tag:blogger.com,1999:blog-58292777511113851692024-03-14T09:16:57.576-04:00Musings of a Rogue FederalistNow I ask you in all soberness, if all these things, if indulged in, if ratified, if confirmed and endorsed, if taught to our children and repeated to them, do not tend to rub out the sentiment of liberty in the country, and to transform the Government into a government of some other form. -- Lincoln, 1858Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.comBlogger126125tag:blogger.com,1999:blog-5829277751111385169.post-18739045283531874992013-11-07T09:58:00.000-05:002013-11-07T09:58:05.335-05:00The selfishness of the LeftIt's hard to escape progressives claiming that Republicans and conservatives are just a bunch of greedy rich folk who don't care about the poor, while those sweet Progressives are looking out for the less fortunate. This is especially common among religious progressives, who seem to think that the Bible commands us to take care of the poor by threatening others.<br />
<br />
One of the great things Obamacare has done for us (and really the list is quite long, but primarily as bad examples) is to show how incredibly selfish the left really is. It seems like you can open any paper these days and find a story about some poor leftist who supported Obama, and may still support Obamacare, but finds it unacceptable that <b>their</b> insurance costs are doubling. We need to help those poor people who don't have insurance, and somebody has to pay for it, but it should be somebody else.<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-36067540438997192892013-10-31T15:20:00.000-04:002013-10-31T15:20:36.429-04:00Stop with the Piecemeal Obamacare changes. Or: Why Republicans bear no responsibility for what's going wrong, but that might change.I was not a fan of the shutdown. It's not because I'm against shutting down the government. I would have been totally on board if the House had started with the strategy they ended with, and started passing small funding bills a year ago. I think shutting down the government rather than passing an omnibus funding bill just because Appropriators can't stand to pass funding for National Parks without also funding their pet constituency is a great idea. Alternatively I wouldn't have a huge problem with shutting down the government rather than raise the debt limit. If Republicans were steadfast in refusing to raise the debt limit then that's basically the equivalent of a balanced-budget amendment as was very well outlined on <a href="http://www.powerlineblog.com/archives/2013/10/memo-to-gop-if-obama-wont-compromise-dont-raise-the-debt-ceiling.php">Power Line</a>. It's admittedly not the cleanest way to get a balanced-budget, but democracy is rarely clean and we can't afford to keep borrowing a couple million dollars per minute forever.<br />
<br />
The reason I'm not a fan of the shutdown is it was done to benefit yet-another-half-repeal of Obamacare. If the Democrats were smart, it would have ended with a disastrous delay on the individual mandate. Here allow me to go off on a tangent. I have already started to hear politicians and media types saying that this is partly the Republicans fault. That's insane. The Republicans tried to get amendments introduced to change the bill when it was introduced; none of them made it to the bill. They then tried to prevent the bill from coming to a vote in the Senate: it was put through as a budget reconciliation bill so that it could come to a vote with no Republican support. They then tried to prevent passage: it passed without a single Republican vote. They then tried to repeal it when they took over the house: they failed. They then tried to delay the individual mandate: they failed. They have tried to change the rules to allow insurance companies to offer policies that were legal before the bill's passage: that has gone nowhere. It's accurate to say the Republicans have done everything they can to prevent Obamacare, but they have been utterly hapless, failing to accomplish change at every turn. To say that it's somehow their fault is to say the Democrats passed exactly what they wanted, but the Republicans didn't overcome Democrat majorities in order to force us to have something better. The only changes that have been made to Obamacare since it's passage are the ones illegally made by the President himself decreeing that certain parts of the bill just didn't need to be followed, no matter what Congress might say.<br />
<br />
So why, given that I think the whole bill is such a disaster, do I think a delay would be disastrous? Because the whole bill is a house of cards. It's, to borrow a phrase from Boehner, a crap sandwich, but it's constructed such that pretty much any single changes leaves things worse than you found it. Millions of people on the individual market are, predictably, having their coverage dropped. The exchanges are, predictably, a disaster where people may not be able to register for coverage in time. The employer mandate (this one I wouldn't have predicted) is just not being enforced by the President, despite the fact that the law plainly requires it. All of these things add up to a ton of people who are going to have to pay a tax penalty in 2014 instead of getting a refund, because they won't have insurance. So why would a delay of that be a bad thing?<br />
<br />
Because the entire insurance system could collapse if the only people who buy coverage are those that are going to need service, massively inflating the costs of coverage for next year. Because currently I can make the above screed about how every part of this mess is owned completely by Democrats and you can't do that if Republicans force through a market-destroying delay on the mandate. Because delaying the mandate for one year means people can ignore just how bad the bill is until after the 2014 elections and then find out that they're going to have to either pay a penalty or buy the new, even higher than this year's outrageous prices for insurance only after the Democrats are safely re-elected.<br />
<br />
Conservatives predicted the messes we're seeing now when the bill was first passed, but they're only the first taste of the crap-sandwich to come. Obamacare should be repealed, but only when the entire thing can be repealed. The one small change Republicans should propose is to change the subsidy such that if the whole thing collapses in the next five years (which it will) the law doesn't provide for an automatic <a href="http://www.nationalreview.com/corner/355102/plan-b-defunding-obamacare-cap-insurance-subsidy-mario-loyola">increase of the debt</a> to provide the insurance subsidy. Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-22926853883801761532013-04-12T14:26:00.000-04:002013-04-12T14:26:23.331-04:00So-Called Assault Weapons<a href="http://www.youtube.com/watch?feature=player_embedded&v=0Qt4YyUBZ5Y">Charles Cooke on Morning Joe (YouTube)</a><br />
<br />
The fascinating thing to me about this isn't the 3 progressive's position on gun control, it's that they "argue", with a straight face, that drawing a "distinction between continuous and non-continuous", thus a military M16 that fires bullets as long as you hold the trigger down and a civilian AR15 that fires one bullet per trigger pull is "meaningless". They're both "assault weapons" that are intended for combat. Put a different grip on it so your thumb can't reach between the grip and the stock, though, and it becomes a perfectly reasonable sport weapon. That's a real difference! That's what makes the military so effective, they carry weapons that allow the "web of the trigger hand [to be] placed below the level of the top of the exposed portion of the trigger when in firing position". Nobody could possibly want to stand in an ergonomically comfortable firing position when target shooting for sport, it must be for purposes of combat.<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-87567027556567676002012-12-10T16:48:00.000-05:002012-12-10T16:49:54.566-05:00Boehner should give Obama what he asks forThere are a lot of media outlets who are saying that Obama won the election, so the House should give him what he wants. These same people had no problem with the Congress not giving Bush what he wanted on Social Security reform or Reagan what he wanted on spending reform, so I think it's a bunch of opportunism. But that's not how I'm approaching this.<br />
<br />
The number one classic blunder, possibly surpassing starting a land war in Asia, and certainly going against a Sicilian when death is on the line, is agreeing to closed door negotiations reported by a hostile media. The Republican leadership should never have agreed to closed door negotiations and given their involvement should extricate themselves as quickly as possible. As Jonah Goldberg notes, watching this budget debate is like trying to follow a cricket match based only on selective leaks to a hometown press of one of the teams coming from the players. <br />
<br />
From a technical perspective, though, even if the whole thing happens in the open this cannot produce a good outcome from the perspective of Republicans in the House. I don't mean by that it can't help them politically, that's unlikely too, but not where I'm going. The perspective of the Republican leadership (which I agree with) is that the fiscal path of the United States can only be saved by massive reduction of the federal government, most especially in entitlement spending. This is one way I'm certain that the accusations that the Republicans are trying to sabotage the economy and blame the President are false. The Republicans really believe that tax increases will destroy the economy and that continued spending at 24% of GDP is going to cause a debt melt down. You can tell they believe that because that's what they do if they're in control. <br />
<br />
There are numerous reasons they can't possible get this, but most important in this context is that a failure to reach a deal will be seen as caused by intransigence on the part of the Republicans rather than the President. If John Boehner agreed to massive tax increases written by Harry Reid in exchange for a 2% reduction in Medicare spending and the bill didn't pass the press would cover it as failing because Republicans were holding the whole thing hostage for a Medicare reduction. The second major reason is that because of how taxation and budgeting works in Congress a tax increase will happen but a budget reduction is only a promise on the part of Congress that when they actually write the budget it will be what they promise it is now. I'm not sure they have ever actually followed through.<br />
<br />
So given these choices I basically see three choices for the Republicans in Congress:<br />
<br />
<ol>
<li>Negotiate strenuously, fail to get what you want, we go over "the fiscal cliff" and Republicans get blamed</li>
<li>Negotiate strenuously, get what appears to be some set of spending reductions that we'll never actually get in exchange for tax increases we will (I'm actually doubtful this is possible. My personal opinion is that the Democrats are currently sufficiently insulated from the consequences of a failure to reach a deal that they don't even need to agree to spending cuts they don't want that won't actually materialize). The taxes don't bring what the Democrats say they will and Republicans get blamed for the fiscal shambles because they didn't agree to what was asked for.</li>
<li>Get the Democrats to write a bill, have the Republicans who wanted to make a deal vote present, Tom Price and the solid conservatives can vote against it, but let it pass. </li>
</ol>
I think, as do many Republicans, that option 3 is going to cause a near catastrophic collapse of the economy within a couple of years as we either experience massive inflation from the Fed buying all of our bonds or bonds stop selling because nobody believes we can cover the debt, which is why they don't want to do it. But, under the Republican operating assumptions options 1 and 2 also lead to a near catastrophic collapse of the economy, they just give people an opportunity to say the reason it happened is that we didn't give the Democrats everything they wanted. <br />
<br />
I'll note there is a problem with this plan. I'm being extremely cynical, but I'm not sure I'm cynical enough. Option 3 presumes the Democrats would actually put down in legislative language what they say they want. If what they really want is to go over the fiscal cliff and blame Republicans for it they might not be willing to even put down a list of demands on paper for the Republicans to pass. If that's the case, though, I still think Republicans can do better damage control if they start (preferably last month) vocally asking for proposals so that they can at least claim when the press starts talking about their intransigence that they would have passed anything given to them, but they didn't have anything to pass. I don't think this would actually work, but some people might listen.<br />
<br />
<br />
I should note, the original idea for this came from John O'Sullivan in an interview he did with Peter Robinson, but he didn't go into the depth I do here. Maybe he did somewhere else but I haven't seen it.Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-1773367073424272462012-11-08T11:07:00.000-05:002012-11-08T11:07:51.425-05:00Give Federalism a chance?There's a lot of talk about yesterday's presidential election, but I don't want to talk about that. What I find interesting are the ballot measures. Here are the ones that are even mildly interesting:<br />
<br />
<br />
<ul>
<li>Three states, Colorado, Washington, and Oregon, decriminalized some for of marijuana usage as a state matter. It's still against Federal law</li>
<li>Three states, Maine, Maryland, and likely Washington, endorsed gay marriage. 31 states had previously officially rejected endorsing it.</li>
<li>Two states, Maryland and Rhode Island, extended legalization of gambling while one, Oregon, rejected it.</li>
<li>One state, Missouri, explicitly disallowed their Governor from legislating on health exchanges</li>
<li>One state, Montana, required parental notification of abortions</li>
<li>One state, California, voted to keep the death penalty</li>
</ul>
<div>
<br /></div>
<div>
I find these interesting not because of the content, but because it shows that we still want Federalism. The most interesting to me are the marijuana bills. Those states are reliable votes on federalizing just about anything, yet the actually bothered to put on the ballot and pass a measure to decriminalize something that's already against federal law. Why bother? I would bet a large percentage of the people who voted to decriminalize at the state level drug use that's still a federal crime think Missouri's rejection of Obamacare at the state level is insane.</div>
<div>
<br /></div>
<div>
But why?</div>
<div>
<br /></div>
<div>
Why must everything be a federal issue? Why can't some states have the death penalty (even for minors) and others not? Why can't some states have legal marijuana and not others? </div>
<div>
<br /></div>
<div>
I'm so tired of hearing about how horrible it is we're a divided country. I can tell you how we can stop being a divided country:</div>
<div>
<br /></div>
<div>
Let the people in Washington have their legal marijuana and gay marriage, but don't make the people in Georgia endorse gay marriages established in Washington. Let Massachusetts have their government run healthcare, but Texas stay with private healthcare. I understand that some things, even some very important things, must be handled at the Federal level. There may be serious issues with parts of Sarbanes-Oxley, but I'll admit it had to be done at the Federal level. (And, conveniently, it has to with the regulation of interstate commerce, which was already a Federal power) But huge chunks of what makes us a divided nation (Carbon emissions, health care, abortion, gay marriage, drug control, speed limits, drinking ages, the death penalty...) don't have to be national issues.</div>
<div>
<br /></div>
<div>
So if Montana and Washington State both agree that there shouldn't be one national standard, why can't we go back to not having one national standard?</div>
Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-49962797504721427452012-10-25T13:48:00.000-04:002012-10-25T13:48:26.274-04:00Bayonets and SubmarinesThe debate earlier this week contained this exchange:<br />
<blockquote class="tr_bq">
ROMNEY: Our Navy is old -- excuse me, our Navy is smaller now than at any time since 1917. The Navy said they needed 313 ships to carry out their mission. We're now at under 285. We're headed down to the low 200s if we go through a sequestration. That's unacceptable to me...</blockquote>
<blockquote class="tr_bq">
OBAMA: But I think Governor Romney maybe hasn't spent enough time looking at how our military works.
