Saturday, November 01, 2014

Ten Things Beginners Must Know About JavaScript

Introduction

No doubt about it–JavaScript is absolutely essential for any web developer. Gone are the days when you could get by with a little CSS and HTML. Fortunately, it has so few rules that it’s dead simple to get started:
alert("Hello World."); // Shows the user "Hello World." in a dialog
That’s it! Many simple tasks can be accomplished with just a few lines of code. There’s no need to import packages, or declare namespaces. You write some code, and it runs. However, the very lack of structure that gives JavaScript its low barrier to entry also enables beginning developers to write unstructured, fragile code without realizing it. As an application grows, this unstructured code will come back to haunt you in the form of unexpected, difficult-to-find bugs.
In this tutorial, I plan to correct some of the common misconceptions and mistakes that cause undue pain for beginning JavaScript developers. Here are a few things every beginning JavaScript developer should know:

1. You can add properties to almost everything

JavaScript has only three primitive data types: String, Number, and Boolean. Everything else (if it’s not null or undefined) can have properties added to it.
Note: Even though String is a primitive type ("hi"), there is another incarnation of String in JavaScript which is an object (new String("hi")). See here for details.
You may have seen something like this:
var a = {}; // create a new object
a.b = 'hello';
In the above code, a.b meant nothing until I set a value to it. Now a has a property called b. But wait, it gets weirder.
var a = []; // create an array
a.b = 'hello';
Great, so now you’ve got an empty array, with a property on it called b.
Caution: Just because you can put properties on arrays doesn’t mean you should. As I’ll discuss later, the above code will change the behavior of for...in loops on that array.
How about this?
var a = function() {};
a.b = 'hello';
Yes, that’s right. a is now a function, with a property. Which brings me to my next point.

2. Functions are objects

More and more languages are getting support for treating functions as values, but depending on your background this may not be at all familiar to you.
function doIfTrue(isTrue, whatToDo)
{
    if(isTrue)
        whatToDo();
}
doIfTrue(true, function() {alert('hello');}); //  alerts "world"
doIfTrue(false, function() {alert('world');}); // does nothing
The function above treats the whatToDo parameter as a function. This sort of pattern allows developers to do some very powerful things like setting up event handlers with very little code.

3. for...in loops iterate over property names, not values

Developers coming from a Java or C# background are used to so-called “foreach” loops, which iterate over all the values in a collection. JavaScript doesn’t (currently) have an equivalent loop. The closest thing, a “for in” loop, has some important differences:
var arr = ['a', 'b', 'c'];
for(var i in arr) {
    alert(i);      // 0, 1, 2
    alert(arr[i]); // 'a', 'b', 'c'
}
As you see, the variable used by the for...in loop gives you the keys by which other values can be found, but you have to perform the extra step of getting the values off of the original object.
Why does JavaScript do this? The main reason is that for...in was not made for arrays: it was made for objects that have properties on them:
    var pairs = {'a': 'apple', 'b': 'banana'};
    for(var key in pairs) {
        alert(key);        // 'a', 'b'
        alert(pairs[key]); // 'apple', 'banana'
    }
Caution: Because a for...in loop iterates over the properties on an object, you’ll get strange behavior if you use the loop on an array that has extra properties added to it, For this reason, you should avoid using for...in loops on arrays–use simple for loops instead. They’re faster anyway.
Note: ECMAScript 6 will introduce for...of loops, which iterate directly over values.

4. Variable scoping

All developers, in every language, should avoid using global variables. But it’s easy to do by accident in Javascript because nobody’s forcing you to organize your code into modules.
var message = "hello world";
alert(message);
If the above code is run all by itself in the browser, it will create a new global property on the window object, called message. That means that if any other code on your site also has a similarly-declared variable called message, they’ll stomp on each other.
In Javascript, all variables declared with the var keyword are scoped to their declaring function. That means if you want to make sure your variables aren’t global, you should put them in a function, and then call that function.
(function() {
    var message = "hello world";
    alert(message);
})(); 
Developers with a background in other languages based on C syntax are used to variables scoped by curly braces ({}). In JavaScript, variables declared with var are “hoisted” to the top of the function they’re declared in. This code:
function sayHi() {
    if(true) {
        var s = "hi";
    }
    alert(s); // alert("hi") -- `s` is still within scope.
} 
… is the same as this:
function sayHi() {
    var s;
    if(true) {
        s = "hi";
    }
    alert(s);
} 
This also means that if you refer to a variable outside the scope of your function, you’ll use the value of that variable at the moment the code is run, not at the moment your function is created. This trips up beginners all the time:
 var thingsToDo = [];
 for(var i = 0; i < 2; i++) {
     thingsToDo.push(function() {alert('hello ' + i);}); 
 }
 for(var k in thingsToDo) {
     thingsToDo[k]();               // alerts "hello 2" twice.
 }
Remember that the variable i starts as a 0 value, but by the time it’s called (in the second loop) its value has been incremented to 2. To capture the value of i when you create the function, you have to create another function scope:
var thingsToDo = [];
function createHelloAlert(v) {
    // `v` only exists within this method call.
    return function() {alert('hello ' + v;} 
}
for(var i = 0; i < 2; i++) {
    thingsToDo.push(createHelloAlert(i)); 
}
for(var k in thingsToDo) {
    thingsToDo[k]();  // alerts "hello 0", then "hello 1".
}
Note: ECMAScript 6 will introduce a let keyword, which will allow you to declare a variable scoped to the curly-braces. This is known as Lexical Scoping.

5. Variables that aren’t explicitly declared can be global

Suppose you remember to wrap your code in a function, but forgot the var keyword:
(function() {
    message = "hello world";
    alert(message);
})(); 
When you set a variable’s value, and you haven’t declared it to be a variable for the current function scope via the var keyword, JavaScript assumes you mean this.propertyName. So the above code is the same as this:
(function() {
    this.message = "hello world";
    alert(this.message);
})(); 
If you’re a Java developer, you’re saying to yourself, “What’s this? No, really. What is this?” In other languages, this means the instance of the class that you’re looking at, but in JavaScript it means the object that your function got called on. If you’d done this:
var a = {
    foo: function() {
        this.message = "hello world";
    }
};
a.foo(); // `a.foo()` means foo's `this` is `a`.
alert(a.message); // outputs "hello world"
… then calling the foo method puts a value on a’s message property. But since our original code snippet is calling a function that doesn’t have anything in front of it, this is given a fallback value of window. You end up creating another global variable just by forgetting the var keyword.

6. Understand how .prototype works

JavaScript uses a special prototype property to solve the problems that other languages use classes to solve. Consider the following:
function Person(first, last)
{
    this.first = first;
    this.last = last;
}
var john = new Person("John", "Doe");
var mary = new Person("Mary", "Deer");
Person.prototype.full = function() {return this.first + " " + this.last;};
alert(john.full());
There are a lot of things happening here.
  1. We create a function, which will set properties on its this object when called.
  2. We create two separate instances of that function by putting the new keyword before our function calls. This ensures that john and mary refer to completely separate objects, each with their own first and last properties.
  3. We create a new function and assign it to the full property on our Person function’s prototype property. The prototype property exists on all functions, and allows you to define fall-back properties that should exist on every object created from that function.
  4. We call the full() function on john. JavaScript sees that the john object doesn’t actually have a full function on it, so it looks for a Person.prototype.full() function and calls that instead. Within that call, however, this still refers to the john object.

