Tag: You Can’t Cure Stupid

Mistaken Identity

“They all look the same to me.” —Trump Fans

LeVar Burton, the actor who’s best known for his past work in “Reading Rainbow” and “Star Trek: The Next Generation,” is getting bombarded with angry tweets from Trump fans who have mistaken him for LaVar Ball.

The most amusing thing about American politics has to be the fact that all sides have become such batshit crazy extremists that it’s trivial for opposing sides to act as one another. Take this case. Are the people mistaking LeVar Burton for LaVar Ball actually angry Trump supporters who are too dumb to know one black man from another or are they Trump haters pretending to be Trump supporters in order to embarrass their opposition? I’m guessing it’s really a bit of both. However, it’s impossible to know for sure because a lot of Trump supporters are stupid racists (I know it’s a redundant term) who enjoy publicly demonstrating their stupidity and probably can’t tell one black man from another so it’s easy to play them on TV (or the Internet in this case).

There is a drought of intellectuals in American politics, which has lowered the bar for political debate. Arguing over issues and philosophy is no longer the preferred form of political discourse in the United States. Instead character assassination has become the primary tool, which has created a focus on the most idiotic members of each party.

Everything is a Russian Plot

Привет товарищ! I bring great news of the glorious victory of Mother Russia, err, I mean I bring frightening news. Yeah. Terrible news indeed! It turns out that everything you love and cherish is a Russian plot, including Pokemon Go!

One Russian-linked campaign posing as part of the Black Lives Matter movement used Facebook, Instagram, Twitter, YouTube, Tumblr and Pokémon Go and even contacted some reporters in an effort to exploit racial tensions and sow discord among Americans, CNN has learned.

The campaign, titled “Don’t Shoot Us,” offers new insights into how Russian agents created a broad online ecosystem where divisive political messages were reinforced across multiple platforms, amplifying a campaign that appears to have been run from one source — the shadowy, Kremlin-linked troll farm known as the Internet Research Agency.

[…]

The donotshoot.us website in turn links to a Tumblr account. In July 2016, this Tumblr account announced a contest encouraging readers to play Pokémon Go, the augmented reality game in which users go out into the real world and use their phones to find and “train” Pokémon characters.

Nothing is beyond suspect. Your friends could be part of a Russian plot! Your spouse could be part of a Russian plot! Your dog could be part of a Russian plot! Even this blog could be part of a Russian plot! Trust nobody!

The only way to stop the Russians is for all of us Americans to come together and stand behind our government no matter what! Our freedom can only be preserved through blind obedience!

But It Works One Percent of the Time

Both parties become extremely interested in voter fraud when their candidate fails to win. After Obama’s election the Republican Party was up in arms about voter fraud. After Donald Trump won against Hillary Clinton the Democrat Party was suddenly up in arms about voter fraud. While both parties try to approach the problem slightly differently (the Republicans tend to blame illegal immigrants while the Democrats have been blaming Russia), they both tend to favor terrible solutions. Take this system that will be used in Indiana:

A database system that will now be used by Indiana to automatically purge voter registrations that have duplicates in other states is 99 percent more likely to purge legitimate voters, according to a paper published last week by researchers from Stanford University, the University of Pennsylvania, Harvard, Yale, and Microsoft Research. Using the probability of matching birth dates for people with common first, middle, and last names and an audit of poll books from the 2012 US presidential election, the researchers concluded that the system would de-register “about 300 registrations used to cast a seemingly legitimate vote for every one registration used to cast a double vote.”

The Interstate Voter Registration Crosscheck Program is a system administered by the office of Kansas Secretary of State Kris Kobach—the vice-chair of President Donald Trump’s Presidential Advisory Commission on Election Integrity. Crosscheck uses voter roll data from 27 states—pulled every January by election officials and uploaded to an FTP site—to check for duplicate records across states, based on full name and date of birth, as well as the last four digits of social security numbers where that data is collected by voter registration (which is not consistent from state to state).

Somebody finally did it. They managed to have a higher failure rate than the Transportation Security Administration (TSA).

The Interstate Voter Registration Crosscheck Program is yet another failure on a long list of government failures. Like most entries on that list, the magnitude of the failure was only realized after the “solution” was implemented, which raises the question, who is performing the preliminary studies on these “solutions?” I honestly doubt any preliminary studies are even being performed, which is why the list of failures is so long. A system of this size should have involved a significant amount of testing, including a study like the one mentioned in the article, before it was released.

Statists often wonder why libertarians are so skeptical of government solutions. Part of the reason has to do with the fact that the government often fails to perform due diligence. When government tries to find a solution to a problem it tasks handful of bureaucrats, who usually have no expertise in fields applicable to the problem, with developing a solution. They then outsource the solution to whatever crony offered up the best campaign contributions and then blindly accept whatever product it handed to them. If the solution fails to work, the bureaucrats hold some hearings that might result in some poor schmuck at the crony company being forced to step down (oftentimes to go to work for some lobbyist organization). In the end the crony company suffers little in the way of consequences but enjoys a significant profit from doing the initial work. Needless to say, this environment of no accountability breeds poor solutions.