You mentioned the Navy, for example, and that we have fewer ships than we did in 1916. Well, Governor, we also have fewer horses and bayonets, because the nature of our military's changed. We have these things called aircraft carriers, where planes land on them. We have these ships that go underwater, nuclear submarines.</blockquote>
<br />
It has since come out in numerous news sources that we actually have <a href="http://blogs.wsj.com/washwire/2012/10/23/not-to-be-a-stickler-on-bayonets-but/">more bayonets</a> than in 1916, that they were used in Iraq and Afghanistan, that we used horses actively in Afghanistan, and that we had submarines in 1916 (As did the Germans in sinking some of our ships leading up to our entry into WWI).<br />
<br />
The most common response I've seen to this is that it's pedantic and misses the forest for the trees. I disagree. It would be pedantic to point out that Romney said 1917 (because by 1917 we had built more ships for WWI) and Obama would have been technically accurate about bayonets if he had also said 1917 (we drastically increased the size of the Army, and thus the number of bayonets, after entry into the war). <br />
<br />
The problem with Obama's statement isn't the minor facts, it's that he's using the minor facts to show that his knowledge of modern combat is far superior to either Romney or the Defense Review Board that asked for more ships, thus the dismissive introduction about spending time looking at how the military works. If Obama had spent the time he claims Romney needs to spend on "looking at how our military works" he would know that every one of our Marines still carries a bayonet, is trained to use them, and have used them in recent conflicts. Worse his ignorance is practiced. This isn't a line he came up with on the fly, he had prepared this response knowing that the question would be asked. He could have justified his decision to hold the number of ships down by some example of how he believes we can adequately project power with the 285 ships we have, but he didn't. He made a premeditated decision to instead portray Romney as a backwards ignoramus who is stuck in the days when we used bayonets and horses, not understanding that we still use bayonets and horses.<br />
<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-3535444046052261682012-10-17T14:00:00.002-04:002012-10-17T14:00:29.533-04:00Obama's one point planIn the debate last night President Obama accused Governor Romney that<br />
<blockquote class="tr_bq">
<span style="background-color: white; font-size: 16px; line-height: 20px;">Gov. Romney doesn’t have a five-point plan, he has a one-point plan. And that plan is to make sure that folks at the top play by a different set of rules.</span></blockquote>
<br />
I disagree with this characterization of Governor Romney's plan, but I'm more interested in Obama's plan:<br />
<br />
<ul>
<li>Special rules for the GM bankruptcy to reward politically connected creditors over senior creditors</li>
<li>Over 1200 special exemptions to healthcare rules</li>
<li>Special loan and grant deals to politically connected green energy firms, several of questionable legality (such as the subordination of the US loans to Solyndra under private loans)</li>
</ul>
<div>
<br /></div>
<div>
Who wants to have different sets of rules again?</div>
<div>
<br /></div>
Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-20413552549451297292012-10-17T10:52:00.000-04:002012-10-17T10:52:30.538-04:00Romney would have let GM go bankrupt. Obama did.In last night's debate Obama came back to one of his favorite campaign talking points: Romney would have just let GM go bankrupt. While it's true that Romney would have done so, and said he would in speeches, I'm not clear why it's interesting. GM went bankrupt and Obama supported it.<br />
<br />
The first sentence of the <a href="http://en.wikipedia.org/wiki/General_Motors_Chapter_11_reorganization">Wikipedia article </a>on the GM restructuring (which is accurate):<br />
<blockquote class="tr_bq">
<span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;">The </span><b style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;">General Motors Chapter 11 sale</b><span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;"> of the assets of automobile manufacturer </span><a href="http://en.wikipedia.org/wiki/General_Motors" style="background-color: white; background-image: none; color: #0b0080; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px; text-decoration: none;" title="General Motors">General Motors</a><span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;"> and some of its </span><a class="mw-redirect" href="http://en.wikipedia.org/wiki/Subsidiaries" style="background-color: white; background-image: none; color: #0b0080; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px; text-decoration: none;" title="Subsidiaries">subsidiaries</a><span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;"> was implemented through section 363 of </span><a href="http://en.wikipedia.org/wiki/Chapter_11,_Title_11,_United_States_Code" style="background-color: white; background-image: none; color: #0b0080; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px; text-decoration: none;" title="Chapter 11, Title 11, United States Code">Chapter 11, Title 11, United States Code</a><span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;"> in the </span><a class="mw-redirect" href="http://en.wikipedia.org/wiki/United_States_Bankruptcy_Court" style="background-color: white; background-image: none; color: #0b0080; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px; text-decoration: none;" title="United States Bankruptcy Court">United States Bankruptcy Court</a><span style="background-color: white; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;"> for the </span><a href="http://en.wikipedia.org/wiki/United_States_District_Court_for_the_Southern_District_of_New_York" style="background-color: white; background-image: none; color: #0b0080; font-family: sans-serif; font-size: 13px; line-height: 19.200000762939453px;" title="United States District Court for the Southern District of New York">Southern District of New York</a></blockquote>
<br />
There are serious questions surrounding how the bankruptcy was handled. For instance whether TARP repayments could legally be used to bailout automakers, or whether the Federal government actually has the power to subordinate higher priority creditors in order to make sure that union pensions continue to get funded, but Romney and Obama agree that the whole thing should be handled through Chapter 11. We know that because Romney said so and Obama handled it through Chapter 11.<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-26148475050533612552012-09-18T10:55:00.002-04:002012-09-18T10:58:45.898-04:00My Dream CabinetI've been thinking lately about what cabinet members I'd like to see in a Romney administration. I'll first note that I'm not that worried about the Senate. Obama has already demonstrated that you can make recess appointments while the Senate is actually in session, so Romney should be able to just make them all as recess appointments his first weekend.<br />
<br />
Secretary of State : John Bolton. <br />
Secretary of the Treasury : Thomas Sowell<br />
Attorney General : Andrew McCarthy<br />
Department of Defense : ???<br />
<br />
<br />
The rest of them I'd prefer to just get rid of, but I'd love to see comments on good candidates anyway.<br />
Also, it's not a cabinet position, but I'd love to see Ann Coulter as Press Secretary.<br />
<br />
Oh, forgot one:<br />
<br />
Secretary of Homeland Security : Bruce SchneierChristopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-78601760031768168332012-08-15T10:50:00.001-04:002012-08-15T10:50:50.741-04:00More debate debatesA <a href="http://www.capitalnewyork.com/article/politics/2012/08/6441310/actually-lets-not-debate-simpson-bowles-nadler-says">story</a> came out late yesterday that a group of Democrats had written the "Commission on Presidential Debates" requesting that they not bring up the Simpson-Bowles recommendations in debates. This evidently comes after a group of Republicans had written requesting they ask specifically which parts of Simpson-Bowles they agree with.<br />
<br />
I have thoughts on whether or not the National Commission on Fiscal Responsibility and Reform (the formal name of the Commission Obama put Simpson and Bowles in charge of) is actually relevant in the Presidential debates, but that's not my real issue here. My real issue is that a private corporation initially established by the heads of the parties is accepting suggestions from individual congressmen on what the American people should or should not hear about during the Presidential debates.<br />
<br />
Can we not get back to a format where candidates lay out their own cases and try to rebut the other side without the circus of 3 debates plus 1 vp debate, one of which is a "town hall" where questions are selected by a biased, but supposedly impartial, selector from the general public, all moderated by biased, but supposedly impartial, journalists?<br />
<br />
Mr. Lincoln, do you prefer boxers or briefs?<br />
Mr. Douglass, you have setup land grants to favor railroad expansion in Chicago. As President, will you continue to support the railroads?<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-64019885875132862192012-08-14T22:16:00.001-04:002012-08-17T17:57:14.975-04:00Traffic Shaping, part 2A few days ago I <a href="http://blog.ccraig.org/2012/07/traffic-shaping-or-chance-to-show-off.html">bragged</a> about my beautiful flow control on my home network. Things were much better than before, but they weren't as good as I thought.<br />
<br />
Backups hummed along at 95% of max line speed and interactive traffic usually responded in a half second or so. But not everything was well in the Federalist household. You see sometimes in the evenings if the kids are good we have "screen time." When this happens my wife usually watches something on Hulu on her laptop, some of the kids watch Netflix on the Wii, and others might watch YouTube on a desktop. When that happens everything pauses and has to wait to buffer and interactive latency shoots up to an unacceptable 2-3 seconds. This vexed me so I went into my router looked around. Problems, but no obvious solutions. The backup traffic is way over its allocated bandwidth and the normal traffic is nowhere close to its allocated traffic. Traffic shaping is supposed to fix this, and in my testing it did. So I did what any geek would do, I started noodling with stuff. Raise txqueuelen on the vlan. Lower txqueuelen on the vlan. Raise it on the physical device. Lower it on the physical device. Change burst lengths on the classes. Nothing helped.<br />
<br />
Then I started Googling and found the answer. I consulted probably a dozen sites on using Linux traffic shaping before I wrote the first script, but they all missed something critical. They said to measure your bandwidth with different sites and figure out what your actual upstream bandwidth is and use that as your cap. <br />
<br />
Your DSL company provisions <b>exactly</b> the bandwidth they said. I know, you've never gotten within 90% of the advertised bandwidth. I haven't either. That's their fault, but it's not because they're lying, it's because they're inefficient. And only when you understand exactly how can you traffic shape DSL properly.<br />
<br />
The maximum length of a TCP/IP packet on an ethernet frame is 1500 bytes (excluding jumbo frames, because they don't apply here.) Ethernet sticks a 14 byte header plus some padding on that, but Linux's traffic shaping modules are clever enough to figure that out, so you don't have to worry about it (which is why if you watch your stats, even if you set your max well below the capacity of your line you can never sustain it). But DSL is actually PPP, so it sticks another 8 byte header inside the ethernet frame, lowering the max per packet to 1492 (but not the size of the transfer). It's actually potentially worse than that because there could be other information stuck either inside or outside the ethernet packet but this isn't really the cause of the problem, and it's virtually impossible to get your DSL provider to tell you what the DSL packet really looks like, so I'll pretend it's just 8 bytes.<br />
<br />
So you have 1492 bytes being transmitted from your router and 1500 bytes leaving the modem. But DSL isn't ethernet. It's being carried over the same line that carries the voice traffic, and that uses ATM. So that the small packet voice traffic doesn't have to compete with huge data packets, ATM uses fixed 53-byte cells with 48-bytes of payload.<br />
<br />
So we take our 1514 bytes (1500 plus the ethernet header) and divide it into 31 cells of 48 bytes (with 5 byte headers) and one with 26 bytes (padded to 48 bytes, with a 5 byte header). Now our router sent 1492 bytes in data (which it counted as 1492+14), which takes up 32*53=1696 bytes. Meaning we get to use about 88% of the bandwidth outbound from the modem. This is where those numbers from our speed test came from.<br />
<br />
