Jenny McCarthy and Autism

by

The New York Times just posted a brilliant Opinion yesterday. Brilliant obviously mostly because I agree with it.

The Post, as you may have guessed from the Headline, is about Autism and how Jenny McCarthy so hilariously failed at covering her own ass.

This has been very important to me for a really long time. Everyone knows that vaccinations have saved literally billions of lives and have eradicated diseases and almost eradicated a lot more diseases. Smallpox for one is completely gone. I’m very happy about that fact. And yet there could be so many more diseases completely wiped out. I’m obviously not blaming Jenny McCarthy for that failure, but she is changing minds about vaccinations everywhere.

Think about that for a minute. Someone who has never been to medical school, has no degree whatsoever, has never even read a book about vaccinations, has never read any scientific information about vaccines is somehow the leading authority on vaccines and a link to autism that has been disproved again and again. She somehow is more trustworthy because she posed for playboy than literally hundreds of scientists who spend their lives trying to help people.

So the New York Times Opinion goes on about Jenny McCarthy trying to say that she’s not anti Vaccine when she’s been telling people not to vaccinate their children for years. She went on “Oprah” to say that the MMR Vaccine apparently instantly changed how her son’s brain worked.

Think about that…. instantly. He got the vaccine and he just changed …. right then and there.

How stupid do you have to be to even believe that. So in the millions of vaccines that have been given to kids…. in the BILLIONS of vaccines given to children no one noticed that ? Some doctors vaccinate hundreds of children every year, and they somehow don’t notice something that significant ?

I’m refraining from posting everything she said and linking to everything, but it’s very telling that both sides of the vaccination debate (which really should not exist at all, please read the whole ‘I fucking love science’ post on it) are so focused on her. She has a page named after her called ‘Jenny McCarthy Body Count’.

Now as you may have heard. The person that sparked this whole debate does not even have autism. Think about that…. over a thousand people die because they chose not to get vaccinated in part because of Jenny McCarthy. Who somehow linked autism to vaccines because of her son. Who then turned out not to have autism. That’s pretty ironic if you ask me.

TL:DR; Jenny McCarthy causes incredible amounts of time and money to be spent on disproving a link between autism and vaccines. Which has been disproved as hard as possible. Instead of that time and money being spent on actual research into autism, how you get autism, how to treat autism, how to prevent autism. People have died because of a silly debate when there never has been a link between vaccines and autism (except for one paper that was written because of greed, which has obviously been disproved about 20 times over, retracted and the author lost his license over it). And then it turns out her son doesn’t even have autism. And yet She still is not an advocate for vaccines, even for autism. To my knowledge she hasn’t even apologized for any of it. Not that any of that would undo any of the damage she has done. It would be a start.

Please vaccinate yourself and your children.

How the US is Lagging in Quality of Life

by

CNN’s incredibly smart and prolific contributor Fareed Zakaria recently posted in his Blog about how the US is lagging in Quality of Life. The post was about an interview with Michael Porter, a professor at the Harvard Business School about why the US is nowhere near the top in the Quality of Life Index. The United States being 16th overall, after Germany, Ireland, Japan, etc. All the way down at 70th place in Health and Wellness.

The whole post mainly just confirms a lot of things that I already knew but couldn’t convince most of my american friends of. I was actually quite surprised how high the US ranks in most of the statistics cited. I really didn’t think the US was doing that well in terms of opportunity and freedom. The Healthcare thing was obvious to me, since I haven’t lived a big part of my life in countries without universal healthcare (there actually aren’t that many of them that I would voluntarily visit). What did surprise me was just how horrible the US is doing in terms of healthcare. I wouldn’t have thought that they couldn’t beat Niger, Nepal or Liberia. I usually cite statistics from the CIA factbook (especially stats on infant mortality and life expectancy) when arguing how bad the American healthcare system is and how badly it had to be reformed before Obama actually had the balls to do it and the stamina to get it done…. eventually. Obviously there still is a lot of room for improvement and I hope that someone will eventually get to it, but I’m losing hope seeing how there was an obvious need to change things, widespread republican support and it still almost didn’t pass at all.

It’s really interesting to see how the countries rank when you play around with the statistics a little. My home country of Germany is actually doing fairly well in pretty much any regard, but we’re quite obviously never at the very top. But that’s a topic for a different time and Post. I have quite a few beefs with the German politics of today.

