their side not less. Because they know they made a mistake, they are going to become more invested in proving the other side is wrong.

Both sides are making the other more committed because of this activity. Neither side is getting the other to convert over getting embarrassed online. Conversations between strangers in forums or public spaces are all about catching mistakes to embarrass each other. Friendships on opposite political sides have devolved into replicating this activity, such that it is more important to prove friends wrong than discuss to understand new perspectives.

I am tired of this. I am sure others are too. I bet they thought their side winning the election would end it. That was a mistake because it just means the losing side wants to push harder to prove they indeed still have the moral high ground. And the winning side will push harder to prove they indeed have a mandate to govern. It solves nothing. Growing empathy works leaps and bounds better.

This sat in queue for a while as I tend to let some posts marinate. I ran across this LinkedIn story where a woman let board members think she was the secretary and man coyly asked her for the expert opinion to shame their sexism and felt the comment below by Fred Patterson more eloquently expressed my last point:

This will be my last post to this and as I write I know I shouldn’t continue. I am so confused by what I keep reading. People are so offended by this mistake or misguided move, but yet they revel in it. Joy in the train wreck that is sure to leave someone injured. This is why racism, sexism, etc continue. It is the voyeuristic delight and if it were ever gone that delight will be as unacceptable as the slight was. So many posts of jubilation and so few of TOLERANT understanding that there are people that need guidance. I’ve learned those lessons in my life from coworkers, my sons, someone I’ve never met. They didn’t take joy in it they took time and humbly helped. I’m convinced that the vocal minority doesn’t want this to end because they would have to sit idly by until a new issue appeared. Be kind. Be helpful. Coach. Mentor. Most of all set a great example for others coming up in life. Good luck.

So… Instead of reveling in each other’s mistakes, lets kindly help each other.

LastPass feature request

Ghost in the Shell Laughing Man shirt
Ghost in the Shell Laughing Man shirt

There is no enforced standard for passwords for a web site, so they can be all over the place for requirements. Nor do sites typically explain what are the exact standards before a failure. And then most will state the minimum and types of characters. But, too many leave out the maximum number of characters allowed so I end up experimenting to figure out something as strong as I can get. One of my favorite blogs is Password Requirements Shaming.

Web sites almost certainly record the password to a variable. Hopefully they then encrypt it and store the hash instead of recording the password as plain text. I use LastPass’ password generator to create something typically 40 characters [1] long and try it. Almost always that results in an error that my password is too long and the limit is actually something shorter. There are some frustrations with how sites handle these cases:

  1. It would be nice if more sites would look at the passwords with JavaScript and report if it is too long or too short or have bad characters or do not match both locations. Very rarely do they check that it is too long. Most just check that they match. Letting me know before I submit it, keeps me from wasting my time.
  2. In HTML, maxlength defines how many characters the input element will accept. I sometimes look at the HTML to select what password length to generate, but there is no guarantee that the maxlength is reflective of what will work. It fails to help so much I have gotten out of the habit.

Arbitrariness with password policies probably makes people tend to more insecure practices through simplification. This is The Paradox of Choice.

It occurred to me that LastPass developers could solve this problem for me. If LastPass knew the password requirements for a site, then it could preset the generator to the maximum length that will fit. When I go to create a password for a site, then it could work the first time instead of taking 2-5 tries to find something that finally works. Most users are lazy and would not change the preset, so passwords would tend to be the stronger. [2]

Admittedly, it usually works on the second try once I’ve nailed down the maximum number of characters allowed.

[1] Originally I would try 50 characters, but I eventually relaxed that down a bit. Occasionally, I go through brief periods where I just try 30 or 32.

[2] See Nudge: Improving Decisions About Health, Wealth, and Happiness for how organ donation rates work for how t his would work.

WordPress and SSL

For a while my self-hosted WordPress has been a royal pain in the ass. Trying to compose through the WordPress.com interface through Jetpack would show occasional errors that “Saving of draft failed” or an inability to communicate. Sometimes it was usable, sometimes there were so many errors I gave up and used the site. The site admin interface sometimes made me login every hour or every couple minutes.

I reinstalled Jetpack a couple times. I poked around on the WordPress support forums which I apparently could not search.

So I searched via Google and ran across this How to Fix WordPress Keeps Logging Out Problem article. It dawned on me that I had let my hosting provider setup SSL for the site. The WordPress Address and Site Address fields were using http. So I changed them to https. That seems to have solved the login issues.

I am writing this through the WordPress.com interface and got a failure on saving the draft. So there is something else to make it all better.

Email Changes

Ran across a site where if one changes the email address associated with the account, it sends the confirmation email to the new address.

Say, I am a Blackhat and used a phishing attack to get the password for the account. Having legitimately logged in, I then change the email address associated with it from victim@outlook.com to my blackhatalias@gmail.com. Sending the confirmation to blackhatalias rather than the victim ensures a compromised account will get altered. Strong security would want to prevent the change unless the owner of victim@outlook.com confirms the change.

