Tuesday, June 28, 2011

Doin' what comes natchurly

The Second City Network has made a wonderfully irreverent video answer to people who say that gay marriage is not "natural". WARNING! Highly NSFW. If you are easily offended, do not watch this video.

Saturday, June 25, 2011

Five down...

I've not been blogging much because I'm working on a new startup which is taking up most of my time, but I could not let the legalization of gay marriage in New York pass without mention. So... kudos to the New York legislature, and all the hardworking folks working behind the scenes. Well done. And a special honorable mention to Mark Grisanti who stood up to his party to do the right thing.

Thursday, June 23, 2011

As long as I am on a tear about the economy...

Everyone needs to see this movie.

Can Ben Bernanke really be this stupid?

Ben Bernanke is surprised that the economy is not recovering faster:


Fed Chairman Ben Bernanke told reporters Wednesday that the central bank had been caught off guard by recent signs of deterioration in the economy. And he said the troubles could continue into next year.

"We don't have a precise read on why this slower pace of growth is persisting," Bernanke said. He said the weak housing market and problems in the banking system might be "more persistent than we thought."


Well, I'm not surprised. It's completely obvious to me why the economy has not recovered: we have done absolutely nothing to fix it. The housing crisis was not an unexpected aberration, it was the completely predictable result of the systematic dismantling of the tax and regulatory regime that was in place in this country since the end of WWII, and replacing it with a tax and regulatory regime that more closely resembles what we had after WWI. In 1925 top marginal tax rates were lowered from 46% to 25% and banks were deregulated. Five years later the Great Depression started. By 1945 top marginal rates were back up to 90% and a strong banking regulatory regime was put in place that resulted in thirty years of unprecedented financial stability and prosperity. Starting in 1982 we began to dismantle that regulatory regime and lowered top marginal tax rates back down to 30% or so. The predictable result was increasing financial instability and economic inequality. Since 2008 we have done absolutely nothing to change the strategic situation so it shouldn't come as a surprise to anyone that we continue to see the same results.

I'm going to go on record here with the following prediction: within the next five years we will see an economic crisis that will make 2008 look like a cake walk by comparison. We came very close to a global meltdown back in '08, and the only thing that saved us from complete calamity was using up what little margin was left in the system to restore liquidity. The next time things start to come apart at the seams that margin will be gone. I have no idea when or how this crisis will come about. I just know that unless we make some painful choices it is a question of when, not if, this will happen. And right now I see no indication that those painful choices will be made. The fact that Ben Bernanke apparently has his head shoved so far up his butt that he can't see what is blatantly obvious to an amateur like me does nothing to bolster my optimism.

[UPDATE] Looks like my prediction may be coming true faster than I thought.

Thursday, June 16, 2011

Fukushima: It's much worse than you think

I've been a proponent of nuclear power. I'm still a proponent of nuclear power. But because I endorsed the view that there was nothing to worry about at Fukushima and that nuclear power is the safest way to generate electricity (which it actually still is) I feel duty bound to point out this article from Al Jazeera (which nowadays seems to be a fairly reliable source) that says that the situation at Fukushima is pretty frickin' bad, much worse than official sources would have one believe.

Because reliable information from Fukushima is so hard to come by it is probably impossible to say if this article has overblown the actual danger. But the article seems plausible to me. I still believe it is possible to design and build safe reactors. But at this point I don't see how any reasonable person could fail to concede that Fukushima manifestly wasn't.

Tuesday, June 14, 2011

Wouldn't it be ironic...

... if CO2 emissions ended up saving the environment instead of destroying it?

Py-bcrypt discrepancies explained

Earlier today I raised an alarm over some discrepancies that I discovered between the behavior of the py-bcrypt library and the published description of the bcrypt algorithm. Today I got a response from the author of py-bcrypt, which I quote here in its entirety:


No, they are not bugs. As usual in the real world, there are differences between academic work and practical implementation. There is no reason to worry about this because:

a) The truncation of the hash exists in the reference implementation that was written by Provos and Mazieres (the paper authors). You can check this for yourself in OpenBSD's CVS.

b) The incremental likelihood of collision caused by truncating the hash is in the order of 2^-186, which is irrelevant in this context.

Why was this done? You'd have to ask Niels or Davis, but I'd guess that they figured 60 characters was a more convenient length.

I guess this blog post was yours: http://rondam.blogspot.com/2011/06/possible-flaw-in-open-source-bcrypt.html

I have to say that I find it completely assinine and irresponsible. You imply that this difference in behaviour could be a deliberately-inserted vulnerability, without waiting even a week for a reply from me or bothering to check the reference implementation or its authorship before insinuating malicious intent.

Please retract your your post.