Spend some time playing around with the statistics and have a look at the CIA factbook (go to Guide to Country Comparisons), both will be surprising in many ways.

Google

by

Taking over the world…

So it’s the age of the Internet and basically you don’t exist if google doesn’t find you. And they know that, too. I will get to a point eventually, but for now a little back story. When google was founded they wanted to change the way search engines find stuff. And they did, obviously…. kind of.

When google started Alta Vista was huge, and lycos, and AOL. You probably heard about one of those companies, the other two are search engines. Back in the day google had an ‘I feel lucky’ button. Interestingly enough they actually still do, just no one uses it anymore. My point is that that button used to showcase how google just works. You could search for whatever you wanted to find, click the button and actually be on the page you wanted to find. These days ? Not so much. Unless you were looking for a wikipedia article, in which case you actually might get lucky still.

So these days google sucks. Every one knows it, too. So why are they still alive and doing very very well ? The other options suck worse, far worse in some cases. Bing can’t get their market share up, Yahoo just gave up completely and started using Bing…. There actually are a few alternatives to google, which were made because of the huge issues some people have with one company basically having all their data saved on their servers. Here’s a list of Search engines, there actually are quite a few. DuckDuckGo is a name that comes up every time this is brought up, give em a try if you want.

But! The point of this article isn’t to talk about how much google sucks.

Mathias Döpfner said a few very telling things in an open letter published in the FAZ. He said that when google changed their algorithm the traffic to the website of one of the companies they own dropped by as much as 70%. Coincidentally it was a competitor to google. Now if the company I work for lost 70% of their traffic I would not have a job very long because they couldn’t afford having me. And as I mentioned earlier, they know that. They know how much power they have over basically the whole internet. When news publishers wanted search engines to pay for the content they show in previews to the sites they link to they removed them from the index. And obviously things changed a lot. I have to say that I’m with google on that issue (and many others).

In many ways google has already gone beyond the “don’t be evil” motto that they said they go by. In many cases. Take for example the android platform. Arstechnica wrote a very nice article about that one. Long story short they’re forcing manufacturers to stick to google apps and android. When Acer wanted to make a phone that didn’t run on android google told them to stop it or lose access to google’s apps. There were plans (pretty far along, like prototypes already made) for a tablet that runs both android and windows. I think that would be an amazing device. Google didn’t like it so it’s not going to happen.

There actually are many more examples like that, google is just exploiting the power that they have. After fighting against the same power when microsoft had it. It’s a bit hypocritical for my taste.

So to summarize Google is an evil empire that knows how to abuse their power. Google is also a great empire bringing innovation to people everywhere. So we need google. We just don’t like google. We love everything google stood for 10 years ago. We just don’t like what happens when a company is so great at things that they accumulate a great amount of power. So I would like a company with the amount of power google has, with the power of innovation, with the power to buy great companies that make great products. I just would like it if they didn’t abuse that power so blatantly and often.

My Comprehensive Thoughts on Gun Control

by

This is going to be a fairly long post; you’ll probably know which side I’m on by the end.

People are worried (and rightly so) that their guns will be taken away. All guns. I think that’s just a ridiculous notion. The often quoted second amendment comes into play here. What does the second amendment allow, though? Not much of anything. The second amendment to the constitution was written quite a while ago, December 15th 1791 to be exact. The issue therefore shouldn’t really be whether or not we should be allowed to own, purchase or carry weapons that weren’t around before then. Furthermore you aren’t allowed to buy machine guns; you’re not allowed to buy tanks, submarines, missiles, etc. There already are restrictions in place for all sorts of ridiculous things. What really is the issue about putting assault rifles (back) on that list? Do you need an assault rifle for hunting? For protection? No. For either of those uses they’re not well suited at all.

There are guns used for hunting that I think should be legal. There are guns that are well-suited for protecting yourself, that I have more of a problem with. The main issue is about protecting your home and your family from intruders. For that a handgun would probably be way better suited than an assault rifle since you can aim and fire it faster. Do I think that anyone should be able to buy a handgun, though? No. As charts in this motherjones articleshow there were 131,246 accidental non-fatal shootings between 2003 and 2010. Over five thousand accidental fatal shootings. With those numbers I would not feel safe about a gun being in my home.