Though, it does look like an email was sent to victim@outlook.com almost 3 hours after the confirmation saying:

Still scary. The blackhat has probably already made off with the data and done the damage.

I get the temptation to allow users to change their email address to a new one. It will prevent support phone calls because if they no longer have control of the old email account, users can simply change it to another address they do.

Of course, the site in question also does not have Two Factor Authentication. But, then it also is just a support forum. So, the ramifications of losing the account is impersonation at worst. They could ask or answer a question as me or change the profile to say something demeaning.

Redeeming Digital Copies

Every time I go through movies I have bought and try to redeem the digital copy, I suspect the companies make the process so difficult that no one will actually do it. Companies like the gift card racket because they get the money and recipients hold on to them for far too long. Movie companies charge more for movies with the digital copy and make the process of redeeming them so difficult people will not do it.

Five were UltraViolet and one a Disney. All 6 required going to a different web page. Only one worked with the generic UV redemption page. Each other site had me sign in to UV from it. Two made me create accounts in other services in order to link them to UV. The Disney one was the oddest of all, it gave me a code that gave me Amazon promotional credit but was not clear about that so I had to risk buying the same movie at potentially paying more for the digital copy than I did the physical discs to redeem the code. (It did come across as free.)

I guess this is why I let them pile up for a few months before I go redeem them. An hour of work for six movies.

5 Books: Mindset and Outlook

What are the “Top 5 Books” that have molded your mindset and outlook on life?

  1. Nudge: Improving Decisions About Health, Wealth, and Happiness: introduced me to behavioral economics and helped me learn how to disrupt obsessing over indecision.
  2. Loneliness: Human Nature and the Need for Social Connection: counter-intuitively it exposed me to figuring out that my love of solitary time is normal.
  3. The Edison Gene: ADHD and the Gift of the Hunter Child: personalities exist on various spectrums and being different is okay.
  4. The Pleasure of Finding Things Out: The Best Short Works of Richard P. Feynman: intelligent people can be a pain in the ass, but people will give them a pass as long as they get stuff done.
  5. A Whole New Mind: Why Right-Brainers Will Rule the Future: creativity is important in working with data and knowledge for achieving wisdom.

I have done some similar lists to this.

Quasi-Mandatory Voting

Yesterday, in Mandatory Voting I wrote:

In the end, I think finding ways to lower the costs of voting is the best approach. A low participation rate suggests there are problems. Solving those problems would be better than simply punishing people for not overcoming those costs.

Additionally I mentioned:

Certainly, I am in favor of things we can do to make it easier for people to vote like early voting, mail voting, or a national holiday.

Let’s expound on these ideas.

  1. Early voting:  Almost three quarters of states allow voters to cast an early ballot in-person. Some states open an office where people can go to vote in the days prior to the election. Some allow voters to acquire an absentee ballot without an excuse and cast it in the same trip to the office. Essentially it is an in-person absentee. I would love to see all states achieve this.
  2. Mail / absentee voting: Colorado, Washington state, and Oregon all hold elections only by mail. About 20 states require an excuse to vote absentee by mail. It would really helpful for their voters for those to follow the other 27 and allow voting absentee by mail without an excuse.
  3. National holiday / weekend: Tuesday is a bad day for voting for people who work M-F 8-5. My state law requires my employer to give me time off if my schedule does not give me an hour either before the polls open or close. I was in line just before 7am and did not get to cast my ballot until almost 8am. Some employees lack that luxury. Early voting provides some flexibility for people find a day when they can get off work to vote. I liked that my state offered a Saturday option and a county wanted to do a Sunday one. (That latter was deemed politically objectionable because churches might gives rides to polls and potentially influence voters.)
  4. Automatic voter registration: States have ID requirements to vote. My state helpfully asked when I updated my ID if I also want my voter registration updated. I really like the easiness of this. (Why I am not very sympathetic of the person in yesterday’s post who got caught with their registration at their old residence.) But, if the state automatically updated registrations so they match the IDs, then it would help voters and this person could have voted.
  5. Online registration: The flexibility to confirm and/or fix the registration outside of M-F 8-5 would help many voters.  Being able to log into a web site to view my registration status was extremely helpful for making sure I could vote. Not all states are there yet, though they should in the 21st century. My local library also helps people with navigating the site.
  6. Online voting: Given the hacking concerns of this recent election, I know this is a controversial stance.

Review: A Nation of Immigrants

A Nation of Immigrants
A Nation of Immigrants by John F. Kennedy
My rating: 5 of 5 stars

I was interested in reading this because JFK was the grandson of Irish immigrants. The Irish (and Italians, Chinese, and others) at one point were the targets of the kinds of language we saw just recently during the 2016 presidential election. He also was a senator and president who had to consider policy. From what I knew about him, his speeches expressed faith in American ingenuity and ability to tackle the greatest challenges.