For the record, I never meant to imply that py-bcrypt was malicious, only that it is prudent to track down and understand discrepancies like this when one encounters them because they could some day be an indication of something malicious going on.

It's true that I did not wait a week before going public, I waited two days. I think reasonable people could disagree over what the appropriate length of time is in a situation like this.

In any case, for the record, there is now no reason I know of not to use py-bcrypt, and I apologize for any misunderstanding my earlier post may have caused.

The darker side of bitcoin

Isn't it funny how sometimes life seems to follow a theme? Here I am being all paranoid about security and not five minutes later I stumble across this:


Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance [has been stolen].

I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

...

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!


No, there is nothing that this poor sod can do. That is the whole point of bitcoin. It's untraceable virtual cash, and like physical cash, if someone steals it from you it's gone for good.

Wow, the bitcoin that was stolen was worth about half a million dollars at current exchange rates. You gotta wonder if the motive was profit or to undermine trust in bitcoin.

A possible flaw in open-source bcrypt implementations

[NOTE: See updates below and here.]

I'm working on an application that requires a secure password hash. The state of the art is Colin Percival's scrypt but the available code base is not very developer-friendly. Scrypt is published as a self-contained file-encryption utility, and to extract the key-derivation function is not trivial. It's not a lot of work, but it does require a fairly deep understanding of how scrypt actually works under the hood to make sure that you don't screw it up (and crypto code is notoriously easy to screw up even for someone who knows what they are doing). So I decided instead to try bcrypt, which is not as secure as scrypt but is a lot easier to use because it has python bindings and a password-hashing-friendly API.

So I downloaded and installed py-bcrypt, ran a few tests, and everything seemed to be working properly. But then I noticed something odd. The hash produced by py-bcrypt was 60 bytes long:


>>> import bcrypt
>>> bcrypt.hashpw('x', gensalt())
'$2a$12$w6IdiZTAckGirKaH8LU8VOxEvP97cFLEW5ePVJzhZilSa5c.V/uMK'
>>> len(_)
60


Let's deconstruct that. The format of the bcrypt hash is:

1. A 7-byte header ("$2a$12$") identifying this is a bcrypt hash, followed by...

2. A 22-byte base-64 encoded salt ("'w6IdiZTAckGirKaH8LU8VO") which decodes to a 128-bit binary salt value, followed by...

3. A 31-byte base-64 encoded hash ("xEvP97cFLEW5ePVJzhZilSa5c.V/uMK") which is supposed to decode to a 192-bit hash.

Except that it doesn't. 31 base64 encoded bytes only yield 184 binary bits. One byte of our hash has gone missing. [NOTE: this is corrected from an earlier version where I had two bytes missing. Those damn off-by-one errors :-) ]

OK, so maybe someone accidentally introduced an off-by-one error into the python wrapper. Except that the problem is not in the python wrapper. You can find bcrypt test vectors on the web, and they are all 60-byte strings.

It gets weirder.

The official bcrypt paper says (and other accounts corroborate) that bcrypt is limited to hashing 55-byte-long passwords. But empirically, py-bcrypt uses up to 72 bytes:


>>> hashpw('x'*71, s)
'$2a$12$w6IdiZTAckGirKaH8LU8VOMZSlhS0VSZlNwXRObFsZV4.wyRyEn9.'
>>> hashpw('x'*72, s)
'$2a$12$w6IdiZTAckGirKaH8LU8VOD.VdDKdNfUBylAAnnmZvJuKg6dhqMLq'
>>> hashpw('x'*73, s)
'$2a$12$w6IdiZTAckGirKaH8LU8VOD.VdDKdNfUBylAAnnmZvJuKg6dhqMLq'
>>>


That is a very big discrepancy between the actual behavior of the code and the description given in the literature. It's vastly too big a discrepancy to be explainable by a simple inadvertent bug.

Now, some people might say I'm being excessively paranoid, but I don't think so. The higher the stakes in the internet security game get, the more incentive there is for attackers to try all kinds of sneaky and nefarious tricks to introduce weaknesses into people's defenses, and one of the easiest ways to do that is to publish some plausible-looking open-source security code that actually has a hidden weakness built in to it and hope that nobody notices. So IMHO it is prudent to raise at least a yellow flag any time the actual behavior of security code deviates from its peer-reviewed specification. When it comes to security, a certain level of paranoia can be prudent.

I sent an email to the author of py-bcrypt asking about this but didn't get a response. If anyone who knows their way around crypto code can shed some light on this I would be very grateful.