Other claims of uses for guns include protection against school shooters, protection against armed robbery, protection against mugging. Let’s go for the easy one first. People claiming that someone with a gun would have stopped Adam Lanza. This claim is so ridiculous I really shouldn’t bother with it, but I will regardless. This video illustrates my point quite nicely:

If you actually had a gun in a situation like that, and managed to pull it, you would get shot several times before you even had the chance to aim it. The point the video does not make is what happens if multiple people had a gun in that situation and they’re successful. Now someone hears shots being fired in a room close by, they draw their gun and proceed carefully. Then they see someone with a gun standing over a dead body. What would you do, if you saw someone with a gun standing over a body in a classroom? Probably shoot him right? Even worse is if someone saw you shooting the shooter while not seeing the shooter. Anyone would just assume that you’re the shooter. Many of these situations, while only being hypothetical end up with the good guy with a gun lying dead in the floor.Now for armed robbery and muggings. What we’re assuming is that we’re up against someone who has already drawn a gun. Someone who has a gun pointed at us. No trained shooter (cop, armed forces, etc.) would take the risk of going for their own gun in this situation. The bad guy needs to only do one thing, pull the trigger. You need to somehow get to your gun (even if it’s just reaching for your belt), get it out, take the safety off, aim it and shoot it. All that before the bad guy has a chance to pull the trigger. It just is not possible.

I incidentally also know someone in law enforcement who is afraid of a ban on assault weapons and that is something that I don’t understand. He also hasn’t answered why he would be in favor of other people having assault rifles which would make it a very difficult job for a cop if one were to have to go up against that. The ‘famous’ north Hollywood shootout should be a warning for anyone in law enforcement. The cops in this case were severely outgunned and couldn’t penetrate the robbers’ body armor with their guns. The robbers with their assault rifles fired 1,300 rounds of ammunition at the cops. The cops had to go to nearby gun stores and get assault rifles. How ridiculous is that? The same situation would have occurred had there been people in the movie theater of the batman shooting. He was wearing body armor while using an assault rifle. Do you really think you have a chance against that with your handgun and 9 rounds of ammunition?

Now for some other claims. “Criminals don’t care about laws”. That is seriously over simplified and pretty retarded. If you really think about that statement it says criminals should be able to buy guns, because they will have them anyway. No they shouldn’t. There are laws against giving guns to criminals. They are good. I think there should be more laws that make the punishments even more severe if you’re not allowed to have a gun and yet you do. I think that punishments should escalate for people who get caught with a gun. I think there should be added punishments for having a gun that was stolen. I think there should be added punishments for having a gun that was used to commit crimes. I think all these would make it far less likely for someone to carry a gun that isn’t supposed to have one. Obviously the people who are already on the run will not care that much, but even then it would make it far easier to put violent criminals away for long periods of time. Still someone who has a felony for selling weed will likely not buy a gun from a shady source knowing he could go to jail for a long time for just carrying it. I really think this is how you make America safer, less guns in the hands of criminals, through laws that don’t target law abiding citizens.

Now for the more recent claims of people “It’s not the guns that caused those tragedies it’s the mental health of the shooters”. I agree with that. Sincethis Washington post article has some nice charts that show that most cases had killers use weapons that they had obtained legally. I think the only solution to this is universal health care since obviously a lot of people can’t afford to see a doctor every time they feel something’s wrong, they’re way less likely to see a psychologist, even if a doctor thinks they should be seeing one. But then I guess you’re arguing that people of questionable mental health should be on some kind of list that prevents them from buying guns? Or do you just think that anyone buying a gun should pass a psychological exam? I’m all for the second one.

One claim of some people that said there would be far less break-ins if everyone had a gun at home I always thought was pretty amusing. Recently The Journal News published a map that showed homes with registered guns and sparked some significant outrage because “Now everyone knows where the legal guns are kept, a valuable piece of information for criminals,” as a commenter stated. Pretty big contradiction there. But I do agree with the latter point. Criminals get their guns from people stealing them from your home. If you had less legal guns the number of illegal guns would also drop. There are millions of guns that get taken away from criminals. There needs to be an influx of guns to keep the criminals armed.