But that's the <b>maximum </b>length of an ethernet frame (which also happens to be the easiest thing to speed test with). What about the minimum? The minimum TCP/IP packet is 20 bytes for the IP header plus 20 bytes for the TCP header and no payload for 40 bytes. This happens to be what an ACK looks like, which happens to be pretty much the only thing you send back to a streaming video provider while you're watching a video. When we packetize that for DSL/ATM we take 40 bytes, add an 8 byte PPP header and a 14 byte ethernet header for 62 bytes. Then we divide that up into one frame of 48 bytes and one frame of 14 bytes, each with a 5 byte header. So our router counted our 40 byte packet as 54 bytes, but it really took 106. That means every single ACK that netflix, hulu, youtube, etc. are throwing takes twice as much DSL bandwidth as the router accounted for. You don't notice this normally because ACKs are small and they're only sent roughly once per round-trip-time to the other side (on DSL, over 100ms) so on a single connection we're talking maybe 10kbits per second. With multiple continuous downloads (which is what streaming video looks like when observed as raw bandwidth) we're adding 40k, but counting it as 20k. Again, this wouldn't normally be a problem, but we were letting the low priority traffic use all the available bandwidth so now suddenly we're asking the DSL modem to send 400k per second on a 384k link and it's throwing stuff away randomly, causing retransmits and latency and all that stuff we were trying to avoid.<br />
<br />
So we could fix this by lowering the bandwidth cap on the router to half our provisioned bandwidth. It would be obtuse beyond belief, though, because then on large packets that make up most of our bandwidth by volume we're wasting half the already small pipe. It ends up linux comes to our rescue again. The htb qdisc (which I was already using) or the stab function on traffic control (which isn't available on the version of OpenWRT I'm using) provides both for a way to add additional overhead to the packet and to even to account for waste on different frame sizes later.<br />
<br />
So now I have a new <a href="http://ccraig.org/blog-media/firewall.outbound">script</a> that provides a full 384kbit outbound but sets "overhead 8" and "linklay atm" to tell linux how the DSL modem is going to mangle the traffic. I've also gotten rid of the Wii rules and replaced them with a rule that just prioritizes all ACKs, which I suspect will give me high priority streaming video without having to actually identify streaming video (and as a bonus keep downloads downstream bound instead of upstream). I'm sure I'll find faults with this, but in my testing it performs beautifully. Even with uploads running at 97% of capacity I'm seeing latency numbers that look like an idle pipe.<br />
<br />
EDIT: This ended up not working out as well as I want, so I ended up upgrading the router to kernel 2.6 and using the stab function to recompute packet size on enqueue and it's worked out fantastically. In my test last night I was running netflix, hulu, and youtube simultaneously on three different computers while running an unrestricted upload with the bulk traffic flag set. None of the videos paused at all and latency on ssh traffic was about 5% above an idle link. I've updated the script above to the new 2.6 one.<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-17521452633052071012012-08-07T21:04:00.002-04:002012-08-07T21:28:55.855-04:00Passwords or "You're not paranoid if they're really out to get you"After writing my <a href="http://blog.ccraig.org/2012/07/disaster-recovery-and-business.html">first</a> <a href="http://blog.ccraig.org/2012/07/bcdr-part-2-or-why-i-left-time-machine.html">two</a> posts on backups I was wondering if I was overly paranoid having not just a primary and backup storage, but primary and three separate backups. <a href="http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/">This story</a> convinced me I'm not. The writeup is excellent and you should read all of it. I'll wait.<br />
<br />
This is an excellent example of why you shouldn't trust somebody else's security model even to be what they claim it is. If you have the either the account and password for a CrashPlan account or access to the system itself, you can delete all its CrashPlan backups. These particular hackers don't appear to have cared what was actually on the laptop they were deleting, but I feel a whole lot more comfortable having a semi-recent copy of my data offline and recoverable even if CrashPlan's security is compromised.<br />
<br />
I'll note, this is not a screed against CrashPlan's security. As near as I can tell it's about as good as anyone else's. I would have required a separate authentication on the system to delete the backups from the cloud (and no, setting "require account password to run CrashPlan desktop" is not sufficient. I've set that and turned the network off, it's authenticating against a locally stored hash which means it can be bypassed using the locally stored credentials), but even if it were implemented exactly how I want, I still wouldn't trust it.<br />
<br />
The author concludes "<span style="background-color: white; color: #333333; font-family: Arial, Verdana, sans-serif; font-size: 14px; line-height: 20px;">My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing." </span><span style="background-color: white; font-family: Arial, Verdana, sans-serif; font-size: 14px; line-height: 20px;"> </span><span style="background-color: white; line-height: 20px;"><span style="font-family: Times, Times New Roman, serif;">I disagree. The problem isn't password-based security mechanisms. </span></span>Brute forcing a password is a terrible way to hack an account. Even a <a href="http://xkcd.com/936/">weak password</a> would take days on a badly configured service. A horrible password (say a dictionary word, a single digit, and a single special character from the top row of the keyboard) would take 8 hours at 10 attempts per second, which ought to prompt any reasonable service to go into lockdown. The problem is with the non-password methods we've developed to make resetting your too-secure password easier.<br />
<br />
Apple's security failings are unforgivable. Maybe ten years ago I could forgive Apple for using the last four digits of a credit card as some sort of secure PIN. If they used the full number I would think it unacceptable, but forgivable. Pretty much every modern system prints the last four as an insecure verification. The reason Apple used the last four digits is that Payment Card security standards don't let them publish the entire number outside the secure area. In other words, the full number is important security information, but you can publish the last four digits to your customer service personnel because they're not sufficiently identifying to pose a risk to the customer's identity. But if they're not sufficiently identifying enough to compromise the customer's identity by publishing them, why does Apple think they're sufficiently identifying to give away the user's account? Apple's posture is that you have a password for your account, but if you don't have that they'll take your less secure "security questions", and if you don't have those they'll take a matter of public record and a number that's probably printed on a dozen receipts you threw in the trash or left in the gas pump. Amazon's is worse from an authentication point of view, but not as comprehensive. You don't need to authenticate yourself at all to add information to the account, and that information can be used to authenticate yourself afterwards. These are both absolutely boneheaded setups that should have been caught immediately.<br />
<div>
<br /></div>
I currently consider Google the Gold Standard for current internet security. ING actually has more security and I want to consider it first. A quick perusal of the mint.com forums will show you all sorts of people trying to bypass ING's security system. ING requires security questions just to get to the password entry dialog if you're at an IP they don't recognize, they only accept numeric passwords (because they're less likely to be your wife's name) and they have a custom interface for entering them that makes it basically impossible for a browser to cache it. I don't mind this for my bank account, but it would be extremely annoying for the Photoshop user forum. (I, in fact, think autocomplete disabling is vastly overused) I've forgotten my ING password before; it doesn't matter if you know your security questions, they won't even ask. They snail mail you a new password to your registered mailing address in a completely nondescript envelope that doesn't even say ING on it. This takes days, but you have to admit it's a lot harder to surreptitiously sort through a victim's USPS mail than it is to guess their first car (and it has the side benefit that going through somebody else's mail is a felony even if they fail to actually take over your account).<br />
<br />
The problem with this, like most information security problems, is that people are willing to trade security in the abstract for convenience in the immediate. Only the most computer savvy are going to be as forgiving as Mr. Honan and say "shame on me for poor security" when they lose all pictures of their kid, but they're not going to use an email service that locks them out for a week when they forget their password, either. My problem with Amazon and Apple isn't that they weren't up to ING's level of annoyingness, it's that they made it impossible to be secure.<br />
<br />
As I said before, Google is probably the best at this. The interesting thing about Google is that they know almost nothing about you (yeah, I know, Google knows <b>everything</b>, but when you set up your account they didn't ask for a mailing address, a credit card, or even your real name) but they realize that you probably use your Google account for a lot of stuff and you might use your Gmail address for password recovery on various things, so it's important that they not give away your account. It's sort of ironic that the goal of the Amazon and Apple hacks were to get to a Google account. Amazon and Apple both knew vastly more about him than Google. They could, like ING, have paper mailed reset credentials to his billing address, but they were the entry point because they were far easier to nuts to crack than Google. And if he had had two-factor on Google they would have been insufficient. The vandals could have ordered thousands of dollars of merchandise, but they couldn't have gotten into his email.<br />
<br />
Google basically has two levels of security. With the default level of security you login with a only a password. With two-factor security there is additionally a smart-phone app that generates time-based tickets and a sheet of paper with backup tickets in case your phone dies. When you setup your account they ask you for up to three ways to retrieve a lost password: a cell phone, an email, and a security question (which you can choose). If you have two-factor authentication you have to enter a code from either your phone or that piece of paper to execute a retrieval (and the phone doesn't count as a retrieval option). If you can't do this then they make you go through a drawn out process of answering questions based on the contents of your account, preferably from an IP from which you have used gmail in the past. Despite all this, they should still be better. When I got back from a business trip to RedHat's headquarters recently I had notices in my inbox that Google had noticed suspicious source IP's logging in while I was away (from RedHat's headquarters). If Google were suspicious of the fact that a reset request was coming for Mr. Honan's account from an IP he had never used they could have prevented his Google account from being taken over (though the most important damage, at Apple, would already have been done). <br />
<br />
So what lessons can we draw from this?<br />
<br />
For companies:<br />
<ol>
<li>State why you use security questions. I care whether you're like ING and you might need a security question to access the account from an unknown location or if you're just using it for password resets. Offer reasonable suggestions for them ("What year and model was your first car?" versus something more likely to be on the internet like "What's your pet's name?") but allow the user to type in his own. I usually make this random gibberish, because I'd usually rather destroy an account than have it compromised, but if I set one I want it to be extremely complicated. "What's your 10th grade math teacher's last name and the name of the street where you lived in 1995?" Don't require them, but make it clear that it's going to be a pain to reset a password without them.</li>
<li>Preferably require <b>both</b> the security question <b>and </b>a retrieval email to reset the password. Ebay does this. I'm much more comfortable with you sending a password reset to my registered email after I've entered the model of my first car than only one of them.</li>