7. JavaScript never sleep()s

Many languages support the notion of threads, which allow you to have several procedures running at the same time. The problem is that multi-threading opens a huge can of worms: thread locks and other race conditions that even the best developers have a hard time grappling with.
JavaScript avoids these issues entirely by only allowing one piece of code to run at a time. This is great, but it requires us to write our code in a different way. Most languages create a layer of abstraction over operations where the program is waiting for something to happen. For example, in Java, you can call Thread.sleep(100), and the rest of your procedure won’t run until 100 milliseconds have passed.
When you’ve only got one thread to work with, you can’t afford to have it doing nothing for hundreds of milliseconds at a time–it would freeze up the UI and make a horrible user experience. So JavaScript almost never blocks execution. Instead it relies on asynchronous callbacks to let you say what should happen when an operation finishes. For example:
window.setTimeout(function() { console.log(a); }, 1000);
console.log('hello world');
var a = 'got here';
The above code will first create a “hello world” message (even though that line of code comes after the setTimeout() method), and then print “got here” one second later. Even if we changed the timeout to 0, we know that the a variable will be initialized before getting logged because no other JavaScript can run until this code has finished.
Beginners will often write code like this, and then wonder why a doesn’t have a value:
var a;
$.ajax(url, {success: function(e, data) { a = data; });
console.log(a); // BAD! This line will run before `a` gets set to a value!
Don’t fall into that trap.
There are a few caveats that I should mention.
  1. Not all functions that you pass into other functions are asynchronous callbacks. The following code works just fine, because doIfTrue() calls its whatToDo argument, synchronously, before it returns:
    var a = 'hello';
    doIfTrue(true, function() {a = 'world';});
    console.log(a); // prints "world"
    
  2. alert() is one of very few exceptions to the no-blocking rule–nothing happens until the alert window closes. Even the timeouts freeze! This is one reason that it’s usually best to avoid using alert().
  3. Web Workers can allow you to run CPU-intensive tasks on a separate thread, but they’re structured very carefully to avoid race conditions. Beginning developers rarely need to worry about such things.

8. Automatic type conversions

Like many languages JavaScript does some automatic conversions between types under certain circumstances. For example:
var s = 1 + ""; // yields "1" 
JavaScript takes this a little further than many languages, though, and you can leverage this fact to make your code very concise. For example, instead of if(a != null) {...}, you can just say if(a) {...}. Even though a isn’t a Boolean, JavaScript can tell you want to treat it like one, so it determines whether a’s value is “truthy” or “falsy” and acted accordingly.
Falsy JavaScript values include:
  • false
  • 0
  • empty strings ('' or "")
  • null
  • undefined
  • NaN
Everything else is Truthy.
Here’s another example:
var a = b || c;
If b has a truthy value like “Bob”, that’s the value that a will get. If b is falsy, a will get the value of c.
You can force a truthy/falsy value to become a true/false value by negating it twice:
var trueOrFalse = !!value;
Also, in equality comparison, x == y has some complex rules for converting different value types. This can yield weird behavior, like:
var a = "1" == true; // true: "1" -> 1, which is truthy
And you can use the === operator for strict comparison without automatic conversion.
var a = "1" === true; // false: different-typed values are not equal.

9. JavaScript is code–not data or markup

For simplicity, many online tutorials will mix JavaScript and HTML, like so:

Mixed HTML and JavaScript (bad)

<button onclick="return confirm('Delete this object?');">Delete</button>
This works fine for small tutorials, but it has some serious drawbacks when you’re writing real applications. It mixes the programmatic behavior of the UI elements (represented by JavaScript) into the structure and data that is (represented by HTML). HTML should not be deciding how it interacts with the JavaScript. Instead, separate your JavaScript code from the HTML, and let it decide how it interacts with the page.

HTML

<button data-confirmation="Delete this object?">Delete</button> 

JavaScript (with jQuery)

// Set a click handler for anything with a data-confirmation attribute.
$('[data-confirmation]').click(function() {
    var message = $(this).data('confirmation');
    return confirm(message);
});
As you can see, the JavaScript has now defined the behavior for any element with a confirmation data attribute. This approach, sometimes called “unobtrusive JavaScript,” has several advantages, including:
  1. It usually makes HTML code more concise and readable.
  2. It allows you to declare a UI concept in one place and reuse it throughout your system.
  3. If you decide to change your implementation details (e.g. “browser confirmation dialogs are ugly and inconsistent–we want to use a popup instead!”), you can do this in one place without touching your HTML.
If you’re rendering templates in the browser à la Angular or Polymer, this separation means putting HTML in one part of your file and JavaScript in another. If you’re using a server-side engine like JSP or Razor, you’re better off keeping the JavaScript code in static, cached .js files, away from all your dynamically-generated HTML tags.

10. JavaScript is not just for browsers

JavaScript has clearly come a long way since it was created (purportedly in ten days) in 1995. Now, technologies like node.js allow JavaScript to be run outside of any browser. Some common use cases for JavaScript as a general scripting language include:
  1. Writing server-side code in JavaScript. Ghost.org is just one example of a web application whose server-side code is JavaScript running on node.js.
  2. Building LESS files into CSS. Less.js is the fastest, most accurate LESS converter around, and it’s written in JavaScript. If you use LESS, but don’t want your LESS to get re-translated client-side on every page load, it’s a good idea to pre-build the CSS by invoking the lessc compiler via node.js.
  3. Managing build tasks. What if you want to run unit tests against your JavaScript every time you change a file, to make sure you didn’t break anything? Grunt.js, with its watch and Karma plugins can do that! Or you can configure Grunt to rebuild all those CSS files every time you change a LESS file.
If you’re developing web applications, you’re going to need to learn JavaScript. You might as well apply that knowledge to other aspects of your application too!

Conclusion

Like it or hate it–JavaScript is here to stay. It is currently the de-facto language for building any kind of rich user experience on the web.
JavaScript is powerful, and full of intricacies and nuances. The more you learn about JavaScript, the more you realize how little you actually know about it. But arming yourself with knowledge will help you avoid costly mistakes that are common for beginning developers.
Good luck.

About the Author

I’m a Software Architect with over 7 years of experience in building dynamic web applications. I have a passion for learning, and for helping other people learn. While earning over 60,000 reputation points on StackOverflow, I’ve seen a lot of the simple mistakes that vex JavaScript developers on a regular basis. If you have questions about JavaScript, or programming generally, feel free to reach out to me at https://www.codementor.io/j2jensen
Special thanks to Aaron Frost and the peer reviewers at CodeMentor for their valuable feedback as I crafted this article.

Saturday, September 27, 2014

Provident Funding: Providing you with a false sense of security

As a software developer for web applications, I take a keen interest in Internet Security. One of the more interesting aspects of this field is that there are some practices intended to make a site more secure, which don't always actually improve security. At best, these practices are an unnecessary burden to the user. At middling, they'll give the user and the provider a false sense of security, and make them less likely to notice other, more important issues. And at worst, they'll actually cause a user to compromise his security more by creating workarounds to byzantine policies.

A classic example is password strength rules. For those with enough training in information technology, this simple comic is enough to explain why the password strength rules used by most websites have trained most people to come up with passwords that are hard to remember, but easy to hack.

And in fact, the whole concept of a password is fundamentally flawed: every time you log in, you have to enter your password. That means that any time you use a computer that might have had a keylogger installed, or any time you enter it while someone might have been looking at your fingers, or a video camera might have caught your fingerstrokes, your password is potentially compromised. The very act of entering a password represents a security vulnerability in and of itself. We just haven't figured out a better solution that's convenient enough to work for most people.

I think the standard minimum password length for most websites I've seen recently has been 8 characters, but they insist on you mixing numbers, symbols, and upper- and lower-case letters. The problem is that most people choose ways of adding these elements that are dead simple for a hacker and his tools to guess. So they hardly add any difficulty at all if someone is trying to guess your password. At the same time, 8 characters isn't really enough to prevent the types of attacks that these rules are trying to prevent. This topic is worth an entire blog post of its own.

But as bad as that is, there are occasionally even worse cases. For example:

  1. Until a couple of years ago, American Express's website limited peoples' passwords to 8 letters. You couldn't create a longer, stronger password even if you wanted to!
  2. I once asked the company handling HR for an employer to send me my username, because they'd used an auto-assigned username that I could never seem to remember. A kind lady there sent me an email with both my username and my password in it. And this was the company handling my paychecks! This was at least three strikes against that company all in one go: 
    1. It implies that the company stores passwords in a way that it's possible to retrieve them. 
    2. It means that the people working for this company have the ability to see these passwords (not just have them automatically sent to users, but actually see them.)
    3. Email is not secure, and should never be used to send passwords (except possibly a temporary, random password that you're required to change within a time limit.)
When people managing a web application are making decisions about their security policies, they need to think very carefully about them. Even policies that seem like they'll make things more secure might encourage worse security practices. For example, if you make users change their password every few months, they're most likely going to do one of the following:
  1. Stop using a decently unique password that they would have remembered through muscle memory, and switch to using an easy-to-guess pattern, so they don't have to keep trying to think up a new one every three months. Variants of spring/summer/fall/winter are very common in this case.
  2. Keep using the same basic password, but change it in a predictable way. (e.g. add 1 to a number at the end every time they have to change it)
  3. Put their passwords on a sticky note next to their monitor, at least for the first week or two. (Many people do this anyway, but they'll be far more tempted if they're constantly being forced to come up with new passwords.)
Any time you introduce a procedure that gives the illusion of added security, without actually causing things to be more secure, you create a false sense of security, which can be dangerous. I'd like to highlight some of these false security procedures that are practiced by Provident Funding, a loan servicer:
  1. They stopped allowing users to connect their Mint.com accounts to their Provident Funding accounts. They claim that this is to improve the security of their customers because they don't have any control over what happens to that information once it enters Mint.com.
    1. This might be a valid concern for their customers, but not for the company itself. After all, the company doesn't have power over what users do with their own information that they view on their website either. There's nothing stopping those users from downloading all their statements and sending them to Nigerian con artists, if that's what they choose to do with their own data. 
    2. They used to have this connection to Mint.com. Are they trying to say that they were not secure before?
    3. Mint.com is owned by Intuit, who also provides such products as Quicken and TurboTax. Do you really think that their security practices are going to be anything less than impeccable?
    4. Most users don't actively manage their loan accounts from month to month. In other words, if they could see that they're payments are on track each month using a read-only service like Mint.com, they'd almost never have to actually log in to Provident's website. By forcing users to log in more often, Provident provides that many more opportunities for bad-guys to capture your password. If a bad-guy gets access to Mint.com credentials, they can see what a user spends their money on, but if they get access to  Provident credentials, they can do more useful things like change billing addresses and who-knows-what-else.
  2. Provident forces users to change their password every six months. As mentioned earlier, the practical value of this practice is questionable. But it truly becomes a false security practice when they allow users to reset their password to the same value as before. The site acts like it's got a security procedure, but all it really does is force a user to enter their password a bunch of times. Remember what I said earlier about the very act of entering your password? Yeah.
  3. When changing their password, the user is required to enter their username and password again. I understand requiring the password, but the username is prominently displayed at the top of the page, so asking people to enter it again is completely useless from a security perspective.
  4. Provident's password requirements are pretty close to the same as most websites, as mentioned above, except that the symbol character must be one of the following: !@#$-_. So rather than making the password harder to guess, this actually makes the hacker's job easier: he no longer has to worry that every character might be any symbol--he can now assume that one (and for 99% of users it'll be only one) of the password's characters is one of only seven possible values. 
Now, I appreciate that in some areas, they do adhere to some real best-practices. They don't send your statements to you in an email, for example. But when it comes to false security practices like those above, I have to wonder:
  1. Do they know that these practices are useless, but feel it's important to give users a sense of security just to keep up appearances? If so, that's really annoying and a little dangerous.
  2. Do they actually think that these practices have some value? If so, they're inept when it comes to real security, and we have to wonder what true vulnerabilities they left open while they followed these red herrings.
  3. Are some of these "security practices" signals that they have some really bad practices underlying their entire site, which they've had to work around? For example, are they failing to encode parameters, so they disallow funny characters in your password because they're afraid of little Bobby Tables? Are they blocking Mint.com because they have no confidence in their technical ability to keep an integration endpoint up and running? If so, we have to wonder whether they've got the technical competence to keep our data safe from real security threats.
I brought up many of these issues in an email directly to Provident months ago, and didn't get a very satisfactory response. Since there appears to be no sign of policy changes at this point, I'm hoping a little public shaming will get the attention of someone who cares. Feel free to share with people who are interested in this sort of thing.

Tuesday, September 09, 2014

The Big Fat Fraud

The other day, on Radio West, I heard part of an interview with Nina Teicholz, author of The Big Fat Surprise: Why Butter, Meat and Cheese Belong in a Healthy Diet. For a while, I was fascinated as she recounted various ways that the medical and scientific communities had latched onto ideas about fat and cholesterol, ignoring evidence contrary to those ideas.

The Big Fat Surprise

Teicholz's claim is basically that trying to reduce fat in our diet has had the opposite effect from what was intended. This concept is unsurprising to me. When trying too hard to avoid any one kind of food in our diet, it's easy to replace that thing with even less-wholesome alternatives. I remember a man in a birthing class trying to figure out a good diet for his wife, who was a "vegetarian." It turns out that while she didn't eat meat, she didn't eat any vegetables either, which basically left nothing but processed carb-rich foods on their menu. A recent study showed that a low-carb diet is actually twice as effective as a low-fat diet when trying to lose weight, adding to a mounting body of evidence that we need to stop making fat the bogeyman it has been for some time. In general, it's best to eat natural, whole foods, with as little processing as possible:  Butter is probably more healthy than margarine. Whole milk is probably more nutritious than skim milk or soy milk. Many of the things Teicholz was saying gibed with other things I'd learned. And she came across as very smart, knowledgeable, and convincing.

Pretty soon, though, the things she said stopped "ringing true." I'm not sure exactly when it was. It might have been when she started bashing on plant-based foods. "The evidence behind 'mostly plants,'" she said, "turns out to be quite thin." I may not be a nutritionist, but I'm passably familiar with nutrition science and plant-based diets in particular, and I can say with some certainty that there's a sizable body of evidence showing the benefits of eating fruits and vegetables.

Then a nagging suspicion started forming in the back of my mind as she shared her experiences with trying to set up interviews with some researchers:
I would get on the phone with researchers, and they would say, "If you're taking the Gary Taubes line, I won't even talk to you."
In my experience, when otherwise logical, well-educated people are completely unwilling to talk to someone, there's a reason behind it that's a little stronger than mere institutional bias. How did this "Gary Taubes" earn such a bad reputation in the scientific community? Did he interview researchers, and then take their statements out of context? Did he present the researchers' findings as supporting evidence for claims that they didn't actually support? Is he guilty of pseudoscience--the scientific community's equivalent of blasphemy? And if Teicholz is "taking the Gary Taubes line," then is she doing the same thing?

I remembered that some people will say what other people want to hear, because they know that other people will pay money to hear it. This is just a secular version of what the Book of Mormon calls "priestcraft." One website I stumbled upon claimed to have proof that all the health experts were wrong, and the best diet actually consists mostly of bacon and beer (no joke!), and if you send a check to such-and-such address, they'd send you more information about it. Was Teicholz's book just another incarnation of the "eat drink, and be merry, and everything will be okay" story that charlatans have been selling since time immemorial?

Just another Fad Diet Book

So when I got home, I did a simple Google search: "big fat surprise critical review." And lo, there it was: a huge two part article on a blog titled The Science of Nutrition, which tears The Big Fat Surprise to shreds. In summary:
What makes this particular book interesting is not so much that it is bad (which it is) or that it is extravagantly biased (which it also is). No, what really fascinates me about this book is that the author excessively and shamelessly lifts other people’s material. Most notably Teicholz lifts from another popular low-carb book called Good Calories, Bad Calories (GCBC) by Gary Taubes.
You probably don't have time to read through the whole thing--I didn't. But please go ahead and read a page or two, and then scroll to the bottom to see just how much content there is. You'll get a general idea of just how Nina Teicholz went about misinterpreting evidence, failing to find original sources, taking statements out of context, and so on. As the author concludes:
The issues I bring up in this review are too substantial and too numerous to be ignored. If you were to remove all of the instances where Teicholz deeply distorts a study or publication, and you were to remove all conclusions that she draws from the distortions you would be left with nothing but a pamphlet.
Every few years, it seems, a new book is published telling people about some simple change they can make that will help them lose weight and feel healthier. And every time a bunch of people rave about it, until they forget about it, and end up the same weight they were before. And the only people who really benefited were the author and publisher of the book. Meanwhile, scientific study after study confirms that the only way to consistently lose weight and keep it off is to do what experts have been saying all along: eat a variety of whole, fresh fruits and vegetables, limit how much food you eat, and get plenty of sleep and exercise. Anyone who tells you otherwise is selling something.

Some words of wisdom

Mormons believe in a code of health representing the "will of God in the temporal salvation of all saints in the last days." Revealed in 1833 to the prophet Joseph Smith, the Lord's pronouncement began:
In consequence of evils and designs which do and will exist in the hearts of conspiring men in the last days, I have warned you, and forewarn you, by giving unto you this word of wisdom by revelation
The Lord warned against the use of alcohol, tobacco, and stimulants. It emphasized a diet rich in grains and a variety of fresh fruits and vegetables, even encouraging abstinence from animal meat except when necessary.