Conclusion:

The second amendment doesn’t really give you any rights. There are restrictions on a lot of ‘arms’ already. I think the US should legalize guns. I think you should be able to buy a hunting rifle after proving that you can skin a deer. I think you should be able to buy a handgun after passing a background check, a psychological test, and wait a few days.

Kein Weihnachten

by

vielen dank an Hermes und MyToys

Es ist der 5.1.2013 und meine Kinder hatten letztes Jahr (noch) kein Weihnachten. Die Chronik der Inkompetenz beginnt am 13.12.2012. Da wir es uns nicht wirklich leisten können viele Geschenke für die Kinder zu kaufen haben wir uns entschieden bei MyToys alles zu finanzieren. Ich muss sagen es wäre weit besser gewesen je zwei kleine Geschenke zu kaufen als bei MyToys Sachen im Wert von über 300 Euro zu bestellen. Und so fängt die Geschichte dann am 13.12. an. Nachdem wir die Bestellung online aufgegeben haben rief ich bei MyToys an um sicherzustellen das alles noch vor Weihnachten ankommt. Ich bekomme von der netten Dame am anderen Ende der Leitung ein Versprechen. So weit so gut. Es ist ja auch noch viel Zeit.

MyToys übergibt das Paket am 17.12. an den Hermes Versand. Laut Sendungsauskunft geht bis zum 19.12 auch alles gut. An dem Tag erreicht das Paket die Niederlassung Hannover. Danach gibt es dann keine Updates mehr. Das Paket befindet sich laut Sendungsauskunft auch immer noch in Hannover (Sendungs ID kann man im Screenshot sehen, versuchen Sie’s einfach selbst wenn sie diesen Eintrag lesen).

Am 22.12. rufe ich bei Hermes an. Leider kann man mir dort keine Auskunft geben. Mir wird gesagt ich muss bei MyToys anrufen, weil die eine interne stelle anrufen können (warum kann ich das nicht ? warum können die Leute im callcenter von Hermes das nicht ? zwei Fragen die ungeklärt bleiben). Ich rufe also bei MyToys an (übrigens sowohl Hermes als auch MyToys auf einer 01805 nummer die mich 42 cent pro minute vom Handy kostet). MyToys berichtet das das Paket in der Auslieferung ist und warscheinlich “heute oder morgen” ausgeliefert wird. Definitiv aber vor oder am 24.12.

Leider warte ich vergeblich auf mein Paket (aber das haben Sie sich bestimmt gedacht, da oben steht dass sich das Paket noch in Hannover befindet). Auch am 23.12. warte ich vergeblich. Am 24.12. muss ich arbeiten, rufe aber wieder bei MyToys an (vom Handy, 42 cent pro minute) um nachzufragen ob denn noch die Möglichkeit besteht, dass das Paket ankommt. Die nette Dame am anderen Ende sagt, dass es möglich ist. Während ich warte ruft sie auf mein drängen bei Hermes an um näheres zu erfahren. Bei Hermes ist zu dieser Zeit schon nicht mehr sicher ob das Paket schon verloren ist oder noch ausgeliefert werden kann. Näheres wisse man aber erst am Donnerstag, da in der Niederlassung schon nicht mehr gearbeitet wird.

Wir hatten am 24.12. leider noch Hoffnung auf die Zustellung des Pakets. Wir wurden auch an diesem Tag bitter enttäuscht.

Als klar war, dass es für die Kinder in den nächsten Tagen kein Weihnachten gab mussten wir der älteren Tochter irgendwie erklären, dass der Weihnachstmann noch nicht da sein wird. Sie ist 7 Jahre alt und wir wollten ihr eigentlich noch nicht eröffnen, dass es den Weihnachtsmann nicht gibt. Wir haben ihr aber erklären können, dass es noch ein paar Tage dauern wird.

Leider wurde auch daraus nichts.

Am Donnerstag hat MyToys endlich eine Email geschrieben, dass das Paket verloren gegangen ist. Wir haben ein bisschen gesucht um möglicherweise woanders etwas zu bestellen. Am Ende mussten wir uns wieder mit MyToys begnügen, da uns die Lieferzeiten bei den anderen Anbietern zu lang waren. Wir waren schliesslich schon unter erheblichem Druck, weil wir nicht erst Silvester und dann Weihnachten feiern wollten.