<li>If somebody doesn't know their password <b>and</b> can't access the standard retrieval mechanisms, be very suspicious. They've already gone a long way to proving that they're <b>not</b> who they're claiming to be; don't trust them just because they know a billing address or a matter of public record (cough, <cough>Apple)</cough>. There was a comment on the original article that somebody was really happy with Amazon that they reset his AWS password with only his billing address after he forgot his password and entered gibberish as his security code, but in retrospect he's pissed. He should be. It <b>should</b> be hard to recover a password if you don't have the recovery options. My preference would be send them a password reset via USPS to their registered mailing address. If you don't have a credit card on file use a human to process it (Apple and Amazon both did this) and require something that only the account owner would know (neither Apple nor Amazon did this) the list of folders in your email, for instance.</li>
<li>Track where your users login from. Treat logins from unusual locations differently. This doesn't necessarily mean deny them, but certainly be suspicious. If somebody is trying to read their email from Nevada when they're usually in South Carolina, they might be on a business trip. If they're trying to change the shipping address on a package and reset the password on the account, maybe you should require more authentication from them.</li>
<li>Don't disable credential caching. This is controversial and I'm somewhat torn about it. I realize the number of browser based attacks out there, but lets face it the options for your average user isn't a super-secret password they cache in their browser or the same password they remember. If you're lucky it's a decent random password that gets cached or the same password they use for their schnoodle owner's forum (which happens to be "schoodle07" because they got their schnoodle in 2007). </li>
</ol>
<div>
For users:</div>
<div>
<ol>
<li>All the normal stuff about good passwords and bad passwords. A good password is complicated, random, and only used once. "d1pU{x,0D.2," is a great password if you're going to store it in your browser's credential's cache anyway, "gawkier729'acted" is almost as good and easier to remember if you're going to be typing it in. (Well, actually they're both horrible, because I already used them, but you get the idea.) </li>
<li>If you're asked for a security question, understand how they're going to be used, preferably by testing it, and set it to random gibberish if it's sufficient to reset your password. As I said above in #2, I'm good with a security question being required to send a retrieval email. I'm not okay with me having to enter a 30 character password every time I login when the actual security of the account is limited to around 300 <a href="http://en.wikipedia.org/wiki/List_of_automobile_sales_by_model">models of cars</a> I could possibly have owned as my first car (assuming a Ferrari is really a valid first car). To get a feel for just how insecure that is, there are 46 normal keys on a keyboard (26 letters, ten numbers, ten punctuation marks) which shifted gives you 92 possibilities. Which means a <b>2 character</b> password (92**2) is about 30 times more secure than all models of car ever made. Last names fare a bit better, but you're still well under 3 characters worth of entropy. Luckily most sites use email recovery instead of questions.</li>
<li>Your bank account password is not the most important password you have, the email account for your bank account's reset is. The author of the original email recommends this be a distinct email. I'm not sold on that: if you do that and don't check it then you don't get reset notices which is just as problematic, plus since places like Amazon use the primary account email for resets you also don't see notices that something has been purchased on your accounts. What is completely necessary is making sure that the account to which your recovery passwords are sent is completely secure. That means it needs a hard to guess password that's not used anywhere else, a recovery email that's just as secure, recovery questions that are impossible to figure out from public record, and be somewhere where they're not going to give it away without cracking that.</li>
<li>The login for your various accounts should not be identical to your primary email address. There's really no reason for you to use your primary email address for your Amazon account. Gmail (and some other email providers) gives you the option of appending random strings to your email address and still having it delivered just like normal email (in fact, it's easier to filter this way). If your email is joebob@gmail.com, your Amazon account can be joebob+mnhq@gmail.com and it will go to your gmail account just like normal, your browser will most likely just cache it, and it's much harder for somebody to get Amazon to reset your account because they now have half a million email addresses to try (26 letters to the fourth power. This is not true if your Amazon account is joebob+amazon@gmail.com. That's better than joebob@gmail.com, but only maginally) This has the side benefit that when somebody sells your address to spammers they likely aren't smart enough to figure this out so you can figure out who it is by what suffix they used.</li>
<li>Don't trust anybody else with something you can't recover if they screw up. That's how I started this. I read an article a while ago about some hacker who was supposedly just a system or so away from hacking computers with nuclear launch capabilities. I was horrified that a system with nuclear launch capabilities was internet connected. I would never willingly allow a company to remotely take down my desktop and I do my best to secure it, but I'm smart enough to know that if it's connected to the internet, it's open to attack. The copy of it sitting in a drawer is a great deal harder.</li>
<li>Don't trust Apple, at all. This may seem unfair but this isn't a normal hack. It's a major, fundamental flaw in their entire user security posture. You might think I'm being unfair in not giving Amazon the same treatment, but I'm not. I went into Amazon after this and tried to ship to another address using my current credit card. You can't do it. Amazon was boneheaded, and they should fix it, but the extent of the compromise is that they gave out the contents of his Kindle and what every gas station prints on your receipt. Apple gave away the contents of an email account and allowed a hacker to erase a laptop using only information printed on that gas station receipt.</li>
</ol>
</div>
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-2196379332370019152012-07-31T08:19:00.000-04:002012-07-31T08:19:10.943-04:00Traffic Shaping (or a chance to show off my Visualization Porn)On Friday I had some spare time so I rebuilt my home traffic shaping to better support my online backups. CrashPlan has three features that are really nice for not totally annihilating your home network while it's doing online backups. These each have their pros and cons.<br />
<br />
The first is you can only run backups at certain times (e.g. when everyone is asleep anyway). There are two problems with this: 1) Sometimes either me or my wife wants to watch Netflix at 3AM. And 2) If I just got back from vacation and have 20GB to backup (not unheard of) it's going to take a week running full-bore all the time. Cutting this back to 6 hours a day is going to make it take a month.<br />
<br />
The second option is to limit the outbound bandwidth. This is what I had been doing (and, in fact, what I had been doing with my home-grown online backups before using crashplan). You can limit to using say, 2/3 of the upload pipe and then you're only adding 1/3 of the time to backup and most things work normally all the time. The problem with this is that once you start using the rest of the upload pipe the internet stalls and nothing works.<br />
<br />
<br />
<img src="https://docs.google.com/spreadsheet/oimg?key=0Ar5tWW0v_RObdEpmT3dkZUhFd3dlWFFUOUJIN1ZiOFE&oid=4&zx=vjmagdmgodc3" width="100%" />
<br />
Lets say I have a 300kbps upload (Yes, I know I could do better, but I generally don't need better, I'm cheap, and for the purposes of this example it doesn't matter. If I had 100Mbps upstream I could fill it.) and I have CrashPlan limited to 200kbps. I then start doing something that requires around 70kbps of upload space. Things are still working fine. Then at the 10 minute mark something starts an upload (lets say I've decided to print some pictures to Costco) that requires another 100kbps. Backups will reduce their usage a little because of the packet loss, but the internet is now completely unusable. (Don't worry, that's not the visualization I teased about)<br />
<br />
I could, of course, combine the above two options and only run at 2/3 of the bandwidth only during off course, but then backups would take forever.<br />
<br />
The third option is that CrashPlan can set the IP ToS field on your backups. By default this doesn't do anything. I have an OpenWRT router sitting just inside my DSL modem and in theory it handles interactive traffic first, then unflagged traffic, and lastly high-bandwidth traffic. In reality, though, the outbound network from the router is 100Mbps so it just throws everything down the 100Mbps network until it overflows the DSL modem's outbound buffer and then the DSL modem throws things away randomly without consulting the ToS.<br />
<br />
The solution, then, is to force the router to shape the network. You can see my config <a href="http://www.ccraig.org/blog-media/firewall.outbound">here</a>. I started by classifying outbound traffic on my network into three categories:<br />
<ul>
<li>Interactive -- traffic with the "lowest latency" bit set in the IP ToS. This is mainly ssh traffic (including ssh traffic within my VPN back to work). When I'm working on some remote system I want as little latency as possible</li>
<li>High Volume, Low Latency -- currently google voice and video chat. I'd like to add netflix, but it's hard to identify. This is stuff where reducing the bandwidth considerably could drop the connection</li>
<li>Normal -- everything that didn't get categorized</li>
<li>Bulk -- traffic with the "highest bandwidth" bit set in IP ToS. This is (that I know of) CrashPlan, scp, and rsync over ssh</li>
</ul>
<div>
<br /></div>
<div>
Next I used HTB to set up "token buckets" for each class. Interactive gets 50k (which it will never use), High 100k, Normal 100k, and bulk 20k. After all classes are serviced any bandwidth left (up to 330kbps, which is artificial, but close to my real max) gets handed out in priority order (interactive, high, normal, and then finally bulk, though bulk is rate limited to 95% of the connection). <br />
<br />
Finally, I setup Stochastic Fair Queueing under each class so that even within a class a single connection couldn't shut everything else down.</div>
<div>
<br /></div>
<div>
Having set this up on Friday, I got a chance to test it on Saturday when I got called in to do a bunch of work while on a video conference. I ended up running backups (with no internal rate limit), a video conference, a photo upload to Costco (gratuitously), and an interactive login to my work machine and I had about 500ms delay in my typing for work. Then I got the idea to keep stats on it and that's what generated my Visualization Porn:<br />
<br /></div>
<div>
<a href="http://www.ccraig.org/blog-media/chart.html"><img src="https://docs.google.com/spreadsheet/oimg?key=0Ar5tWW0v_RObdEpmT3dkZUhFd3dlWFFUOUJIN1ZiOFE&oid=2&zx=l00l14elmyzb" width="100%" /><br />click for big</a>
<br />
<br />
Left is kbits, bottom is minutes elapsed, sampling is every 5 seconds. I've done some mangling of the high data because Google Video chat is a UDP service so instead of self-scaling like everything else the router just dropped a bunch of its packets on the floor and the numbers I was collecting were for packets enqueued, not packets actually sent, but for the most part this is just a stack of the four values.<br />
<br />
<br />
What's going on here is that at around 20 minutes I started the video conference; when I did that, the high class started using all sorts of traffic, but the bulk stream dynamically resized to keep total network usage constant. I don't know what happened at 40 minutes, but you can see that the higher-priority video stream had to reduce its bandwidth to make nearly 100k available for normal traffic. You can also see I did an upload at around 157 minutes (the green area), which got to use the full 300k. <br />
<br />
I'm quite happy with the ability of the more interactive sessions to take place with so little latency, but I'm almost as impressed with the rate backups scale back up. Except for the dip at around 30 minutes, the network was 95-100% utilized the entire sample period, despite massive and rapid shifts in bandwidths for particular services.<br />
<br />
As I type this my backups are humming along at 288kbps, my wife is watching a Netflix movie, and my interactive traffic has no noticeable lag at all. Traffic Shaping is a beautiful thing.<br />
<br />