When I became a member of the LDS church, I decided to follow this counsel more fully than most Mormons do--for about six years I was a vegetarian. I definitely experienced the blessings associated with this scripture:
 18 And all saints who remember to keep and do these sayings, walking in obedience to the commandments, shall receive health in their navel and marrow to their bones;
 19 And shall find wisdom and great treasures of knowledge, even hidden treasures;
 20 And shall run and not be weary, and shall walk and not faint.
I'm still very fit, despite sitting at a computer way more than I should. But during those years after my baptism I was more healthy than at any other time in my life, and there were several times when I was amazed at how well I could "run and not be weary."

Since 1833, modern prophets have clarified, expanded on, and re-emphasized portions of this Word of Wisdom. For example, the prohibition of tobacco and alcohol has been extended to include illegal substances that didn't exist in Joseph Smith's time, and obedience to the Word of Wisdom is now a requirement to be worthy to enter the Lord's temples. We are also encouraged to use our own understanding to help keep our bodies healthy--for example, many Mormons avoid all forms of caffeine, rather than just coffee and tea.

At the same time, science has increasingly found the basic dietary guidelines from the original revelation to be good, sound advice. When I hear advice that directly contradicts counsel given by the Lord through His prophets, I'm going to choose the Lord's way. In the end, I think the Lord's wisdom will always be found to trump the knowledge of man.

Tuesday, December 18, 2012

Some Perspective

It seems like half the news items and half the posts on Google Plus for the past few days have been centered around the gun control debate. The shooting at Sandy Hook elementary has sparked a firestorm.

Gun control advocates say it's high time we addressed an issue that kills thousands of Americans every year. It's high time we stopped being afraid of the powerful NRA lobbyists, which have been known to spend as much as $100,000 on a single election. It is no longer enough to simply grieve while we accept the status quo. Homicide rates per capita in the United States far exceed those of other nations, especially those committed by firearms.

On the other side, Second Amendment enthusiasts are pushing to allow more guns in schools, in hopes that someone might be on hand to shoot back if this sort of thing ever happened again. Why punish the millions of law-abiding gun-owners, on account of the few nutcases? They argue that if someone wants to commit an atrocity, they'll either acquire guns illegally, or find some other means of harming people: our best defense against such attacks is an armed and trained citizenry.

This topic hits as close to home for me as it does for most Americans: a man was shot in front of our house this year with a gun that was purchased legally, but stored without sufficient safeguards. As much as anybody, I would like to know that my wife, three-year-old son, and soon-to-be-born baby will be safe from such things.

But I think we as human beings have a predilection for reactionism. Some dude makes a stupid movie, and the entire Muslim world is up at arms. Some dude tries to blow up a plane with a shoe bomb, and the entire nation takes off their shoes when we go to the airport. We human beings just love to react--and overreact--to sensational attacks.

Is this a good opportunity for us to talk openly about gun control? Absolutely. I'm ready. But how many other topics are we going to ignore while we wage this particular battle? We Americans largely ignore the enormous death tolls inflicted by wars and other conflicts outside our borders, and even the thousands of innocents that are killed by our own military. Beyond that, there are so many silent killers in the world that destroy lives bit by bit, one at a time, and they go largely ignored because they never have a spotlight moment. Here's just one example:



How many of the people calling for stricter regulation on guns are also calling for stricter regulations on alcohol, tobacco, and other drugs? In my personal experience, some of the most vocal advocates of increased firearm regulation are also the most vocal advocates of drug legalization. And yet, many of the same arguments have direct application in both areas. "We already tried prohibition: it didn't work." "People will just turn to the black market." "At least this way we can collect taxes." And so on.

There's a perception that people who smoke (or do drugs, etc.) are only hurting themselves, and the government should stay out of their business. Others would argue that "no man is an island," and that since society as a whole has to pay for the astronomical medical expenses of smokers, the government has a right and a duty to regulate such dangerous substances.

Aside from those arguments, let's just look at how many people die from second-hand smoke each year in the United States.
So while most of the 443,000 smoking-related deaths could be compared with suicides--in that the smokers are effectively killing themselves--smokers also kill 42,000 other people each year: more than all the firearm-related deaths combined.

Isn't it ironic that over eleven thousand people are murdered with guns every year, but it takes one guy walking into a school and killing twenty children and six adults to spark national outrage? Suddenly there's a hue and cry for background checks on gun buyers (even though the shooter stole the guns from his mother, who probably would have passed a background check). Then isn't it even more ironic that second-hand smoke kills nine hundred babies, every year, but any adult can buy as many cigarettes as they want at the local gas station?
So am I ready to reevaluate our nation's gun laws? Sure. 85 preschool-aged children killed per year is 85 too many. But let's not get so distracted jumping from one sensational news story to the next, that we forget to look at the big picture. Let's get a little perspective. Let's not allocate our precious time and energy, and our legislative human capital, in a way that is orders of magnitude out of proportion with reality. Let's take a proactive, or even a reactive--but not a reactionary--approach to legislation, politics, and everyday life.

Sources:
http://www.childrensdefense.org/child-research-data-publications/data/protect-children-not-guns-2012.pdf
http://www.cdc.gov/nchs/data/nvsr/nvsr61/nvsr61_06.pdf
http://www.ucsf.edu/news/2012/09/12759/secondhand-smoke-takes-large-physical-and-economic-toll
http://www.cdc.gov/tobacco/data_statistics/fact_sheets/health_effects/tobacco_related_mortality/

Sunday, June 17, 2012

Heroes

Last Friday, while I was getting ready for the day, a very dark feeling suddenly came over me. I felt very vulnerable, and I wasn't sure why. I offered a brief, heartfelt prayer, asking that God would protect me and my family, and the feeling went away.

That evening, as my wife and I were getting ready to go on a date, a man was shot on the street in front of our house. My wife called 911, and I administered first aid until the paramedics arrived.

Since then, I've had a few neighbors say, "So, I hear you're the hero." That seems weird to me. I didn't do anything brave. If I had seen any reason to believe the situation was dangerous, I don't think I would have rushed outside. So I've been thinking a lot about what it means to be a hero. This Father's Day, I'd like to take a moment to publicly thank some of the real heroes in my life.



Dad: thanks for being such a great dad. I know I can always look to you for an example of what a man ought to be.

I'm thankful to all the fathers who teach their boys that real men don't use violence to deal with anger. Thanks to them, most people can expect to live their whole life through without having to see a bullet wound in person.

I'm thankful to the men that willingly gave their time to be my scout leaders. They helped me to be prepared to face a medical emergency calmly and correctly.

I'm thankful to the men that act as role models for other people's children. It takes a whole village to raise a child.

I'm thankful to my step-dad. I value many of the lessons he taught me.

I'm thankful to my father-in-law, for raising a daughter that somehow always knows how to bring out the best in me. I'm thankful that he was willing to entrust her to me.

I'm thankful to the men who would be fathers, but haven't been given that blessing yet. Live your life like a righteous father should, and I believe you will be blessed with the children you long for: if not in this life, then in the next.

I'm thankful to the men who find themselves to be fathers unexpectedly, and who are man enough to step up to the plate and be a real dad for their children.

I'm thankful to the men who, when they realize they cannot offer their child the love they deserve, are man enough to let them be adopted by someone who can.

I'm thankful to the police officers, paramedics, and all the public servants who so often give up their weekends, and sometimes even their lives, so that the rest of us can live be safe and healthy.

I'm thankful to the men serving in the armed forces. They are willing to take a bullet to protect us and our freedoms.


Finally, I am thankful to my Heavenly Father, for answering my prayers and keeping my family safe when danger passed so near to us.

If being a hero means that your efforts save lives, then these men are the real heroes in my life. God bless you all.

Monday, February 13, 2012

Lessons learned in water filter shopping

Liz and I just spent our evening researching water filters for emergency preparedness, and hopefully we can save other people some time by sharing what we learned.

First: a filter needs to be 0.2 microns or smaller in order to reliably get rid of giardia and cryptosporidium spores. Most of the filters we found only made it down to about 3 microns (over ten times too big), and would only filter 20 to 50 gallons before you have to replace the filter.