Wie Sie sich mitlerweile denken können wurden wir wieder enttäuscht.

Am 27.12. habe ich MyToys angerufen um zu bitten das die Sache ein wenig beschleunigt wird. Mir wurde mitgeteilt, dass wenn alles verfügbar ist, es noch am gleichen Tag geschickt werden sollte, mindestens aber am nächsten.

Am 27.12. wurde’s nicht verschickt. Am 28.12. auch nicht. Also rief ich wieder bei MyToys an. Diesmal wurde mir gesagt, dass alles verfügbar ist und am 31.12. das Paket rausgehen sollte.

Auch das passierte nicht.

Am 2.1. wurde anscheinend das Paket gepackt und verschickt. Leider mit Hermes.

Sie können sich sicher denken was seit dem passiert ist.

Nichts.

Ich habe Seit dem 2.1. mehrere male bei Hermes und bei MyToys angerufen. Mitlerweile sollte ich eigentlich alle callcenter Mitarbeiter in beiden Firmen kennen. Als ich gestern bei MyToys angerufen habe hat man mir gesagt, dass es verladen wurde und sich in der Zustellung befindet. Ich sollte es also ‘Heute oder Morgen’ erhalten.

Habe ich nicht.

Heute rief ich wieder bei MyToys an. Mir wurde schon wieder gesagt, dass es sich in der Zustellung befindet und ‘Heute oder Montag’ ausgeliefert werden soll.

Kurz vor 18 Uhr wollte ich noch einmal bei MyToys anrufen um nach dem Status zu fragen. Eine Stimme sagte mir ‘Leider können wir Ihren Anruf nicht persönlich entgegennehmen’. Ich hab’s dann noch einmal bei Hermes versucht. Hermes konnte mir in den letzten Wochen sehr selten mehr sagen als ich im Sendungsstatus selbst sehen konnte. Ich wurde mehrere male an MyToys verwiesen. Heute schien ich aber Glück zu haben. Die nette Dame am anderen Ende der Leitung hat mir gesagt, dass das Paket gerade erst in Langendamm angekommen ist.

3 Tage nachdem Hermes das Paket bekommen hat ist es in Langendamm, nahe Nienburg. 2 Tage nachdem DHL es zugestellt hätte.

Also besteht keine möglichkeit mehr das Paket heute zu bekommen. Das heißt, dass meine Tochter am Montag wieder zur Schule geht ohne, dass sie Weihnachten gefeiert hat.

Vielen Dank an Hermes und MyToys. Ich bedanke mich für viele nette Stunden die ich damit verbracht habe nachzuforschen wo meine Geschenke denn sein könnten. Und für die vielen Tage die ich Hoffnung hatte. Hoffnung das Paket zu bekommen. Hoffnung Weihnachten am nächsten Tag feiern zu können. Diese Hoffnung habe ich schon so lange nicht mehr gekannt. Ich bin viel zu verwöhnt von Amazon.de, auch von Ebay händlern die es schaffen innerhalb von 3 Tagen einen Artikel zu schicken. Ich bin zu verwöhnt von callcenter Mitarbeitern von Amazon.de wo man auch eine Nachlieferung am nächsten Tag zustellen kann (es war von einem Artikel zu wenig geliefert worden).

Jetzt kann ich hoffen nächstes Jahr Weihnachten feiern zu können.

Hermes Tracking Information

Hermes Tracking Information

Hermes Tracking Information

Hermes Tracking Information

Gigabyte M6900 Gaming Mouse review

by

More than a week ago I didn’t even know that Gigabyte produced mice but I’m pretty broke and my Logitech mouse somehow has a very weird issue where it clicks twice when I want to click once sometimes.

Anyway, the Gigabyte M6900 comes in pretty awesome packaging. It actually comes in a black plastic case that I wouldn’t mind showing off.

The mouse itself looks very nice. It has a fairly wide base that I wasn’t used to, but now think is pretty comfortable. It has the usual 2 thumb buttons and a mouse wheel button. You can also move the mouse wheel to the sides for 2 additional buttons.

On the top there are 2 buttons to set the dpi and 3 LEDs of which 2 are showing dpi settings while the bottom one is always on.

I thought it was very nice that everything just works after plugging in the mouse. No hassle of installing additional software. And the mouse is very precise and has a nice feel.