<br /></div>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-63191599628805424902012-07-20T14:08:00.003-04:002012-07-20T14:08:49.077-04:00BC/DR (Part 2): Or, why I left Time MachineIf you read my last post, it might surprise you to find I'm in the process of abandoning Time Machine. I still think Time Machine is a great product. In fact, I not only think it is vastly superior to what's probably the most common "backup" mechanism: RAID, and the even more common lack of a backup at all, I think there are areas where it outshines pretty much every other backup system out there. Specifically, if you boot a Mac off of a Mac install disk, it will ask you if you have a Time Machine backup you want to restore and just do the restore work for you. I don't know of any other consumer backup solution that has a bootable restore procedure and it's getting to be impossible to find an enterprise solution that can do this. It's almost impossible for me to overstate how much this lowers your RTO. <br />
<br />
Steps to restore from a backup with Time Machine:<br />
1) Install replacement hard drive and stick OS CD in drive<br />
2) Hit "Yes, I want to restore from Time Machine" in boot.<br />
3) Done (I should note I haven't tried this)<br />
<br />
Steps to restore from a backup with pretty much anything else:<br />
1) Install replacement hard drive and stick OS CD in drive<br />
2) Install OS<br />
3) Probably install OS patches since your CD is too out of date to run backup software<br />
4) Install backup software<br />
5) Do restore<br />
6) Fix all the stuff that's now broken because the restore libraries aren't compatible with the OS libraries the restore was missing<br />
<br />
But for all that, the Pro/Con matrix on Time Machine is still slanted heavily Con for me:<br />
<br />
<h4>
Advantages of Time Machine</h4>
<div>
<ul>
<li>Backups are stored as normal OS files and thus can be read like normal files</li>
<li>Backup/restore software comes with OS, so there's no separate install and restore is extremely easy</li>
<li>Setup is nearly trivial, restore is easy and well segregated. Even respects OS permissions and allows non-admin users to self-restore</li>
<li>Self maintains versioning and cleanup</li>
</ul>
<h4>
Disadvantages of Time Machine</h4>
</div>
<div>
<ul>
<li>Only runs on Mac</li>
<li>You can't change the retention policy</li>
<li>De-duplication is done at the file level, not the block level, so if you import 30G of HD video into iMovie and then change the event names (which changes the folder names), Time Machine will create brand new copies.</li>
<li><span style="background-color: white; font-size: large;">It can't verify a backup is correct, and if one isn't correct, it can't fix it.</span></li>
</ul>
</div>
<br />
My home system has been running Time Machine for 2 years. I just went and ran <span style="font-family: 'Courier New', Courier, monospace;">diff -qr </span><span style="font-family: inherit;">between the current filesystem and the last Time Machine backup. There are several files with different contents and a couple of monitor profiles from May of this year that are missing. None of these particular files are the end of the world, but the problem isn't that these files have incorrect versions, it's that they've managed to keep inaccuracies for months and I didn't know. Not even that, now that I know it's wrong the only way for me to fix it is to modify the real files so that it will catch the change. There is no command to have Time Machine scan the entire filesystem and compare what's there to what it thinks is there. This, to me, is a deal killer.</span><br />
<br />
<br />
The system I'm currently building has three parts:<br />
<br />
<ol>
<li>complete, bootable copy of my main hard disk in a USB/SATA enclosure. In this case I'm particular about the disk. It's the same as the actual main disk, so if it were removed from the enclosure it could be a drop in replacement for the real hard disk.</li>
<li>second internal disk with a local CrashPlan backup</li>
<li>CrashPlan+ backup to the cloud</li>
</ol>
<br />
This is a relatively expensive strategy (about $150 up front for the disks plus $3 per month for cloud storage), but it gives me several things:<br />
<br />
<br />
In a disk or total failure, I have a bootable, reasonably recent image. This speeds up recovery tremendously. Except for a total, catastrophic, and immediate failure while I'm updating the USB backup, I should only have a gigabyte or so to fetch from a real backup (either local for a disk failure or the cloud for a catastrophic one). Let's say the house burns down. My recovery procedure is to go to work and fetch my USB disk, build a new computer around it. Boot, then recover the rest from CrashPlan. RPO: nearly immediate. RTO: about long as it takes to get a replacement computer.<br />
<br />
<br />
I'm not trusting the cloud. CrashPlan+ is cheap for online backup (about $3 per month), but I don't trust it. Lets say CrashPlan loses my backups while my house is burning down. Admittedly, this seems unlikely, but I've seen reports from most of the cloud services that data has been lost for some small number of users. My recovery goes back a couple months (more recently if I've dumped a bunch of pictures in and felt like I needed a backup). RPO: a couple months. RTO: getting a new computer.<br />
<br />
<br />
I'm not trusting a disk that's offline. Like above you can generally trust a disk sitting on a shelf, but you never know for sure until you actually run the restore, which is too late if it's failed. If I lose the disk entirely I have to rebuild from install DVDs and then get the data from crashplan (which is $150 to have them ship it to me on a replacement disk). RPO: immediate. RTO: get a computer plus a day or so.<br />
<br />
I'm not yet committed to this and would certainly accept suggestions on better or cheaper ways to do it. I insist at least on having a bootable copy, preferably offsite and a recent snapshot, also preferably offsite.Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com3tag:blogger.com,1999:blog-5829277751111385169.post-77165299702234685602012-07-20T09:37:00.000-04:002012-07-20T09:37:24.753-04:00Disaster Recovery and Business Continuity (part 1)This has been entirely a political blog lately, but that's more because I haven't really had any personal stuff to relate than because it's really intended to be purely a political blog. Today, though, I want to relate something that might have a more immediate impact on people's lives (and that happens to relate closely to my profession): computer backups.<br />
<br />
A decade and a half ago it was bizarre beyond belief that I backed up my personal computer. These days it's still probably the minority of people who actually backup their computer, but most people at least think it's a good idea. Even among people who have backups, though, most of the strategies aren't that well thought out. For instance all major desktop OSes these days support RAID out of the box, so I wouldn't be surprised to find that there's a significant percentage of people who are relying on a disk mirror (two disks that get written simultaneously) for backup. If you're doing that then you're probably never going to lose all your data (as opposed to your next door neighbor who just has one disk. He's probably going to suffer complete loss at some point) but you have a badly designed system for a desktop.<br />
<br />
RAID is not a substitute for a backup. If the server gets hacked or somebody accidentally removes stuff that needs to be there or the stars align just wrong and bad data gets copied to the good disk, you're still up a creek. So server admins also make backups. And they ship them offsite in case the whole building gets destroyed.<br />
<br />
Now maybe that's too much work for a home user. After all, if your whole house burned down the last thing you're going to be thinking about is recovering your family pictures from two years ago, right? Hmm, I don't know about you, but if I could take one thing out of my house it would be my family pictures. So why not do it now so that we don't have to worry about it while it's burning down?<br />
<br />
There's two things you need to know about Disaster Recovery (DR) planning:<br />
<br />
Recovery Point Objective (RPO) - How far back from an "event" (computer being destroyed) do we have to go on recovery. <br />
<br />
Recovery Time Objective (RTO) - How long does it take to get back up and running. <br />
<br />
I'm going to consider three scenarios for computing our efficacy: File deletion, Single Disk failure, and Total and Catastrophic failure (house burns down). Let's take a simple RAID first:<br />
<table cellpadding="3">
<tbody>
<tr><th>File</th><th>Disk</th><th>Total</th></tr>
<tr><td>no recovery</td><td>RPO: immediate<br />
RTO: immediate</td><td>no recovery</td></tr>
</tbody></table>
<br />
As you can see, RAID is very well situated to handle a disk failure, but if you accidentally deleted all the pictures you took in 2008 when you meant to delete something else you can never recover. <br />
<br />
Another strategy would be to get a USB disk, make a copy to it every week and store it in your office (assuming that's not your house):<br />
<br />
<table cellpadding="3">
<tbody>
<tr><th>File</th><th>Disk</th><th>Total</th></tr>
<tr><td>RPO: one week<br />
RTO: one day</td><td>RPO: one week<br />
RTO: one day</td><td>RPO: one week<br />
RTO: time to build a new computer</td></tr>
</tbody></table>
<br />
<br />
As you can see in this case making a copy of the disk and sending it offsite every week causes us to lose a week's work (or irreplaceable pictures if we've erased our memory card) but as long as we know the drive is good when we send it offsite we at least have a backup, even if our house burns down we can recover.<br />
<br />
One backup strategy you'll encounter, which I actually like, is to get two external disks with firewire/eSATA/Thunderbolt enclosures (not USB, you want fast) and swap them in and out of a mirror while keeping the other one offsite. This gets you the best of both of the above, but it still has a fatal flaw: it's unbelievably annoying to truck disks back and forth and thus isn't really going to happen.<br />
<br />
For a long time I used a RAID on my home disks and a set of TR-3 tapes and later CDs for offsite backups, which is sort of like this. It took about 10 CDs at the time and I managed to actually make a backup maybe once a year. I had a process for building incrementals so I didn't have to do the full backup all the time, but I still never remembered to make one.<br />
<br />
When I switched to a Mac, Time Machine revolutionized how I looked at desktop backups. RAID was designed for systems that can't go down just because they lose a disk. Chances are pretty good that if you lose your home desktop for a couple days while you go buy a new disk and do a restore, it's not the end of the world (and in fact you almost certainly don't, as every data center does, have either a complete set of parts to replace other failed components or a contract to have them couriered to you). At any rate, you're probably not willing to pay $80 for an extra disk purely to take your RTO down from one day to immediate from a failure that happens roughly every 30-60 years on a single disk machine. Time Machine makes incremental backups every hour (or on demand) and keeps them going back practically forever:<br />
<br />
<table cellpadding="3">
<tbody>
<tr><th>File</th><th>Disk</th><th>Total</th></tr>
<tr><td>RPO: one hour<br />
RTO: nearly immediate</td><td>RPO: one hour<br />
RTO: time to purchase a disk</td><td>no recovery</td></tr>
</tbody></table>
<br />
This is a huge improvement over RAID because accidental file deletion is probably the most common failure state. And that's really over-estimating the RPO. If you just dumped pictures of your daughter's wedding in there you can force a time machine backup right-now and not delete the memory card until it finishes. After I saw how this worked and started thinking about it I got rid of my RAID and started doing Time Machine plus a third disk offsite. I have been using that for a few years, but I'm now thinking about the best architecture for the present.<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com1tag:blogger.com,1999:blog-5829277751111385169.post-68018193595035277062012-06-29T16:46:00.001-04:002012-06-29T16:46:42.606-04:00Comments on NFIB v. SebeliusSo AFA (Obamacare) is legal because it's a tax. I've seen lots of opinions on this but nobody has brought up what I find to be the most interesting open question. To get to the question I'm interested in, I'd like to go over the history of the bill as it relates to this decision.<br />
<br />
Both Congress and the President insisted at time of passage, and many of them <a href="http://www.nationalreview.com/corner/304432/obama-surrogate-its-penalty-not-tax-patrick-brennan">still insist</a>, that what the bill does is make it illegal to not buy healthcare with a fine if you disobey the law. They did this for several reasons including the fact that they had promised not to raise taxes, that the bill couldn't make it back through the House (where tax bills must start) so it was less Constitutionally suspect starting in the Senate if it didn't contain taxes, and that behavioral economics make it more likely that people will avoid a fine than a tax.<br />
<br />
The Supreme Court decided that Congress doesn't have the power to do this. But that's okay, that's not (according to the Supreme Court) what Congress and the President really did.