However, Sawyer has a line of systems with a 0.1-micron filter and a "million gallon guarantee." After mulling over the various options, we finally narrowed down our search to these two products:
  1. Four-way 32-ounce system: Comes with a 32-ounce water bottle and adapters for camelbak-style bladder bags and standard kitchen faucets.
  2. Squeeze system: Comes with 3 squeeze bags (1/2 liter, 1 liter, and 2 liter), which can easily be rolled up for compact storage. The filter's can also attach directly to a standard 2-liter bottle.

Both have excellent (though sparse) reviews on Amazon. We ended up going with the first option because of the various adapters that it comes with. For serious hikers, the second one is probably the way to go.

Monday, May 02, 2011

Osama bin Laden is dead

Well, by now I'm sure you all know that Osama bin Laden is dead.

As details emerge regarding the manner in which he was found and the type of place he was in, I am once again struck by just how many parallels there are between the plot of a Tom Clancy novel and the actual events of a few years later.

Tuesday, March 01, 2011

Lessons learned doing taxes

I just finished filing my taxes this year, and I figured I'd share a couple of things I figured out. Actually, I usually figure these things out every year, and then forget them by the time next tax season rolls around.

Lesson 1: Online services are great for Federal Taxes

In past years I've used TaxAct. I decided to give TurboTax a try this year. It felt a little smoother, but almost everything on the Internet gets better after a year, so maybe TaxAct is just as good by now. The point is, they're both pretty good options.

TurboTax offers free Federal e-Filing if you're just using the standard deduction and can therefore use the 1040-EZ form. Then they charge $20 if you're itemizing. TaxAct lets you file your federal return for free even if you itemize, but you have to pay if you want them to e-File it for you.

These online services are nice because you can work on your taxes for a while, save your progress, and come back when you have more time. The information is saved online, where you won't lose it if your computer crashes. You don't have to buy or install any software for your computer. It's really a nice experience overall. As nice as filing taxes can be, anyway.

Lesson 2: Don't fall for the bait-and-switch

The reason these tax preparation services offer to do your federal taxes for free is because they want to suck you into their bait-and-switch trap. After entering all my information for Federal taxes, TurboTax said, "Next we'll copy information from your Federal return to your State return..."

Next thing I knew, I'd entered all the remaining information they needed for my State taxes, and I was all ready to e-File. This is where they pull out the switch: if you want to keep the paperwork they just put together for your State return, that'll cost you another $40 dollars. Ouch! If you don't want to pay the extra money, you'll have to delete your State return before you continue.

When you've done all this work to get your taxes to this point, and you're staring at this big tax return that could be yours right now if you just go along with them, it sure is tempting to just throw your arms up in the air and say, "Fine! Take my stupid forty bucks!" And thus the devil cheateth their souls, and leadeth them carefully down to ... well, to being $40 poorer.

Here's the thing: Utah has a great online tax filing service you can use for free. Once your federal taxes are done, the hard part's over! Just fill in a few key numbers off of the 1040 form you just filed, and don't forget to fill in the Withholding worksheet to tell them how much money your employer already withheld for your state taxes. It takes maybe 20 minutes, and you're done. You get to have the money deposited directly into your bank account for free. It's great! I ended up with the same refund that TurboTax would have given me.

The other bait-and-switch TurboTax pulls is to offer to simply deduct the price of their service from your tax refund... for an extra $25 or something like that. Again, you are exhausted from putting together your tax return, and you're thinking, "What's an extra $25 just to get this over with?" Don't fall for it. It takes all of 2 minutes to whip out your credit card and finish the process.

Lesson 3: There are only two things certain in life

The old maxim still holds true. You probably though that you got out of paying sales tax when you bought all those Christmas gifts on Amazon. Think again.

Federal law makes it so that the states can't require retailers like Amazon to collect sales tax when people outside their home state buy things from them. However, most states (including Utah) have a "Use Tax" that applies to anything you buy to use in the state. If you didn't pay sales tax when you bought it, you have to pay when you file.

This is where you get mad at me and say that you would have been better off not knowing this. Ignorance is bliss and all that. But you cannot be saved in ignorance. Do the right thing.

All major online retailers have a way to look up your past invoices. Take the time to go through them and figure out how much you owe. It probably won't be all that much unless you bought something incredibly expensive last year. You'll feel better knowing that you're not cheating society, and blessings will follow.

By the way, if the items you bought were for use outside the state, they don't qualify for the Use Tax. For example, if you bought a watch for your cousin who lives on the East Coast, you don't have to pay Use Tax. I interpreted this to mean that Amazon gift cards and such don't apply either, because they will be used for purchases on Amazon, which legally take place in the state in which Amazon does business. If they are used to buy something for use in Utah, then the purchaser would be responsible for paying the use tax on that item.

Thursday, February 03, 2011

The Holocaust was not a religious conflict

It has become increasingly clear to me lately that far too many Americans are under the impression that Nazis were largely motivated by religion to exterminate the "Christ-killing" Jews. I urge anyone listening to learn the truth (http://en.wikipedia.org/wiki/Religion_in_Nazi_Germany is a good place to start) and educate their friends.

The reason I believe this is important is that people make important, life-changing decisions based on their understanding of the past. The Holocaust is generally used as an example of humanity's worst. It's not that the Holocaust is somehow unequaled in terms of atrocity, but in our Western European-centered culture we rarely look far enough back in history, or far enough around the curve of the world, to get the "big picture." So we focus on the Holocaust. If we are under the erroneous assumption that religion caused the Holocaust, we are more likely to become irreligious, or even anti-religious, both personally and as a nation. In my opinion, this would be counterproductive and dangerous. And if you think that a democratic nation for whom religion has played such an enormous role couldn't possibly become anti-religious, the rise of Nazism (anti-religious) in Germany (formerly a democracy, and seat of the Reformation) should be sufficient to show otherwise.

However, if we follow the research that's been done on such atrocities, we can focus on things that really will help us to prevent another Holocaust: limiting governmental power, promoting democracy, and resisting war.

Friday, May 21, 2010

MobiPocket to Kindle format converter


Update (1/3/2012): Overdrive now supports lending directly in Kindle format, so this program is no longer necessary. I'll probably leave it up for a year or two in case anybody finds a use for it, but I am officially declaring it deprecated. If you find that it's still useful for you, please leave a comment to that effect and I'll consider leaving it up longer. I'd like to thank everyone who provided feedback in the form of bug reports and suggestions, and especially those who purchased items through the Amazon links in the program. It was an honor for me to be involved in producing a piece of free software that helped people enjoy free, legal, quality entertainment. Cheers!
Update (6/19/2012): It sounds like folks in Canada aren't getting the automatic Kindle conversions, so I'll leave it up a while yet. Thanks for the feedback. 

Liz and I recently found out that our local library system allows us to check out electronic books. This seemed like a perfect opportunity to use the Kindle I won in a contest at work, until we realized that the Kindle doesn't natively support any of the formats that we could get the books in. Some quick Googling revealed that Amazon actually owns MobiPocket, and the Kindle uses the MobiPocket format, with two tiny differences:
  1. The file name extension is changed to .azw
  2. A flag in the file's metadata is changed to indicate that the file is for the Kindle
I found a post by Igor Skochinsky, who provided python scripts that could figure out your Kindle's MobiPocket PID and convert a MobiPocket file registered to a Kindle's PID to work on the Kindle. But most people don't know how to run python scripts. So I set to work to create a user-friendly front-end for it.

(You will need to install the .NET 4 Framework from Microsoft if you don't have it already)

Here's how to use this program:

The following steps will only need to be performed once for each Kindle:
  1. Open the program.
  2. Click the "Add Device" button to bring up the Add Device window.
  3. Enter your Kindle's serial number. When you finish "Kindle" option should automatically be selected, and a PID should be generated. If it isn't, you've probably entered too many or too few characters: double-check the serial number.
  4. Click the Add Device button to add the PID to your list of devices.
  5. Log in to your library's eBook site and register this PID as a new device on your library account. That way, when you download MobiPocket eBooks they will have a flag on the file indicating that your Kindle is allowed to read the file for the next few weeks.
These steps are necessary for each ebook you check out from the library:
  1. Use the "Browse" button to find and select your downloaded file.
  2. Click the "Convert" button, and choose where you want to save the Kindle-compatible file. If the file you convert does not have your Kindle's PID associated with it, the program will abort with an error message indicating as much. Otherwise you should get a success message.
  3. Connect the Kindle to your computer, and copy the saved (.azw) file to its "documents" folder.
Once the file is copied to your Kindle, you will be allowed to read it until the library's due-date. After that, the Kindle will cease to read the file.