Most of all, I bought it for 23 euro (it’s on amazon.com for $24.99) which is far lower than a comparable mouse from Logitech which doesn’t look as nice. The only thing that I think it needs is the button to change to smooth scrolling that Logitech has (I like the rasterized scrolling most of the time but for fast scrolling the smooth thing is nice).

In summary it’s a great mouse for the price.

Thoughts about the Go Language

by

and programming languages in general

As you can read on my about me page, I have pretty much always been into learning new languages. This is more true for programming languages than spoken ones, but I do think I’m fairly good at this english one. So recently (shocking since it hasn’t existed that long) I came across Google’s Go language and I have been reading about the features of the language and the design choices the inventors have made.

Now I have to say that I have thought about designing my own programming language for quite a while now (almost a decade) and while I haven’t even started trying to implement it I have spent quite a bit of time writing down features it needs to have, features that are nice to have, etc. Now there are some obvious features that every recent language seems to have, like Object Orientation, Threads, C-style syntax, etc. I was quite surprised that Go went a different way on a few things that seem obvious at first.

Go doesn’t quite have Classes, that is to say that it doesn’t have Inheritance. That seems like a glaringly obvious mistake on their part, but since they had some very smart people think about it for a long time, I’m more inclined to trust them on it than myself. The interesting thing here is Interfaces (no grammatically this makes no sense, but I’m leaving it). If an Object has all the same interfaces as another Object what purpose would there be in the Objects not being interchangable. If it could be used as a different Object without anything failing, why wouldn’t it be allowed to.

C-Style syntax is another thing that’s seemingly obvious, but everyone differs from it a little bit (and they all kinda have to since C doesn’t have classes). Go doesn’t really go that far off the beaten path here, but some things are noteworthy. Variable declarations are the first and most obvious thing. I don’t think turning everything around is a good idea really, but I can live with it. In C# you have someclass somename = new someclass(arguments); which I will be the first to admit is a bit redundant. Still I would have probably gone with: new someclass(arguments) somename instead of the Go equivalent somename:= someclass(arguments).

Semicolons are gone as well. You still can throw them in there to end a statement if you want to have more than one statement in one line of code, but for the most part you probably won’t be using them. I have always thought that that was the way it was supposed to be, but I did favor the consistency of the semicolon over just ending a statement at the end of a line like VB. So here I can have both.

Last, for this post anyway, we have Threads. With every living being having a multicore processor this seems obvious. We do need concurrency. There just isn’t a way around concurrency anymore. The obvious choice seems to be using threads. It’s what everyone else does and it’s fairly simple to implement. You can just let the Operating System’s scheduler figure out when to give another thread the ability to do something. After thinking about this for a long time and writing a few multithreaded programs I have always favored erlang style concurrency. You need a way to pass a message to a different thread and using global (omg !) or shared variables doesn’t seem like a very safe way to do it. Everything else (locking, mutex, etc.) just seems like a workaround for the initial mistake.

So would I make the same choices (after reading a lot about Go) ? Mostly I would have to go with yes. In loops you don’t need the brackets if you have to have the curly braces, same with if statements, semicolons also seem redundant at the end of a line, so I would stick with all that. Concurrency is also an easy one, I like the way Go does it. Classes is where I would go the old fashioned way, but I might well change my mind on it, because Duck typing seems much easier for the programmer. You don’t need to figure out long class diagrams before you write the first line of code.

In short the inventors of the Go language are obviously much smarter than I am, so I’m not really surprised that they changed my mind about a lot of features of a programming language.

Umsonstkultur und Piratenpartei

by

vs Abmahnkultur und Content-Nazis ?

Heise online veröffentlichte gerade einen Artikel mit dem Titel “Kreative wenden sich gegen ‘Umsonstkultur’ und Piratenpartei” und ich muss halt auch einen Kommentar abgeben.

Es ist unbestritten, dass es sowohl eine Umsonstkultur als auch eine Piratenpartei gibt, jedoch muss man mit keinem der beiden einen Krieg anfangen, schon gar nicht wenn man nicht ganz versteht worum’s geht.