The majority on the Court decided that what the bill really did (in spite of the text of the bill to the contrary) was add a tax on people who didn't buy insurance. This is Constitution because of the taxing power.
But wait, where is the taxing power in the Constitution?
<br />
<blockquote>
Article 1, Section 8 The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States</blockquote>
<br />
Congress doesn't have the power to lay and collect taxes as a penalty for something it dislikes. It can only do it to pay for things. There's a long established ability to exempt people from taxes for arbitrary reasons (thus the mortgage deduction, credit card interest deduction, charitable deduction...) but to my knowledge there's never been a federal tax raised specifically to discourage behavior the feds don't like.<br />
<br />
So clearly Congress could have written a bill that raised everyone's taxes by $1000 and then gave an exemption to those who purchased insurance. The question is if that's actually what they did. Congress argues they didn't. The President argues they didn't. The minority on the Supreme Court argues they didn't. The US Attorney who argued for Obamacare argued it was a tax, but not that it was really a deduction. Even the majority on the Court doesn't actually argue they did, but it's the only Constitutionally consistent way to interpret their decision.<br />
<br />
I should note that lots of commentators (like the one above) think the fact that the people who favor the bill still argue that it's not a tax even though the only reason it's Constitutional is that the Court decided it is. There's good precedent for that. The Roosevelt administration argued in Helvering v. Davis that Social Security is just a tax, not actual contributions, which is the only reason it was declared constitutional, but there are still very few <a href="http://blog.ccraig.org/2011/09/social-security-is-ponzi-scheme.html">arguments</a> that the government doesn't have an obligation to pay you back.<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-17052712845378658272012-05-03T21:27:00.003-04:002012-05-03T21:36:06.480-04:00Flags<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2uzyrpgJKpJrOeTiZld3jgXQZk4PaAuryjwskmf7t96qnThov_NT0iAdUSzFWOycLjJO0Ox5gQLxyHeq5BgP8wsHQYF0gaudb45ousRt1CMjtC_x-MzAWvU2s_EtdoUEePDMIv7TWSWQ/s1600/Screen+shot+2012-05-03+at+9.15.56+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2uzyrpgJKpJrOeTiZld3jgXQZk4PaAuryjwskmf7t96qnThov_NT0iAdUSzFWOycLjJO0Ox5gQLxyHeq5BgP8wsHQYF0gaudb45ousRt1CMjtC_x-MzAWvU2s_EtdoUEePDMIv7TWSWQ/s320/Screen+shot+2012-05-03+at+9.15.56+PM.png" width="320" /></span></a></div>
<span style="font-family: arial, sans-serif; font-size: 13px; text-align: left;">When used on a speaker's platform, the flag, if displayed flat, should be displayed above and behind the speaker. When displayed from a staff in a church or public auditorium, the flag of the United States of America should hold the position of superior prominence, in advance of the audience, and in the position of honor at the clergyman's or speaker's right as he faces the audience. Any other flag so displayed should be placed on the left of the clergyman or speaker or to the right of the audience.</span><br />
<br><br>
<span style="font-family: arial, sans-serif; font-size: 13px; text-align: left;">14 USC <span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13px;">§ 7(k)</span></span><br />
<br><br>
<span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13px;">It's not that hard.</span>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-79956753593047130922012-04-26T13:54:00.002-04:002012-04-26T13:54:44.438-04:00Student LoansThe student loan debate currently being pushed to the forefront by President Obama is like the rhetorical gift that keeps on giving. I could write pages on the interesting facets of this, but I'll start with the basics:<br />
<br />
In 2008 the Democrat controlled House and Senate passed, and President Bush signed, a law lowering the interest on Federally backed student loans from 6.8% to 3.4% for 5 years. Those 5 years expire this year and so presently the President is going around talking to college campuses about how he wants to stop the Republicans from raising the interest rates and how he understands the plight of these poor college students having to pay on their student loans because he and the First Lady just paid off their loans 8 years ago. Romney and the House Republicans (lead by Boehner) also want to extend the lowering, but Boehner wants to "offset" the cost by reducing the expenditures in Obamacare.<br />
<br />
There are so many interesting quirks to this it's hard to see where to start, but I think I'll pick the fact that this shows us how invasive a "temporary" program is. I didn't really follow this particular debate in 2008, but I'm sure there were 10 year budget projections showing what this cost, under the assumption that it only lasted 5 years. But now, 5 years later, the debate isn't about lowering student loan income, it's about preventing it from going up. Both politicians and commentators frequently take the sunset clauses on these "temporary" programs seriously. They shouldn't. If it was a good idea to lower student loan interest rates, it should have been done in perpetuity (the same is true for the Bush tax cuts). The only difference between cutting student loan interest rates (or taxes) for 5 years and forever is that you get to debate it again in 5 years with a "temporary" program, and blame the other side for wanting to go back to the status quo ante (even though that's actually what you agreed to do when you created the program). <br />
<br />
The second interesting thing is that the President's student loans dragged him down so much that he couldn't pay them off until just 8 years ago. After he had bought a condo (and a house) and "should have been saving for [his children]". Obama received a $100,000 advance for the publication of his first autobiography while he was still in law school. For the last 5 of those years the Obamas were making well over $200,000. For two of them they were making enough to be the "super rich" that aren't paying their fair-share of taxes. There are two possibilities here, neither of them very favorable for the President. The first is that despite being "super rich" (by his own definition) he really didn't have enough money to pay off his student loans. That eviscerates his argument (which he has been continuing to make at these taxpayer funded campaign speechs at Universities) that those over $250,000 are just throwing away money and need to be giving more in taxes. The other is that, despite having an abundance of discretionary income, he chose not to pay off student loans because the opportunity cost favored keeping them. I suspect this what really happened. He had a student loan at around 6% (this is before the rates were lowered in 2008) and he could make more money on that money than he was paying in interest (and he certainly couldn't get a loan that low) so he didn't see any point in aggressively paying it off the way you would, say, a credit card. This destroys his argument for artificially cutting the rate in half from what was already so cheap he chose to keep it around when he didn't have to.<br />
<br />
The third, and most disturbing, interesting thing is the games the Republicans are playing here. When the Democrats created Obamacare they took some of the easier-to-cut sections of Medicare and slashed them to make the budget work. I made the argument at the time that this was like renegotiating a mortgage that was going to bankrupt me and then turning around and spending the "savings" on credit cards. This is exactly what Boehner wants to do here. The Republicans have been arguing since it passed that we can't afford Obamacare. And we can't. Now we have a Republican Presidential candidate who has committed to dropping Obamacare completely, a Supreme Court case that many people consider likely to throw the entire bid out as unconstitutional, and a Republican Congress that says it's still unconstitutional and we can't afford it, but we can cut some of the money we don't have out of Obamacare and use it to pay for another bad idea. Obamacare is a bad idea, and we ought to throw it out, but "saving" money by not funding certain care items while keeping the rest of the restrictions and regulations and then spending the "savings" on another bad idea is an even worse idea.<br />
<br />
There are a bunch of other issues particular to the way student loans are subsidized and how this contributes to the rapid inflation of education costs, the fact that through this program a 25 year-old plumber gets to pay the bank 6% for the loan on his truck and tools <b>and</b> subsidize the 3.4% (higher risk profile) loan for the education of a 25 year-old lawyer, or the question of why the Federal government is involved in education funding at all, but I'm honestly not as interested in the standard issues with student loans as the politics of the rhetoric itself.<br />
<br />
<br />
<br />
<br />Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-79846182965486256132012-04-17T12:40:00.001-04:002012-04-17T12:41:47.839-04:00Laws<blockquote><span style="font-weight: normal; ">The internal effects of a mutable policy are still more calamitous. It poisons the blessing of liberty itself. </span><b>It will be of little avail to the people, that the laws are made by men of their own choice, if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood; if they be repealed or revised before they are promulgated, or undergo such incessant changes that no man, who knows what the law is to-day, can guess what it will be to-morrow.</b> Law is defined to be a rule of action; but how can that be a rule, which is little known, and less fixed?<br /><br /><b>Another effect of public instability is the unreasonable advantage it gives to the sagacious, the enterprising, and the moneyed few over the industrious and uniformed mass of the people.</b> Every new regulation concerning commerce or revenue, or in any way affecting the value of the different species of property, presents a new harvest to those who watch the change, and can trace its consequences; a harvest, reared not by themselves, but by the toils and cares of the great body of their fellow-citizens. This is a state of things in which it may be said with some truth that laws are made for the few, not for the many.<br /><br />In another point of view, great injury results from an unstable government. The want of confidence in the public councils damps every useful undertaking, the success and profit of which may depend on a continuance of existing arrangements. What prudent merchant will hazard his fortunes in any new branch of commerce when he knows not but that his plans may be rendered unlawful before they can be executed? What farmer or manufacturer will lay himself out for the encouragement given to any particular cultivation or establishment, when he can have no assurance that his preparatory labors and advances will not render him a victim to an inconstant government? In a word, no great improvement or laudable enterprise can go forward which requires the auspices of a steady system of national policy.<br /><br />But the most deplorable effect of all is that diminution of attachment and reverence which steals into the hearts of the people, towards a political system which betrays so many marks of infirmity, and disappoints so many of their flattering hopes. No government, any more than an individual, will long be respected without being truly respectable; nor be truly respectable, without possessing a certain portion of order and stability.<br /></blockquote><br /><b> -- Federalist 62 </b>(emphasis added)Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-20069208203448225522012-03-15T12:17:00.003-04:002012-03-15T13:36:01.316-04:00Nominating processThere's all sorts of talk right now about whether the slowed-down nominating process the Republicans put in place in 2008 was a good idea. I don't care. I'm more interested in the brokenness of the process in general. I'm pro electoral college (and, in fact, think we ought to have some of the electors sent there by state legislatures like we used to do with Senators) so it may come as a surprise that the non-representative nature of the nominating process really bothers me. The problem is that the electoral college was designed to give some relief to the less populace states in our federation on the choosing of the President. That makes sense. The nominating process doesn't seem designed at all.<br /><br />At present nearly 10% of Romney's delegates are from territories that don't get to vote for President. I'm actually opposed to our permanently retaining territories that are never going to become states, but if the purpose of the nominating convention is to win the Presidency, do we really care what people who can't vote for President think? I'd be okay with in if they got some nominal vote, but the people of the Virgin Islands and the Northern Mariana Islands together get as many votes as New Hampshire (which, admittedly, has an oversized influence because of when it votes).