First World Problems

A friend of mine posted the following picture on Facebook:

It really does illustrate a first world problem. Between the militias, III%ers, Neo-Nazis, Antifa, and a handful of other groups there are a lot of Americans who want to be militants. However many (if not most) of these individuals have enjoyed an overabundance of food and a luxurious lifestyle that has allowed them to avoid physical labor so they’re too obese to fight anybody besides other obese Americans.

Everything Evil is Capitalism, Everything Good is Communism

The release of the iPhone X is nearly upon us. Demand appears to be high and it’s doubtful that Apple will have enough units in its initial shipment to satisfy demand. This has lead to prospective buyers coming up with schemes to ensure they can be one of the first to own the anticipated phone. Some will set their alarms to wake them up in the early hours of the morning when the preorder system goes live and others will plan to camp in front of an Apple store to claim one of the first shipped devices. And, of course, a bunch of communists plan to ruin the fun by pointing out that this capitalist ritual is built on the backs of people who are basically slave laborers.

Every time a highly anticipated electronic device is released the communists try to shit all over everybody else’s good time by blaming capitalism for the poor labor conditions in the countries where these devices are manufactured. What seems get lost in their diatribes against capitalism is the fact that the country that manufacturers a lion’s share of these devices, China, is a communist country.

Why is capitalism getting all of the blame here? Shouldn’t communism at least share in the blame? After all, it has apparently failed to elevate the working class of China above the practically slave labor conditions that communists keep complaining about. Isn’t that exactly what communism was supposed to stop?

You can’t have your cake and eat it too. If the evil capitalist Americans are to blame for the demand, then the holy communist party in China should be blamed for allowing their workers to be “exploited” by said evil capitalists.

When You’re Trying to Be Very Smart™ but End Up Looking Stupid

The announcement of the iPhone X was one of the biggest product announcements of the year. Not only is it the latest iPhone, which always captures headlines, but it includes a new facial recognition feature dubbed Face ID. With the popularity of the iPhone it’s inevitable that politicians will try to latch onto it to capture some headlines of their own. Al Franken, one of Minnesota’s congress critters, decided to try to latch onto the iPhone X by expressing concern about the privacy implications of the Face ID feature. This may appear to have been a smart political maneuver but the senator only managed to make himself appear illiterate since Apple had already published all of the technical information about Face ID:

Apple has responded to Senator Al Franken’s concerns over the privacy implications of its Face ID feature, which is set to debut on the iPhone X next month. In his letter to Tim Cook, Franken asked about customer security, third-party access to data (including requests by law enforcement), and whether the tech could recognize a diverse set of faces.

In its response, Apple indicates that it’s already detailed the tech in a white paper and Knowledge Base article — which provides answers to “all of the questions you raise”. But, it also offers a recap of the feature regardless (a TL:DR, if you will). Apple reiterates that the chance of a random person unlocking your phone is one in a million (in comparison to one in 500,000 for Touch ID). And, it claims that after five unsuccessful scans, a passcode is required to access your iPhone.

Franken should feel fortunate that Apple even bothered entertaining his concerns. Were I Tim Cook I would have directed a member of my staff to send Franken links to the technical publications with a request to have a member of his staff read them to him and not bothered giving him a TL;DR. After all, Apple’s time is worth far more money than Franken’s since it’s actually producing products and services that people want instead of being a parasite feeding off of stolen money.

Still I admit that it was pretty funny seeing Franken make an ass of himself yet again.

Safari 11, Multiline HTTP Headers, and NSPOSIXErrorDomain:100.

I was happy when Mozilla announced that it was going to take a serious stab at the browser market again and released Firefox Quantum, a beta version of Firefox that runs significantly faster than the current stable version. So far I’ve been mostly impressed by it. However, Firefox Quantum has one significant flaw, it hogs the CPU. Even when idling I’ve noticed Firefox Quantum processes taking anywhere from five to 20 percent of the available power on one of my CPU cores. I decide to compare this CPU usage against Chrome and Safari, which lead me down quite the rabbit hole.

It all started when I tried to load my blog in Safari. Previous versions of Safari haven’t had any difficulty loading my site but when I tried to load it in Safari 11 I received the following error:

NSPOSIXErrorDomain:100 is about as useless as an error message can get. Unfortunately, Google didn’t provide me much insight. After a series of Google searches I did come across this article, which discusses some problems previous versions of Safari have had with Content Security Policies (CSP). Since I implemented a CSP for this site, I figured it was a good place to start. Low and behold, when I disabled my CSP the site loaded in Safari again.