Es soll ja Leute geben die für nichts Geld bezahlen wollen, egal wie viel arbeit in deren Herstellung geflossen ist. Auch ich konnte mich zu dieser Gruppe zählen als ich mich noch im jugendlichen Alter befand. Aber ich zählte mich eher zur anderen Gruppe von Leuten, die sich einfach nicht leisten konnten die ganze musik zu kaufen die gerade neu auf den Markt kam. Zu der Zeit war aber einiges erlaubt was man jetzt versucht unmöglich zu machen und zu verbieten. Ich habe gerne Kasetten gekauft um diese Freunden zu geben, die mir darauf CDs aufgenommen haben. Ich hab das gleiche für meine Freunde auch getan. Dann hat die Musik Industrie versucht kopierschutz auf die CDs zu packen um das zu verhindern. Warum ? Gab es nicht genug umsatz ? War man vielleicht nur zu gierig ? Zur gleichen Zeit fing auch die sache mit den illegalen Musik Downloads an. Ich erinnere mich nicht wirklich an den Zeitpunkt, ich weiss nur, dass ich weit unter 18 war und es war vor der Jahrtausendwende.

Da hatten wir dann die Musik Downloads über die die gesammte Industrie klagt. Was kam danach ? Klagen. Sowohl gerichtliche als auch wörtliche. Noch und nöcher. Jahre lang. Was kam nicht ? Legale Downloads. Jahre lang….

Es schien als hätte sich die Industrie darauf geeinigt, dass man niemandem erlaubt etwas zu kaufen was er umsonst haben konnte. CDs hatten einen Kopierschutz damit man sich keine Audio Dateien auf den Computer ziehen konnte, selbst abspielen ging auf einigen geräten nicht mehr, und verkäufe von Musik Dateien gab’s auch nicht. Man war also gezwungen entweder zu klauen oder Musik nicht zu hören. Und über zehn Jahre später beklagt man sich dann immer noch, dass das wozu man die Konsumenten gezwungen hat immer noch stattfindet.

Kurze Frage zum nachdenken: Was wäre passiert wenn es iTunes gegeben hätte bevor Napster sich verbreitet hat ?

Damit aber nicht genug. Endlich hat die Musik Industrie angefangen Musik auch online zu verkaufen und verdient nicht schlecht damit. Andere “kreative” sind so kreativ, dass es nicht mal Ideen gibt die schon existieren. Filme gibt’s nur mit kopierschutz und online schon gar nicht. Bücher sind sehr schwierig zu digitalisieren und falls es sie online gibt dann auch nur mit Kopierschutz. Ich kann Filme sehr einfach illegal im Internet bekommen. Kaufen kann ich sie nicht.

Deshalb: Solange es mir unmöglich ist etwas zu kaufen was ich umsonst haben kann, kann man sich auf der anderen Seite nicht über die Umsonstkultur aufregen.

The recent password thefts

by

So with everyone talking about it I guess it’s time I add my 2 cents (without saying anything others haven’t so feel free to stop reading ;).

I am a victim myself, having my password stolen at 3 different sites (League of Legends, last.fm, LinkedIn) and I am actually fairly certain that the password was the same on all three, as was the email adress I signed up with. My wife’s LoL account was also hacked and since her email account had the same password as her LoL account it was used to send spam emails until hotmail closed it.

Obviously I’m not concerned at all about any of the accounts being compromised. Both my LoL account and my Last.fm account were throwaway accounts with no value to me at all, which is why the password was probably one of the very first that was recovered (6 letters). My LinkedIn account either had the same password, or a slightly more complicated one with 8 characters that include letters and numbers. My LinkedIn account had a little bit of personal information but also nothing that I would really be worried about being available for anyone on the internet (given that it isn’t already).

My wife’s accounts were throwaway accounts, which means a LoL account with near zero value to anyone and an email adress that was used to sign up to throwaway accounts with, obviously also without value.

What I’m trying to say here is that, as most people know, it’s impossible for everyone without an eidetic memory to have exactly one secure password (letters/numbers/special characters, or something long enough to not be hacked such as 4 different words) for every single account you create anywhere. I can not even count the number of accounts for websites, applications, email accounts, etc. that I own. Therefore, as i have said before, I use the same password for everything that has zero value to me. Years later I still know that password. I also use the same password for things that have near zero value to me (hassle of getting the account back, etc. no monetary value to anyone). I use two factor authentication for pretty much anything that has real value to me.