<br /><br />Only fourteen of the 60 States or districts who have primaries or caucuses are closed. In the rest either Democrats can help select the Republican representative (I'm sure they will have only the best interests of Republicans in mind) or you have to at least not be party affiliated. Though if you're in a semi-closed state the chance you're going to register with a party is pretty much zero. I would not only have closed primaries, I would require that you have been registered with the party for at least two 30 months.<br /><br />California and New York, states where the Republican nominee is guaranteed zero electoral votes, are two of the three largest delegations to the convention (Texas is number 2). On top of that nearly half of the California and New York delegates (123 out of 261) come from districts that are 60% or more Democrat. According to Sean Trende at Real Clear Politics, 8 districts from Los Angeles County cast just barely more votes in the 2002 Gubernatorial primary as a single majority-republican district. Yet they would get 8 times as much influence in the nominating process. To make matters worse, California is an open primary, so nobody is checking whether the delegates from Nancy Pelosi's district even reflect the desire of the Republican who lives there. I'm not saying we shouldn't care about these people's voice in the primary, but we shouldn't care a lot more about Republican's in Nancy Pelosi's district than those in Paul Ryan's. <br /><br />On the flip side, the current procedures give extra bonus delegates to majority Republican states. Unlike the issues with allocating delegates based on general-population district lines that in lots of cases were intentionally drawn to polarize towards one party or the other, I can see why this makes sense. The nominee is supposed to be somebody who represents the will of the Republican electorate, so it makes sense to give bonuses to majority Republican states. But the nominee is also supposed to be somebody who can actually win the Presidency. Given that the important thing is winning the electoral college in the fall, wouldn't it make sense to give similar (or even greater) bonus delegates to the states with the closest elections in the past Presidential election? Hugh Hewitt has recommended at least once having the nominee determined only by the closest states. That seems like a recipe for a splintered party to me. It's one thing to give extra credit to electorally important states, it's another entirely to say to Texas or Georgia that the party doesn't care what you think, we're going to find a moderate who does well in Ohio and Pennsylvania. <br /><br />We also have a bunch of unbound delegates who got their position through some previous party position. I actually don't have a problem with these. The "super delegates" bring some of the horse trading in order to get the desires of various factions of the party fulfilled while finding the most likely candidate to actually secure the election into the convention. If it's a close call, that's a role I don't mind seeing.<br /><br />If I were head of the primary process, I would allocate votes among the states based on the number of popular votes they cast for the Republican in the prior election. Then I would give a bunch of extra votes to the 4 closest states. The national convention needs some way of allocating votes within states other than congressional districts which are drawn based on general population and frequently drawn to intentionally skew towards one party or the other. I would suggest something like forcing proportional distribution based on the entire states' returns. I would love to draw districts, but you would need special districts established for the purpose if you wanted to fairly district among just one party, and that doesn't seem practical.Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-53182673720792260042011-12-21T15:53:00.002-05:002011-12-21T16:24:02.013-05:00Obama is rightIn a <a href="http://www.powerlineblog.com/archives/2011/12/obama-places-himself-on-the-continuum-of-greatness.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+powerlineblog%2Flivefeed+%28Power+Line%29&utm_content=Google+Reader">post</a> on PowerLine, John Hinderaker started a firestorm on conservative blogs this morning by pointing to (and dismantling) Obama's claim that he "would put our legislative and foreign policy accomplishments in our first two years against any president — with the possible exceptions of Johnson, F.D.R., and Lincoln". <br /><br />I must say, Obama is right. The standard consistently used to judge Presidents in <a href="http://en.wikipedia.org/wiki/Historical_rankings_of_Presidents_of_the_United_States#Scholar_survey_results">rankings</a> is something along the lines of how much lasting change they have made to the structure of the Union. This is completely consistent with Obama's worldview (which you would expect, because those rankings are put together by progressive intellectuals). So the economy may have been much worse when Reagan took office and much better at this point in his Presidency, but that's immaterial. Harding took a deflationary depression and turned it completely around within 3 years but consistently appears in the bottom of Presidential rankings. FDR managed to keep the Great Depression going for a decade, but always appears at the top. If you listen to a progressive academic, and Obama has spent his life listening to progressive academics, Presidents aren't measured by how well the economy does.Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-60869505294243035632011-10-07T08:35:00.002-04:002011-10-07T08:46:21.883-04:00A much bigger deal than is being reported<blockquote></blockquote>Last night, in order to avoid voting on Obama's jobs bill, Harry Ried changed the rules of the Senate to disallow the introduction of amendments after cloture is invoked. This is an arcane bit of Senate procedure, but the important point to take away from this is that the rules have been changed by a simple majority to prevent the minority from exercising a power they usually possess. This is exactly what I urged the Republican senate to do to allow votes on circuit court judges to pass with a majority, but they were unwilling to do because once Pandora's box is opened the procedure could be used by Democrats in a future Senate. I argued at the time, we now know correctly, that this was irrelevant and Democrats would change the rules as soon as it became convenient.<div><br /></div><div>In light of this, I'd like to propose two changes to the Senate rules for the new Republican majority in 2012:</div><div><br /></div><div>1) Allow appointments to pass by simple majority. First off, this is extremely politically advantageous, because Republicans tend to accept any judge who is qualified as a matter of training and experience, even if they dislike the positions they take, while Democrats reject any judge whose philosophy they disagree with, so Republican presidents have much more difficulty getting their nominees through the Senate. But secondly, I think the current position is unconstitutional. The Senate can do whatever it wants to its procedures for introducing new legislation, but appointments are an executive power that merely requires Senate "consent". The Senate should not allow itself to withhold consent if the majority of its members agree.</div><div><br /></div><div>2) Allow any repeal bill to pass with a simple majority. As I stated on my <a href="http://blog.ccraig.org/2010/08/heinlein.html">post</a> on Heinlein, giving a power to the government necessarily entails a restriction on personal freedom, and we shouldn't need a super majority to give that freedom back. (This also has convenient side effect that it makes repeal of Obamacare almost guaranteed)</div>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-85685589264089461802011-09-08T11:50:00.010-04:002011-10-05T12:18:40.528-04:00Social Security IS a Ponzi Scheme<span class="Apple-style-span">Ponzi Scheme (n): an investment swindle in which early investors are paid with sums obtained from later ones in order to create the illusion of profitability (Merriam-Websters Dictionary of Law, 1996)<br /><br /><p>Rick Perry is taking a lot of heat not only from the <a href="http://www.washingtonpost.com/blogs/post-partisan/post/perry-doubles-down-but-also-dodges-on-social-security/2011/09/08/gIQAgbJGCK_blog.html">liberal</a> <a href="http://www.nytimes.com/2011/09/08/us/politics/08debate.html?_r=1&pagewanted=all">media</a> but also from <a href="http://www.hughhewitt.com/blog/g/2cab659d-623c-4829-8f2a-2ae95c4c1387">conservative</a> <a href="http://www.commentarymagazine.com/2011/09/08/perry-social-security-2/">media</a> for "doubling down" in the debate and calling Social Security a Ponzi Scheme. I understand the mainstream media saying this, they're practically cheerleaders for the Democratic Party and they're very much invested in the lies that have been told about Social Security for half a century. I don't understand the conservatives, though. Yes, sometimes it's politically dangerous to call a spade a spade, but Social Security _is_ a Ponzi Scheme. That it has ever been anything else is one of the great political lies of the 20th Century (maybe THE great political lie of the 20th century) and conservatives should be eager to discredit it (while proposing solutions to the problem that don't pull the rug out from under seniors who are depending on it).<br /><br /></p><p>The reason this is so important is that huge portions of otherwise well informed Americans have actual<span name="hotword" style="color: rgb(51, 51, 51); line-height: 1.25em; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; position: static; cursor: default; ">ly f</span><span name="hotword" style="color: rgb(51, 51, 51); line-height: 1.25em; margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; position: static; cursor: default; ">allen for the statements they get from the Social Security Administration on their paystubs and in the mail that list their "contributions" and "account balance". These are outright lies. No one has ever made a "contribution" to Social Security in the entire history of the program, and no one has ever had an "account balance". Social Security "accounts" don't exist in any meaningful way and the sooner people come to grips with that the sooner we can fix the system.</span></p></span><span class="Apple-style-span">For those of you who don't know, this is how Social Security really works. </span><div><span class="Apple-style-span"><br /></span></div><div><ol><li><span class="Apple-style-span" style="font-family: georgia; font-size: medium; ">You pay a payroll tax. This payroll tax, as a matter of statute and case law is not earmarked in any way and can be spent at the whim of the Federal Government. (See Helvering v. Davis)</span></li><li><span class="Apple-style-span" style="font-family: georgia; font-size: medium; ">The Social Security Administration uses part of the income from this tax to fund the benefits to current recipients and "invests" part of it in Treasury instruments, which the Treasury promises to pay back if the Social Security Administration asks for it. The money that was invested in the Treasury is then spent as part of the general US budget for farm subsidies and road building and international aid and whatever else the Fed does.</span></li><li><span class="Apple-style-span">When one of several things happens (death of a spouse, disability, retirement) the Social Security Administration uses some complex formula based on how much you put in and how long you worked to cut you checks from current payroll tax revenue (plus the trust fund, though that rarely happens). This formula is defined by law and subject to change at any time. (i.e. When the Social Security Administration sends you glossy material in the mail saying that you are guaranteed to get X when you retire they mean "pursuant to current law". If Congress changes the law tomorrow to say you get 10 percent of that then tomorrow you will be guaranteed 10 percent of that.)</span></li></ol><div><span class="Apple-style-span">So lets compare and contrast this with a classic Ponzi scheme. Social Security uses the money from later investors to pay the benefit of early ones so it's clearly at least partially inline with the dictionary definition. </span></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">You could argue that the trust fund means that even though in practice it pretty much always pays benefits entirely out of contributions, it's not dependent on them, so that's different from a Ponzi scheme. But you would be wrong. At the end of 2010 Social Security had $2.5 trillion in the trust fund and in 2010 they paid out $584 billion in disbursements (<a href="http://www.socialsecurity.gov/OACT/TR/2011/tr2011.pdf">2011 Trustees report</a>, table III.A1) and disbursements are expected to increase rapidly and forever, so we would expect the trust fund to run out of money in less that 5 years if we stopped contributing. And that's not the worst of it. As I've said elsewhere, I don't believe in the trust fund. There are commentators that say the Treasury would never default on the Trust Fund notes because it would cause US bonds to collapse. But they don't have to. The Social Security Administration is a creature of statute law and Congress could vote tomorrow to forgive the trust fund debt to itself and there would be no bond implications (I would actually argue that bonds would become stronger because we don't have the huge unfunded social security liability stressing them). If we suddenly needed to increase expenditures by half a trillion per year to cover Social Security expenses I suspect changes would happen in short order.