The MobiKindle program will automatically check for updates each time you run it, and will give you the choice to install the update automatically. I've made a few enhancements since the original version.

Current features include:
  • Easy to use
  • Generates Kindle PID from Kindle serial number
  • Saves your Kindle PID(s) for future use. **NEW**
  • Prevents certain data-entry errors by only allowing capital letters
  • Automatically detects Kindle type when you enter your Kindle's serial number
  • Converts MobiPocket (.prc) file to Kindle (.azw) format
  • Unobtrusive advertisements for Kindle books on Amazon. If you use the link to get to Amazon and buy a book while you're there, I'll get a piece of the profits.
A bug in the original version caused some people to get a "The selected item could not be opened..." message if they copied the file to their Kindle before exiting the MobiKindle program. This bug has now been fixed!

Now, just to clarify:
  • The Kindle will natively read MobiPocket files that don't have DRM. For example, if you get a MobiPocket file from the Gutenberg Project, you don't need to use this program. Just copy the file onto your Kindle.
  • From what I understand, you won't be able to register your Kindle with MobiPocket.com. The Kindle PID always has an asterisk (*) in it, and it won't be accepted there. However, many libraries have an eBook lending system set up with Overdrive.com, which does accept Kindle PIDs.
  • This program does not (and never will) modify the DRM on a MobiPocket file. It doesn't "unlock" the file to be used in any way that it was not intended to be used.
  • I won't build any spyware or anything into the program, and I will always be careful to make sure it doesn't do anything you wouldn't expect. However, sometimes accidents happen. In using this software, you're agreeing not to hold me responsible for any harm that comes of it.
  • The program saves your Kindle PID in a config file, but you can remove the devices and they will be removed from the config file. No information about your device or your books gets sent to me.
  • You should make sure you're okay with Amazon's privacy policy, since I include their advertisements.
  • When sharing this program, please send people to this web page. Don't use a direct link to the installer. (But please, share this program with anyone you know who has a Kindle!)
For the geeks out there: this runs on the .NET framework. I began using .NET 3.5, but soon found that things were much, much easier using .NET 4.0 thanks to the new "dynamic" keyword in C#. The program literally includes Igor's python script and runs it in an embedded instance of IronPython.

I'd like to thank:
  • My wife for her patience with me as I continue to spend many late nights on this and other pet projects.
  • Igor Skochinsky for providing the real brains in this program.
  • The users that have reported bugs and helped me to improve the quality of this program.
  • Dropbox.com for providing a free, extremely easy way to host the installer. (Click here to sign up and they'll give you extra space)
  • Amazon for making the Kindle
  • My work for giving me a Kindle, programming experience, and access to development tools
  • Microsoft, for the "dynamic" keyword
  • The IronPython team
Please post your thoughts, and additional ideas for features on this blog posting. When reporting bugs, if you will leave an email address with your comment, and then respond to my emails, it will help me to figure out what's wrong.

I should also have mentioned that I'm using the ClickOnce (or some such) deployer that comes with Visual Studio to create the installer for this program, which requires you to have a working Internet connection when you install it. There are a number of reasons I felt this was reasonable:
  1. It was free.
  2. It was easy.
  3. It makes it really easy for people to install and run the program.
  4. It makes it really easy for people to keep the program updated.
  5. You can't be reading this web page without Internet access.
  6. You can't rent MobiPocket books from the library without Internet access.
  7. You won't see the Amazon advertisements without Internet access.
If you're too paranoid to run programs off the Internet, I would recommend figuring out how to run Igor Schochinsky's python script: that way you can see exactly what the code is doing to your computer.

If you are still getting the message, "The selected item could not be opened. If you purchased this item from Amazon, delete the item and redownload it from Archived Items available in Home": The problem is probably that your Kindle doesn't know the current date, so it thinks that your book hasn't been checked out yet. Please connect your Kindle to the Internet for a few seconds so that it can update its current date and time, and that should fix this problem.

Tuesday, September 22, 2009

Costco sued over fuel temperatures: Lawyers get paid, customers don't

I just got a notice from Costco regarding this class action lawsuit. Ridiculous! For those who don't want to read the whole thing, here's the main idea:

You buy gas by the gallon. Try filling up a gallon jug with hot water, and putting it in the fridge for a while. When you take it out, open it up, and you'll find there's room to put just a bit more water in. Why is this? Because cold water takes up less space than hot water. So if you go to the gas station and fill your gallon gasoline jug in the middle of winter, and then take the jug home and heat it up, you'll end up having more than a gallon inside! Likewise, if you go there in the middle of the summer and then take it home and cool it down, you'll have less than a gallon in there.

So these lawyers decided they should sue Costco, on behalf of anyone who bought fuel there on a warm day, because if you buy a gallon of gas at 80 degrees, you won't get as much gas as if you'd bought a gallon of gas at 60 degrees. Obviously, this is a frivolous lawsuit, but Costco has decided that they would spend more money fighting it than settling.

Here are the terms of the settlement:
  • Costco will pay the lawyers up to ten million dollars for suing them.
  • Costco will pay to tell all their gas customers that the lawyers are suing Costco on the behalf of their customers.
  • Costco will pay to update their pumps with fancy detectors so that if you buy a gallon on a hot day, then you'll actually buy a little more than a gallon.
  • (Costco customers don't get any money out of the settlement)
People shop at Costco because Costco has lower prices than just about anywhere else. What do you think Costco will do to make up for the cost of this lawsuit? Cut corporate bonuses? I don't think so. They'll charge more at the pump. So we customers are hiring lawyers to sue Costco to raise prices so they can pay the lawyers. Does this sound right to you?

Fortunately, there is something we can do about it. Look at the very bottom of section 5:
If more than 2,500 people opt out of this settlement, Costco has the right to cancel the settlement.
If you're not in the mood to reward these self-serving lawyers for their troubles, take a moment to exclude yourself:
To exclude yourself from the Settlement Class, you must send a letter by mail saying that you wish to do so. The request must state: “I request that I be excluded from the Settlement in In re Motor Fuel Temperature Sales Practices Litigation, MDL Docket No. 1840.” You must also include: (1) your full name and current address; (2) your signature and (3) proof of gasoline purchase from Costco after January 1, 2001. You must postmark your exclusion request to the address below no later than February 23, 2010:

Settlement Administrator
P.O. Box 12985
Birmingham, AL 35202-2985
I imagine that a printed bank statement with your Costco fuel purchase circled will suffice for a proof of purchase. Godspeed.

Friday, August 21, 2009

Mike Leavitt on "Co-ops"

I just read this informative article by Utah's former Governor Leavitt. I agree with a lot of what he says. Liberals seem to act like a vote against Obama's plan is a vote against healthcare reform. I can see why they say this, since Obama's plan is the only plan that has any chance of getting passed anytime in the next several years. However, it's not like conservatives are just plugging their ears and saying, "No, things are just fine as they are." Everybody who knows anything about the debate seems to agree that healthcare reform is necessary, but conservatives and liberals have a different idea about how it should be done. I have yet to be convinced by either side, but I'm leaning to the right at the moment. Does anybody have convincing evidence (not "arguments," but actual "evidence") that one side or the other is right? Please post a response if you do.

Thursday, June 25, 2009

Pornography and Freedom of Speech

This is a followup to my earlier posting about Internet Filtering. Promoters (i.e. sellers) of pornographic material have long argued that banning or restricting pornography is in violation of their freedom of speech/freedom of press. However, it has been my experience that the pornography industry has gone out of their way to push pornographic content into the faces of people who would very much rather not see it. If cigarette companies put nicotine in our drinking water, we'd be furious. People have a right to choose whether they want to smoke cigarettes, and we wouldn't put up with such underhanded tactics to addict the masses.

The fact is, pornography is an addictive substance, which addicts people by sight, rather than having to be taken into their bodies. By making it appear on non-pornographic websites, the pornography industry is seeking to addict people who did not want to get involved with pornography in the first place. Rather than promoting our choice to seek their wares, they are trying to take away our choice not to. They are not respecting our rights, and cannot rightly pretend that they care about us. I see no reason to respect their "freedom of expression" if they cannot respect others' freedom from repression.