Now that I’ve written a whole post about how stupid I am with passwords I guess I should get to the point I was trying to make.

I have written about how to hash passwords before and it is not only sad but inexcusable how relatively big companies are handling your passwords. I think that every site that wants you to make an account would educate users on password security rather than having arbitrary rules about what needs to be in a password you pick. I think that you should have complete freedom in what you want your password to be. If you think “1234″ is secure enough for the account you’re signing up for I think you should be able to. However, I think it’s pretty retarded that some companies are saving passwords in plain text (plentyoffish used to send the password used to sign up with every email they send you…. in plain text), some companies are saving passwords with a single MD5 hash (which these days is almost plain text), and some companies are saving passwords with a single SHA-1 hash.

As this post shows it’s fairly useless to use a static hash (they didn’t even do that), since you can not look for collisions in SHA-1 anyway. To crack all the LinkedIn passwords by hashing passwords and comparing them to the hash they stole. Had a salt been used it would have not increased the time or difficulty to find out the passwords. However, even just using the username as a salt to hash the password of every user would increase the difficulty of cracking the passwords so much that it’s probably not worth it to try. To find out the passwords you would have to brute force/dictionary attack every single users password by itself, even if it just takes a minute per password they would need over 10 years to crack 6 million of them. So 6 seconds per password means a year total. Now if you don’t hash the passwords once but 500 times you would obviously increase the time to crack a password by 500 times.

A last point I want to make is that it’s fairly easy to change the method you’re using to store passwords. Assuming you have one table that stores a username and a password of every person using your site you could just add a new column to the table for the new method of storing passwords (this commentary suggests PBKDF2). Then you change your login checking function so it checks if there’s a value in the new column already and check the password against that, obviously using the new method of hashing passwords, and if it’s not, check it to the old value, calculate the new hash and immediately delete the old hash. Then depending on how often your users log in you’ll have most passwords stored securely within days or maybe weeks. You could then send an email to all of the people who haven’t logged in in a while asking them to log in, or have a flag in the DB that sends a password verification email the next time they log on, and just delete all the old hashes.

But the main question remains: I have not written anything that’s not common knowledge by anyone who’s even remotely security conscious and yet some fairly big companies just are not listening. They really should know better. We can just hope that the remaining companies that haven’t changed their hashes yet will do so in the very near future. This especially goes for people who make software for other people to use (pbpbb ???).

What not to do on your website

by

Or how to make me never come back.

Like other billions of times in the past (and I’m obviously not exagerrating) I just googled a very simple question and clicked on a link that seemed decent. And like many other times in the past I anded up on a website that I likely will not visit again, ever.

I would be willing to bet that many smarter people have already contributed to this topic, and a lot of them are more entertaining than me, but I just had to share something. There are a few very simple things that you can do to make me (and many others) never come back to your website. Quora.com just found one of them.

Experts-exchange is pretty famous for this one, and rightfully so. It seems like a basic Q&A site, but you don’t actually get to see the answers without registering. It also says you get a free trial, which makes me think that it will cost money after the 30 days. But I just never actually went to check it out because I can probably get better answers on a different site.

So now Quora.com pops up and I had never heard of the site before and is also asking me to register, or sign in with facebook. And the first thing I look for is literally the back button. I don’t spend another 3 seconds on the site checking out the features or whether or not it would be worth it. Although I do spend an hour writing a rant about it.

So since we now beat that specific problem to death, what are some other things that make me run from a website. Giant overlays are clearly at the top of the list. If you give me a full page overlay that doesn’t let me see the website there’s a good chance I’m gone by the time it finishes loading. If it’s an advertisement it’s probably even worse. Page load time finishes the trifecta. If it’s a full page advertisement that takes seconds to load I likely won’t see it because I’ll be long gone. Banners and ad blocks would be another, although fairly minor issue. If I do have to read something fairly long and I can’t focus on the text because something keeps blinking or moving on the side or top I might just get away. I do have advertising on this site, and I really wish I could tell google to only display text ads (But I would sell ad space if you have a non obnoxious ad you want to place !). And with that we have reached the obvious. If I get nauseated looking at your site I’ll probably leave, but colors and fonts aren’t actually that important as long as it’s fairly legible.