</span></div></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">You could also argue that Social Security isn't doing this "in order to create the illusion of profitability" because everything I've just stated is a matter of plain statute law, so it's not like Bernie Madoff who was claiming he invested in X and Y. Everybody knows how Social Security works so nobody is fooled into thinking it's a profitable investment. But that's not true, either. I'll demonstrate this by asking what the Social Security would do if they wanted to convince gullible masses that their "contributions" in Social Security "accounts" would yield particular "guaranteed returns". Exactly what they've been doing for years, marking your payroll tax as a "contribution" on your pay stubs and sending you stuff in the mail about your "account". And it's working. In the past week alone I have encountered two people who honestly believed that they have made contributions to Social Security accounts that exist as actual assets somewhere and were somewhat hurt and felt they had been lied to when I told them what I expressed above. I agree they have been lied to, but if the government has been lying to people and telling them that they have money in accounts somewhere, then they are clearly "creating the illusion of profitability".</span></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">The only other argument I've seen for why Social Security isn't really a Ponzi Scheme is precisely that it is a government program so whereas a Ponzi Scheme depends on getting more and more investors in order to meet its promises to past investors and inevitably fizzles when not enough gullible people can be found, the government can threaten to put you in prison unless you pay more and more money to support the program for prior investors. I'll admit, this is somewhat different from a classic ponzi scheme (though I'll argue it's worse) but it's not going to prevent a fizzle. The number of investors per recipient is declining and at some point people are going to say "enough" and cancel the program. Social Security started by charging 2% limited to $60. Currently it is sapping around 12% of our income (limited to $12,000) but according to official estimates it's going to require more than twice that by 2025 (including funds to the "general fund" in order to offset repayment of the trust fund) and it grows every year.</span></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">Social Security IS a Ponzi Scheme and it's critically important that we as conservatives explain this to people. Until people understand that the underpinnings of the program are a lie we can't have a responsible discussion of the program. If Social Security is like a 401(k) then I would be criminal (or at least progressive) to suggest that Warren Buffet shouldn't be able to get his money out of his account when he retired. If, on the other hand, Social Security is more like welfare it seems insane to think that wealthy retirees should be receiving it at all. One of the most powerful complaints about Paul Ryan's budget is that it reduces Medicare (he doesn't actually deal with Social Security at all) payments for those under 55. This is so powerful because people feel like he's stealing money from the accounts where they have been making contributions all these years, but those contributions were taxes, and they've been spent. And the government is unlikely to be able to raise the money to repay them under the current program in 15 years anyway.</span></div><div><span class="Apple-style-span"><br /></span></div><div><span class="Apple-style-span">We need to drastically reshape Social Security. I'm fine with the Ryan plan and I'm likely to be fine with the Perry plan, but if I were writing a plan I would go much farther. I understand, particularly politically, the desire not to affect seniors who have already retired under the presumption that they would get what Social Security promised them, but I would prefer if we as a country got to the point where we understood it is essentially a welfare program and if you managed to retire with a hundred million in the bank maybe you shouldn't get the full amount of welfare the SSA said you were going to get (even though you believed them when they lied to you and said you were contributing it to an account and would get a substantial return). After all, many of the investors who believed Madoff and Ponzi when they lied to them didn't get anything back, and even I'm not suggesting that.</span></div>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-65708078418605707482011-07-12T12:15:00.002-04:002011-07-12T13:05:54.732-04:00Democrats and DemocracyIn a Press Conference this morning, Obama said that the average American shouldn't worry about stuff like the Debt limit, that's what professional politicians are for:<br /><br /><object style="height: 390px; width: 640px" width="640" height="390"><param name="movie" value="http://www.youtube.com/v/64yhiih53F4?version=3"><param name="allowFullScreen" value="true"><param name="allowScriptAccess" value="always"><embed src="http://www.youtube.com/v/64yhiih53F4?version=3" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="640" height="390"></embed></object><br /><br /><div><br /></div><div>This brings up a couple of questions:</div><div><br /></div><div>First, why does your party call themselves "Democrats"? When Jackson split off from the Democratic-Republicans he called his party the "Democrats" because they were populists who more directly reflected the will of the people. On the two major issues of your Presidency (three if you include your action in Libya) you have explicitly rejected the will of the people because you thought you knew better than they do. I actually think that's sound governance in a Republic, but then I've also explicitly stated that I don't believe in Democracy, I reject the direct election of Senators, I think we should raise the voting age, and I think we ought to restrict voting to those who are informed (and preferably pay taxes). All positions absolutely anathema to a Democrat.</div><div><br /></div><div>Second, and more important, why are you pulling the American people into a debate on how a deal to raise the debt limit is structured? You have held something like 4 press conferences in the last couple weeks all of which are intended to point to to an American people who are too busy cooking dinner to have an informed opinion on whether or not a debt limit raise is good policy that we should raise taxes with the debt limit instead of only cutting spending. In your opinion, isn't that something professional politicians should take care of for us behind closed doors? If you can't be bothered to explain why we should raise the debt limit, why explain how the deal should be look?</div><div><br /></div><div>This is particularly important since these speeches have been utterly insincere. Several Republicans (and to my knowledge not a single Democrat) have asked for the actual negotiations to be open to the public. Despite working to put food on my table, I've actually tried to follow this pretty closely, but there's no way anyone (including the people in the media who have written columns on what a great deal somebody is rejecting) have any actual insight into what's going on in these negotiations. But, despite the fact that I can't find what is actually being debated, I do know enough to know that you are lying to us. I know this because the revenue increases you talk about aren't even a percent of the spending you claim to be offsetting, you have noted in these remarks the drastic cuts you're willing to take while simultaneously asking for increases in spending on pet projects that would be at the top of the Republican list to cut, and most importantly you continually say you want a "long term" fix when the only budget your party has produced in nearly 3 years (your 2010 budget) increased the debt every year in its scope (and was rejected by every member of your party). </div><div><br /></div><div>If you don't believe the people have enough time to understand the big picture, can you please stop the demagoguery over the details?</div><div><br /></div><div><br /></div><div><br /></div><div>PS. I should probably note, I support a debt limit increase, but I would rather have no increase than a bad deal. There's no point in having a debt limit if it's just going to get increased every time the government maxes out our credit card again. I disagree with the assertion that we will default if we don't get a debt increase. We can cover debt repayment with only 10% of receipts at current revenue levels and I would argue the 14th Amendment states that the President <b>must</b> use 10% to do that (which leaves about half of current government functions funded). I'll admit that Obama is probably going to cut the most irresponsible programs he can to show how important our limitless debt is, so we'll have closed National Parks and no FBI while ethanol subsidies and free breakfast in schools continue, but that's still not as bad as an actual default.</div>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0tag:blogger.com,1999:blog-5829277751111385169.post-88626918405082508972011-07-01T11:48:00.002-04:002011-07-01T12:11:03.375-04:00Can we please cancel them?During a speech earlier this week Obama threatened that if we didn't change the depreciation schedule on private jets, <div><blockquote></blockquote><blockquote></blockquote><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 19px; "><blockquote style="font-size: 13px; ">then the kinds of cuts that would be required might compromise the National Weather Service. It means that we would not be funding critical medical research. It means that food inspection might be compromised. And I’<span class="blsp-spelling-error" id="SPELLING_ERROR_0">ve</span> said to some of the Republican leaders, you go talk to your constituents, the Republican constituents, and ask them are they willing to compromise their kids’ safety so that some corporate jet owner continues to get a tax break. And I’m pretty sure what the answer would be.</blockquote><span class="Apple-style-span" >This was, in fact, an important theme of the conference, having been repeated almost verbatim in two parts of the speech. Lots of people are making much of the fact that a change in the depreciation of private jets isn't going to yield a billion dollars, let alone the hundreds of billions those programs eat up. There's also the issue that we somehow managed to give kids scholarships, pay for medical research, and fund the National Weather Service and the FDA on the $2.9 trillion Bush spent in 2008 ($240 billion deficit) instead of the $3.55 trillion Obama spent in 2010 ($1420 billion deficit). I don't think it is generally realized that the "stimulus" wasn't a one time expense, it was a permanent, massive increase in the federal budget, from which Obama now claims we can't possible retreat.</span><span class="Apple-style-span" > </span><span class="Apple-style-span" >But that's not the point of this post.</span></span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 19px; "><span class="Apple-style-span" ><br /></span></span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 19px; "><span class="Apple-style-span" >Also, I happen to agree with Obama that the special depreciation scale Obama proposed and the Democrat Congress passed in 2009 as part of that stimulus for private jets was a bad idea and should be scaled back. Unlike Grover <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Norquist</span>, I only care about tax rates, not breaks. Special credits are fiscally indistinguishable from spending programs. But that's not the point of this post either.</span></span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 19px; "><span class="Apple-style-span" ><br /></span></span></div><div><span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; line-height: 19px; "><span class="Apple-style-span" >The point of this post is that not one of the programs the President mentioned is within the Constitutionally defined role of the Federal Government. If it takes keeping an awful airplane depreciation scale to <span class="blsp-spelling-error" id="SPELLING_ERROR_2">defund</span> the <span class="blsp-spelling-error" id="SPELLING_ERROR_3">NWS</span> (excepting those areas where it is important for defense, which can be rolled into the defense department), the FDA, Federal funding of medical research, federal interference in education, and things having to do with kids' safety, then I'll keep the depreciation.</span></span></div>Christopherhttp://www.blogger.com/profile/08271468168209215799noreply@blogger.com0