[UPDATE: My general level of paranoia has been at least partially vindcated]

[UPDATE2: The discrepancies have apparently been cleared up]

Wednesday, June 08, 2011

Obamacare takes another step towards the grave

A year ago March I predicted that the Supreme Court would overturn Obamacare on Constitutional grounds. Today the LA Times reports:


A top Obama administration lawyer defending last year's healthcare law ran into skeptical questions Wednesday from three federal judges here, who suggested they may be ready to declare all or part of the law unconstitutional.

Acting U.S. Solicitor General Neal K. Katyal faced off against former Bush administration Solicitor General Paul Clement in what has become the largest and broadest challenge to the healthcare law. In all, 26 states and the National Federation of Independent Business joined in urging the judges to strike down the law.

... in an ominous sign for the administration, the judges opened the arguments by saying they knew of no case in American history where the courts had upheld the government's power to force someone to buy a product. {Emphasis added.]


So it's looking good for my prophetic abilities. Not so good for the country.

Tuesday, June 07, 2011

One dollar, one vote

Former Minnesota Gov. Tim Pawlenty is calling for big tax cuts. (My, what an innovative idea.)


In order to offset any lost tax revenue — and to tackle the deficit — Mr. Pawlenty calls for something called “The Google Test” to determine whether the government should be involved in a program.

“If you can find a good or service on the Internet, then the federal government probably doesn’t need to be doing it,” Mr. Pawlenty says.


Hm, let's see what we can find on Google nowadays. I can find this. And this. And this. And this and this and this. Oh, those aren't goods and services available for sale you say? Well, how about this or this or this.

The point being (not that this should come as a surprise to anyone who hasn't been living in a cave for the last ten years): you can find freakin' anything on Google. Of course the private sector will step up and provide any service that the government doesn't for which there is demand. But you might not like the terms.

Here's the problem: we as a society are not willing to let people suffer the consequences of their actions, and with good reason: sometimes the consequences of your actions affect the people around you. Want to ride a motorcycle without a helmet? If you splatter your brains on the sidewalk it's not just you that suffers. It's your kids. It's your employer (or your employees). It's whoever gets stuck with the job of scraping you and your motorcycle off the pavement and disposing of them. And if you should be so unfortunate as to survive the accident, people seem generally unwilling to muster the cold-heartednes to let you die if your insurance premiums aren't up to date, or your pockets aren't deep enough.

So we build emergency rooms and make rules that they can't turn you away if you can't pay. We fund police and fire departments in the recognition that if your neighbor's house is robbed or burns down, you suffer too. We build schools because if your fellow citizens are uneducated, you suffer, because they vote.

Unless, of course, they didn't.

The idea of one-person-one-vote that we Americans claim to hold in such high esteem is actually a fairly recent innovation. When our country was founded it was one-landowner-one-vote. Then it became one-white-make-one-vote, then one-white-person-one-vote.

Most of us like to think that these are settled issues. But it is in our nature as humans to seek power and influence, and unlike wealth, where trades can produce winners on both sides, power and influence are zero-sum games. The whole point of having power and influence is to get other people to do what you want instead of what they want. Someone has to pick the vegetables, clean the sewers, fight the wars. How do you decide who draws the short straw?

It turns out there are lots of ways, some better than others. You can create a government and have it make the decisions. You can create a free-market economy and let that decide. Or you can create a system where some people are left with no alternative but to do the dirty work or starve.

That is what the Republican program of dismantling government is heading towards. If you replace government with the free market, then you replace one-person-one-vote with, effectively, one-dollar-one-vote, which some people (generally those with lots of dollars) genuinely consider to be a good thing.

I have to hand it to the Republicans though. Their marketing is brilliant. If they presented their agenda at face value they'd be run out of town on a rail. So instead they wrap their anti-democratic ideals in the flag and convince people that it's patriotic to fight the wars for starvation wages (and put up with being abandoned afterwards).

But it's not patriotic to pay more taxes. Oh, no.

I genuinely don't understand why anyone who isn't a millionaire would fall for this transparent scam. But they do, and by the tens of millions. I wish I did understand it because if I did I'm pretty sure I could make a lot of money.

Thursday, June 02, 2011

If there was any doubt in your mind...

... that we are in another bubble, this should dispel it. Groupon, a three-year-old company with zero profit, is filing for an IPO. Why do they need the money? Because they took all of their previous investment rounds and paid them out to earlier investors:


In January, Groupon raised $950 million. By the end of March, it had $209 million in cash. What happened to all that money? The company’s IPO filing spells that out: Almost all of it went right back out the door, to employees and early investors. ... Of note: This wasn’t the first time Groupon had raised money and taken cash off the table. In April 2010, the company raised $130 million, and handed $120 million to many of the same people.


If it quacks like a Ponzi scheme...

Damn straight

"The global war on drugs has 'failed'" according to a new report by ... The Global Commission on Drug Policy.