This confused me since, as I mentioned earlier, my site, with its current CSP, loaded in previous versions of Safari. I thought that maybe one of the fields in my CSP had been deprecated or was misconfigured, which lead me to testing with a very simple one line CSP. When I tested with the simplified CSP my site loaded again. When I added an additional line to my CSP the site stopped loading again. That lead me to suspect the line feed characters. I split my CSP into multiple lines to make it easier to read and edit so it looked like this:

add_header Content-Security-Policy "default-src 'self';
  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com https://s1.wp.com https://s2.wp.com https://stats.wp.com;
  img-src 'self' https://secure.gravatar.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://chart.googleapis.com;
  style-src 'self' 'unsafe-inline' https://fonts.googleapi.com;
  font-src 'self' data: https://fonts.gstatic.com;
  object-src 'none';
  media-src 'self';
  child-src 'self' https://www.youtube-nocookie.com https://akismet.com;
  form-action 'self';";

I know it looks a little wonky since it includes unrecommended values like ‘unsafe-inline’ and ‘unsafe-eval’ for script-src but those, as well as a few other odd values such as the ‘data:’ font-src value, are needed by WordPress, which was developed before CSPs were a thing. But I digress. I decided to collapse the entire HTTP header value into a single line so it looked like this:

add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s0.wp.com https://s1.wp.com https://s2.wp.com https://stats.wp.com; img-src 'self' https://secure.gravatar.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://chart.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapi.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; media-src 'self'; child-src 'self' https://www.youtube-nocookie.com https://akismet.com; form-action 'self';";

After I did that my site loaded in Safari again. Then I reverted my configuration to the original multiline version but changed the standard UNIX new line character \n to the Windows (which is also the standard for the web) \r\n. After I did that my site failed to load again. Safari simply didn’t like new line characters appearing in a header entry.

It seemed that Safari 11 was unhappy with something that every other browser, including its predecessors, are still perfectly happy with. I suspected this was a bug in Safari but decided to do some digging before submitting a bug report. This was a good choice because I was mistaken. Searching for information about multiline headers lead me to this entry on Stack Overflow, which lead me to RFC 7230. Amongst other things, RFC 7230 deprecated multiline header fields:

Historically, HTTP header field values could be extended over multiple lines by preceding each extra line with at least one space or horizontal tab (obs-fold). This specification deprecates such line folding except within the message/http media type (Section 8.3.1). A sender MUST NOT generate a message that includes line folding (i.e., that has any field-value that contains a match to the obs-fold rule) unless the message is intended for packaging within the message/http media type.

It turns out that Safari 11 is adhering strictly to RFC 7230. And as of this writing it’s the only browser doing so. It also turns out that I’ve been unknowingly writing my CSP against the HTTP standard all along.

The moral of the story is if Safari 11 throws an NSPOSIXErrorDomain:100 error, check your HTTP headers to ensure they don’t contain multiline values.

Oh, and if you’re wondering, Safari 11 uses significantly less CPU power than Firefox Quantum. Chrome also uses significantly less CPU power than Firefox Quantum. But it’s worth noting that Firefox Quantum is beta software and its CPU usage may improve before its final release.

Everything is a Big Ol’ Conspiracy

Can anything occur this day and age without people claiming that it’s part of a conspiracy? Almost immediately after the shooting in Las Vegas, before any investigation had a chance to even begin, people were claiming that the event was part of some conspiracy. As with most conspiracy theories, this conspiracy theory is based on spurious evidence. So far the dumbest “evidence” that “doesn’t add up” is news that the shooter used the freight elevator at Mandalay Bay:

Law enforcement sources told CBS News that Las Vegas shooter Stephen Paddock is believed to have used the freight elevator at the Mandalay Bay hotel casino in the days leading up to last week’s deadly attack.

It wasn’t clear what Paddock used the freight elevator for or how often he used it.

How could the shooter have accessed a restricted freight elevator without help from the inside? Obviously this is proof that he had help!

Anybody who claims that doesn’t realize just how poor building security generally is. I’ve used freight elevators on numerous occasions, including in casinos, without authorization. They’re usually “hidden” behind a nondescript door or one with a sign that says “Employees Only.” In almost every case the door is unlocked and the elevator lacks any form of access control. If the owners of the building are really concerned about security, there might be cameras that aren’t monitored by anybody facing the freight elevator doors although even that’s pretty rare.

Another way of gaining access to a freight elevator is to ask the person working at the front desk if you can use it to haul up a bunch of luggage. As it turns out, the person at the front desk who is tasked with making the customer happy will often let you use the freight elevator if it makes you happy. Humans are often wonderfully helpful creatures.

So I’m sorry to report that using a freight elevator isn’t evidence that “doesn’t add up.” It adds ups quite cleanly. Although I suspect that access control on freight elevators will become more common now that this information has been released.