This book did not disappoint. Well written, it is an easy read. He explains the history of immigration to the Americas both before and after we became a county. He describes how immigrants brought American systems, shaped values, and influenced our identity. He laments the resistance and advises the alteration of arbitrary immigration policy so that we can bring in the best instead of limiting ourselves to reflecting the demographics of 1920. His prescription seems to have been enacted in the Immigration and Nationality Act of 1965.

View all my reviews

Mandatory Voting

Given the closeness of the recent election, the inevitable complaint about how few people voted are swirling in the national conversation from the losing side. Part of the conversation is the winning party does not have a mandate. The more interesting claim is that if everyone had to vote, then Hillary could have won.

The rationale is that only about 60% of eligible voters did, if the other 40% of voters did so the outcome would have been different. Yeah, I think there is a possibility that if 80-90 million more people voted, then we could see something different. After all that pool of votes is more than either candidate received. Jason Brennan rejected the thought non-voters skew left months before the election:

There’s a widespread belief among Democrats that compulsory voting would deliver more states to Democrats. It turns out that’s not true. The people who vote and the people who don’t vote are roughly the same in terms of their partisan preferences.

Australia has compulsory voting and enforces it. They have about a 95% voting rate which is amazing compared to the 25-60% rate in the USA depending on the type of election. Interestingly enough, they justified the implementation because of only have a 59.38% turnout in their 1922 federal election. I do not know terribly much about Australia, but as a country they seem to doing pretty well. They also use preferential voting, which I think would be an interesting addition to the US voting systems. They also have a parliament, which is different than here, so it might not work the same here.

Given the importance of voting, there is teasing attractiveness to have it compulsory like registering for Selective Service, jury duty, and taxation. “No taxation without representation” does not work as well when representatives were approved by less than 25% of the registered voters.

Certainly plenty of people use the logic that the costs of voting outweigh the likelihood of their vote being the one that decides an election, something called the Paradox Of Voting. Certainly, I am in favor of things we can do to make it easier for people to vote like early voting, mail voting, or a national holiday. It also bothers me when governments implement additional security without taking care that the methods will not accidentally suppress the votes of certain populations.

My girlfriend’s boss’ spouse neglected to move the registration from over 4 hours away and did not realize until the poll workers informed the lack of it. Should a mistake like this result in a fine? It is not much different than forgetting to renew a driver’s license or car tag. I can see umbrage at fines like this causing mandatory voting problems like the resentment at the Affordable Care Act’s compulsory health insurance.

Personally, I think an informed voter is a good voter. Some people on both sides have complained about the voters on the other side being ignorant about reality. There are probably true examples about both sides. Shifting campaigns from playing cheerleader to motivate people to at least show up might mean they can spend more energy on policy and intent. Certainly, I wished more of the media coverage was on the policy and less on the cheer leading. Would voters pay more attention? Or would mandatory voting bring an influx of even lesser informed voters than the current slate?

Something I would also like to see (at least an experiment) is a “reject all” option for candidates paired with requiring a simple majority. Combined with almost all eligible voters participating, a candidate failing to achieve the simple majority would be instrumental. When I go to vote, I can choose not to vote for any candidates. It is not clear whether I made a skipped that ballot item by mistake or neglected to return back to it after voting on others. A specific rejection of the candidates would be interesting. What I heard so much of was that both major party candidates were really bad, but people wanted to prevent the other party from winning. And opposition to voting for a third party because of this. Preventing such candidates from winning by a “reject all” could be interesting.

And an “unclear; reword” to signal constitutional amendments or referendums are poorly designed. In my state people spend an extraordinary amount of time making sure that potential voters understand the language in the brief description on the ballot is misleading. A way to say “I am not going to vote for this because I do not understand it” would be nice. Amendments would have to get a simple majority with the unclear helping prompt voters they should not vote for things that are confusing.

Of course, there ought to be reasonable exceptions to mandatory voting. People whose religions forbid them to vote as an example. Probably there would be contentious objectors. I guess there should be some way to allow for picking who gets to sit out.

In the end, I think finding ways to lower the costs of voting is the best approach. A low participation rate suggests there are problems. Solving those problems would be better than simply punishing people for not overcoming those costs.

My Five Star-Rated Books Read in 2016

So, out of the many books I read this prior year, here are the ones I gave five stars.

  1. To Explain the World: The Discovery of Modern Science by Weinberg, Steven
  2. Thinking: The New Science of Decision-Making, Problem-Solving, and Prediction in Life and Markets by Brockman, John
  3. The Innovators: How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by Isaacson, Walter
  4. Genome: the Autobiography of a Species in 23 Chapters by Ridley, Matt
  5. White Like Me: Reflections on Race from a Privileged Son by Wise, Tim
  6. Roots: The Saga of an American Family by Haley, Alex
  7. Originals: How Nonconformists Move the World by Grant, Adam M.
  8. Eaters of the Dead by Crichton, Michael

I hope to make this a regular feature of the blog.

Last year was a banner year with 14. It looks like 2013 was about equal with 8.