Now that I've said that, I feel it is important to point out how China is seeking to use the battle against pornography as a front for really restricting freedom of the press. Seemingly out of nowhere, they've suddenly ramped up a supposed anti-pornography campaign recently.


The same public security agencies charged with fighting pornography are responsible for suppressing illegal political activity, said Nicholas Bequelin, a researcher in Hong Kong for Human Rights Watch. The government’s statistics for seizures of illegal publications tend to include both pornographic and political documents, he noted.

Stealing code from U.S. companies, they threw together a slipshod piece of internet filtering software, announcing that the software would have to be added to all computers sold in China starting July 1.

Then they started a smear campaign to make it look like Google is spreading smut across their glorious nation. Someone in Beijing arranged to enter the search term "abnormal relationship between son and mother" a whole lot starting just a few days ago, in order to make it a popular term. That way, when they typed "son" into the search engine during a television broadcast, guess what appeared in the suggested search terms? (In China, the government owns all of the television stations).

By painting Google as a public menace, China is preparing to block Google, in order to limit their citizens' access to information about whatever they're planning to do next. What are they planning to do next? I don't know. But good money says that it won't be the "popular" or the "right" thing by our standards. Again according to the New York Times:
Liu Xiaobo, one of China’s best-known dissidents, was formally arrested Tuesday on suspicion of subversion, six months after he was detained for joining other intellectuals in signing a document calling for democracy. Earlier this month, the authorities refused to renew the licenses of more than a dozen lawyers after they agreed to represent clients in human rights cases.
I don't know what we as American citizens can do about this, but the first step is to recognize that there is a problem. Spread the word. Make sure people aren't fooled by this sudden anti-pornography mask that China's government has donned. I still maintain that this campaign will hurt China in the long run, and hurting China will hurt the United States as well. The last thing the world needs is a nation the size of China with the leadership style of North Korea.

Tuesday, June 23, 2009

Public Healthcare

According to the Associated Press, President Obama is arguing the merits of a government-run health plan by pointing out that if it hurts the private insurance industry, "It's their own fault."

His argument goes like this: You set up a government-run plan to take care of the people that would like to sign up for it. The worst thing that could happen is that nobody signs up, and then we're in the same place we were before. On the other hand, if people sign up with the government healthcare plan, that shows that the private industry isn't capable of competing with the clumsy government bureaucracies that they love to hate, and they deserve to fail.

The important point that President Obama failed to address is the fact that the government-run health plan will be funded by taxpayers who don't sign up for it, whereas the private plans are funded entirely by the people who are signed up for them. If the government plan were to rely entirely on proceeds from its premiums, then his point would be well taken. That would be the ultimate contest between government bureaucracy and private business. But since this isn't what he's proposing, his argument is paper-thin.

Think about it. Let's say you have two insurance providers to choose from. For an average customer, Provider A will collect $100/month in premiums, pay out an average of $60/month to cover their patients' healthcare costs, spend $20/month for administrative costs, and pocket $20/month as revenue. Provider B is less efficient, but isn't looking to turn a profit, so they pay out $60/month and spend $40/month for administrative costs. Everybody has to pay Provider B $20/month regardless of whether they use their service, so the premiums they charge will depend on how many people sign up with them:
  • If one person in five signs up, they break even (five people pay them $20 for every one that signs up), so they don't charge any premiums. If fewer people sign up, they can start paying out more and still don't have to charge premiums. How can Provider A expect to get any business?
  • If four people in five sign up, Provider B has to charge $75 in premiums. Provider A could forego their profits completely and still end up losing $5/month.
This scenario assumes that Provider A is more efficient, but is just out to turn a profit instead of providing better care. Obama's theory seems to be that Provider A is less efficient, and is also greedy. If he's right, then why can't Provider B compete without taxpayer money?

Some people might argue that Provider A currently makes so much money that simply having Provider B as an option would force them to reduce their prices so that they make just a little bit of money while still providing good service. If that were the case, why wouldn't Provider C have already tried it? If they can get more customers than Provider A, they wouldn't need to make as much money per customer in order to make a good profit. Simple supply and demand principles dictate that in a free market, companies can't really be making that much money per customer, or else some other company would come along that was willing to make slightly less and undercut them. The same principles say that in a free market, companies can't really be that inefficient, or some other company would have come along that could charge less and still turn a bigger profit. The only time these principles fail is when companies collaborate in price-fixing schemes or other similar practices.

I'll be the first to admit that something ought to be done about the healthcare situation in the United States. We're spending more than just about anybody in the world, and we're no healthier for it. I'll also admit that insurance companies are a part of the problem. But I can't imagine how replacing them with a government organization could help solve the problem. Our government is so heavily influenced by industry lobbyists, is it hard to imagine the government healthcare plan only covering drugs or services that are heavily supported by lobbying, while ignoring more effective, less expensive alternatives?

Saturday, June 13, 2009

Internet filtering

I'm all for Internet filtering software. I personally use Blue Coat's K9 software, which is free and quite powerful. Apart from helping me to avoid seeing as many racy images on the Internet, it has probably saved me from a few attacks on my computer. I search the Internet a lot in my work, and every now and then my search results brought up a shady website--the kind that tries to install malware on your computer--which K9 was able to warn me about.

But I think China has gone too far with their Green Dam-Youth Escort program. They are requiring that every computer in China be shipped with this software installed. The reason is probably two-fold. First, it helps to protect their youth (and probably a lot of adults) from a degrading and addictive substance that would undoubtedly cost their GDP millions (at least!) through lost productivity. Secondly, it gives the Chinese government an easy way to control the information that is available to their users. In the past, they've resorted to blocking Google itself, just to prevent their citizens from finding information about opposition parties during an election. If they control filtering software that's been installed on the majority of the computers in their country, that gives them much more power over what information their citizens are accessing.

But even if China didn't have a history of blocking information from their citizens, and even if we had no reason to believe that's how this software would be used, this is still a bad move, and it will come back to bite them if they go through with it. Why? Whenever you have a piece of software that you install on a significant number of machines, you are opening yourself up to hacking attacks. Microsoft has had to invest fortunes in order to try to patch the security holes in Windows, because their operating system is so ubiquitous that it's an obvious target for hackers. Think about it: if you want to infect the largest number of computers possible, are you going to spend time finding a security hole in some program that only one computer in a hundred has installed, or a program that 88% of the world's computers use? Even if the other program is much easier to hack, it won't give you nearly as much bang for your buck. So if you're going to require that all computers in China ship with certain software installed, you'd better be putting a lot of money toward making sure it's secure.

And China obviously hasn't made any serious effort to do so.

In fact, rather than having their own security experts design this software from the ground up, they apparently stole big chunks of a California-based company's filtering program to make it. With such obvious corner-cutting, you can expect that the software would be extremely fragile. And indeed it is. A University of Michigan professor and his students were able to successfully infiltrate a computer with this software installed within just a few hours. So what China is effectively doing is filling their country with computers that any decent hacker could bend to his will.

That's not the kind of move you'd expect from a nation that has gone to the effort of hacking key systems in the United States, just in case they ever need to hurt us. Obviously somebody in the Chinese government understands the threat that hackers can pose to a nation. Anti-Chinese elements could deal enormous damage to China's economy simply by hacking their computers and making them crash continuously. Professional spammers could attack the vulnerable computers in a way that forces them to load up the very sites the Chinese government is trying to protect their youth from seeing. The entire nation's computers could become a vast digital robot army that can be used to attack other computers around the world.

Of course, it probably won't get that far. Once all the new computers start crashing, either the Chinese government will realize the error of their ways and backtrack, or the Chinese people will get smart and uninstall the program first thing. The question is, how much damage will the government allow before they are willing to admit their mistakes?

As Confucius said, "An oppressive government is more to be feared than a tiger."

Friday, May 08, 2009

The No-Choice Movement

By now, we've become familiar with the "pro-choice" versus "pro-life" movements. Most people use the name preferred by each of these movements, because it's absurd to think that anyone might be "anti-life" or "anti-choice." It's more a question of whose choice (and whose life) you value more. That's why I thought it was so hilarious when I read the following excerpt from Jasper Fforde's Thursday Next: First Among Sequels:
With a nation driven by the concept of choice, a growing faction of citizens who thought life was simpler when options were limited had banded themselves together into what they called the "no-choicers" and demanded the choice to have no choice... The no-choicers suggested that there should be a referendum to settle the matter once and for all, something that the opposition "choice" faction had no option but to agree with. More sinisterly, the militant wing known only as NOPTION was keen to go further and demanded that there should be only one option on the ballot paper--the no-choice one.

The wit and absurdity of it all really struck my funny bone at the time. But today I stumbled across this article where prominent blogger Joel Spolsky argues that choice is a bad thing. He basically rails on the Microsoft Vista team for not unifying all of Windows' shut-down options into a single "b'bye" button. "The more choices you give people," he argues, "the harder it is for them to choose, and the unhappier they'll feel." So rather than giving you the choice between, say, switching user accounts and physically turning off your computer, the computer should pretty much decide what to do for you. "If you're concerned about power usage," he says, "let the power management software worry about that. It's smarter than you are." Nevermind the fact that the changes he suggests would require changing the actual hardware on users' machines; the blame for this interface falls fully on the "whole team of UI designers, programmers, and testers who worked very hard on the OFF button in Windows Vista."

Having seen someone so blatantly arguing for a no-choice approach to things, I got to thinking about the way we as Americans have been systematically voting for the government to take away our choices. For example, if someone wants to have a home birth like we did, it's illegal in several states for a midwife to come and help them.

I look at France, where the educational system is designed to educate children to the highest level that they can attain to, and therefore you will go to the school that you test into. If you're bad at taking aptitude tests, you'll be sorting mail for the rest of your life, no matter how motivated you may be. And, frankly, I see the United States going in that general direction, as we pump more money into the public school system, without allowing parents to choose other alternatives. In California, it's technically been illegal for parents to home-school their children for a long time, but nobody seemed to notice until a judge recently ruled that "parents do not have a constitutional right to home school their children."

Keep an eye out, as you go through your day-to-day life, for other areas where you've either given up your freedom of choice in exchange for security, or had it taken from you legally. You'll find that the problem is more pervasive than you realized. The people behind it would never call themselves "no-choicers," but a rose is a rose.

Saturday, April 18, 2009

Mormons and Soup Kitchens

I volunteered at the local St Vincent de Paul soup kitchen this morning.  I normally wouldn't go squawking about that sort of thing, but I read a forum posting recently where someone was criticizing the LDS faith and its adherents on the grounds that he had never seen a soup kitchen founded by a Mormon, and I wanted to clear up the facts regarding Mormons and soup kitchens.

The biggest reason that you don't hear about Mormon Soup Kitchens is that the LDS Church has a different way of providing support for the needy.  Every month, faithful LDS members fast and pray for a period of about 24 hours.  They then donate at least as much money as they saved by not eating during that period in the form of fast offerings.  Members who don't have money, such as farmers in third-world countries, can donate the food itself.  This money and food is then used to provide welfare assistance, beginning within the boundaries of the ward or branch, with the surplus spilling over into more general funds until it can be used the world over.

Welfare from the LDS Church is distributed under the direction of local bishops or branch presidents, who can call on the resources of the so-called Bishop's Storehouse to provide food, money, and other necessities to those in need.  Such welfare is extended to members and non-members alike, but is not given as a dole.  Except in very particular cases (e.g. a widow who has no family to support her), church welfare is viewed as temporary assistance, not a permanent commitment.  It is only to be used long enough for the person or family to become self-supporting and sustainable.  People who accept welfare from the church are also generally required to do something to in some sense earn the goods they are receiving.  For example, an able-bodied man may be asked to do yard work for a local widow each week.  He may be receiving far more assistance than a few hours of yard work would fetch in an open market, but it gives him the dignity of feeling that he is doing what he can to give back.  It helps to avoid giving the recipient a sense of entitlement.

The last time I went to the soup kitchen, one of the volunteers there mentioned that they used to require the homeless people to help out with either the serving or the cleanup in order to qualify for the free food they were getting.  But the ACLU caught wind of it and sued them for slave labor, and so they had to rely on volunteers for these duties instead.

The local LDS leadership helps to furnish these volunteers by assigning each ward to provide a certain number of volunteers in a rotating fashion.  The man running the soup kitchen told us that if it weren't for the support of LDS members who volunteer from wards around the valley, they would have had to close shop a long time ago.  In addition to providing manpower, the LDS church also donates food to the soup kitchen.

So if someone tries to tell you that Mormons aren't charitable because they don't start soup kitchens, just remember what Atticus Finch says: "You never really understand a person until you consider things from his point of view, until you climb inside of his skin and walk around in it."  It is easy to overlook the many, many good deeds done by the LDS church and its members, largely because many of these deeds are done quietly, without the left hand knowing what the right hand doeth.  I have learned more and more that what someone says about other people tells me far more about the person speaking than the people he's talking about.

Or I suppose you could follow Jack Handy's rule: "Before you criticize someone, you should walk a mile in their shoes. That way when you criticize them, you are a mile away from them and you have their shoes."  ;-)

Friday, April 10, 2009

Rights, Privileges, and State Bill 81

The local news has been making a big deal about Utah's State Bill 81, a new immigration bill. Frankly, I hadn't heard anything about it until I started hearing stories like this, stating that the Salt Lake City police chief has warned legislators that his department will refuse to enforce it. It seemed odd to me that none of these news reports mentioned what the bill actually did. They only quoted the police chief refusing to make his officers into immigration agents. So I looked up the full text of the bill to see what the big deal was. It seems to do a lot of things that seem like common sense to me. For example:
  • If someone is booked into jail for "driving under the influence," the county sheriff is expected to make a reasonable effort to check on their citizenship status before letting them go free.
  • Liquor licenses won't be issued to illegal aliens.
... and so on. It looks like the part that the police department is up at arms about is this:
64 . prohibits a unit of local government from enacting an ordinance or policy that limits
65 or prohibits a law enforcement officer or government employee from
66 communicating or cooperating with federal officials regarding the immigration
67 status of a person within the state;
You can find more details on lines 577 through 592 of the same document. If I'm reading it right, it means that local police departments (or any government office) can't tell their officers that they're not allowed to report illegal immigrants. It doesn't necessarily mean that their officers have to report illegal immigrants--they just can't get in trouble if they do.

The only part I'm unclear on is this:
593 (d) This Subsection (3) allows for a private right of action by a natural or legal person
594 lawfully domiciled in this state to file for a writ of mandamus to compel a noncompliant local
595 or state governmental agency to comply with the reporting laws of this Subsection (3).
So my question for all you lawyer types out there is this: Does this mean that if I notice my local police department has a policy of refusing to cooperate with immigration officials, I can file to have them get rid of that policy? Or does it mean that if I notice an illegal immigrant in my neighborhood, I can file to make the local police investigate them? (I suspect the former.)

I have two more observations to make on the matter. First, the article I linked to earlier mentioned that people are afraid that it opens up a door to racial profiling. I just don't see how this law could possibly be construed to do that. It doesn't say that police officers can book people into jail on suspicion of being illegal immigrants, for example.

Secondly, I think people are getting confused about the difference between rights and privileges. People have a right to life, liberty, and the pursuit of happiness. People have a right to choose what actions they will take each day, as long as their actions do not infringe upon the rights of others. People have a right to not be discriminated against based on their race, religion, and sex. People do not have a right to a job--that's a privilege. It's something that can be given or retracted at will. It is normally not wise for employers to fire somebody without reason, but they have every right to fire somebody who is not doing their job.

How does this apply? Every police officer has a right to decide whether he or she will report an illegal alien to the proper authorities. If their boss (the chief) feels that by deciding to report or not to report illegal aliens, they are not doing their job properly, he can choose to fire them. He has been duly appointed to his position, and is therefore given this privilege. If, however, his employer (the government) decides that by firing those workers, or by establishing any policy contrary to the law, he is not doing his job properly, they can fire him as well. Since they have been duly appointed by the people, this is their privilege. And if their boss (the citizenship) feels that they are not performing their duty correctly, they can fire congress as well. This is a simple principle of self-governance, which falls under the Liberty category, and is therefore not a privilege, but a right of any people.

So the officers individually have the right to resign, or to stop performing their duty to the point that they get fired, if that's what they want. The chief has the right to do the same. But the Police Department as a government entity has neither the right nor the privilege to refuse to enforce a law which has been passed by duly-elected officials. Congress, likewise, has neither the right nor the privilege to refuse to represent their constituency. When the police begins to govern the people, rather than the other way around, it's called a police state, and we don't want that, now do we?