Paul M. Jones

You want to find empirical studies that show free trade to be harmful to free-trading nations?  No problem; you can find them.  You want to find empirical studies that show government stimulus spending to be a sure-cure for what ails a slumping economy?  There are plenty of such data-rich studies out there.  You want to find empirical studies that show that violent crimes aren’t deterred by the death penalty?  Not a problem.  You want to find empirical evidence that increased rates of handgun ownership increase citizens’ likelihood of dying of gunshot wounds?  Many such studies are available.

You can also find plenty of empirical studies showing the opposite of what is shown by all of the above studies.  And these other studies are, as a group, no less carefully done than are the studies that they contradict.  And these other studies, also, are done by scholars no less credentialed and no less objective than are those scholars who produce the contrary findings.

That’s the reality of the social sciences.  It’s not an exercise in simple observation of simple and self-defining facts, only one or two of which change at any time.

Therefore, theory is important.  Among other roles, theory directs our attention to what patterns to look for, and helps us to better understand what empirical findings warrant our suspicion more than others.  Obviously, theory should never be used as dogma to prevent our learning from careful empirical studies.  Nor, however, should well-accepted and coherent theories be tossed aside simply because a handful of people produce a few studies that are inconsistent with that theory – especially if other careful empirical studies support the theory.

So while it’s always a good instinct to ask “What do the data say?  What does history tell us about this matter?”, it’s just as scientifically naive to ridicule thoughtful discussion of theory (including discussion of pitfalls in interpreting data) by suggesting that the discussion is useless because it presents no data as it is to suggest that theory should never be subjected to empirical tests.

via Where Are My Data?!.

It's bad for Big Business to get tax breaks, right?

It hasn’t drawn much attention, but Facebook’s first annual earnings report contains an accounting gem: a multibillion-dollar tax deduction for the cost of executive stock options and share awards.

Even though Facebook (FB) reported $1.1 billion in pre-tax profits from U.S. operations in 2012, it will probably pay zero federal and state taxes--and even receive a federal tax refund of about $429 million--according to a Feb. 14 statement from Citizens for Tax Justice.

via Facebook Gets a Multibillion-Dollar Tax Break - Businessweek.

It's a sample, but still, this dude sounds high and hungry. And not bright. The fun starts at about 4:45.

I'd like, uh, Captain Crunch, and, some Special K,
toasted on the out and nice & on the inside,
and, uh, I would, would like some spaghetti, linguine,
sandwich, with a light bread, on the out, on the medium over
on like, some, like some candy canes
and eggs sunny side up
on, uh, on the toast
and i'd like the (aveneen?) rare,
i'd like some moo goo, gai pan, without the pan,
some pans
and i'd like, uh, i'd like some corned beef
on mustard with, with the rye and some (therma?)
i'd like a pickle with the lettuce
and (add it's all good)
I'd like an eggcream with chocolate, with vanilla in it,
and vanillas, shakes
and i'd like on the rye
i would like some scrambled eggs
and would like some muffin
limey to go
with feet

Here is a SubReddit on Defensive Gun Use.

On the pages for rand() and uniqid(), as well as looking at the C code, they specifically state that these functions should not be used for generating secure tokens.  They tend to generate predictable values.  And the documentation for md5() states that it should not be used for password hashing.  Granted we’re not hashing passwords when creating a CSRF token, but with the tooling available shouldn’t we be using functions that are more cryptographically secure?

...

The goal here is the random value.  As such the hashing using hash_hmac() does not buy you a whole lot extra.  The number of possible values in a 32 byte random string is 1.1579208923731619542357098500869e+77.  That alone would seem to be enough for a CSRF prevention token.  mt_rand() returns an integer which gives you  about 4 billion possible numbers.  While that will probably protect you, the other value will offer you better protection.  There’s no sense in gambling with a smaller value if you have the ability to generate a larger value with virtually no additional cost.

So it would seem that, for generating a proper token the code that you would really need is this:

$token = base64_encode( openssl_random_pseudo_bytes(32));

The only reason for the base64_encode() call is to make sure that the value provided will not break your HTML layout.

Looks like we need to update Aura.Session to use openssl when available and fall back to mt_rand() when it's not. Via Generating secure cross site request forgery tokens (csrf).

Repeat after me: the police have no legal duty to protect or defend you.

A madman kills four, NYPD manhunt follows. Two officers are in a subway cab when the madman enters the car, and they do nothing to stop him. He stabs a passenger right next to them, who in turn wrestles him down, at which point the NYPD folks finally emerge. Now he sues the city, and it of course argues that it has no legal duty to protect the citizenry.

You are you your on to defend what's yours. Via Of Arms and the Law: Don't worry, the city will protect you.

Gun control for the Federal government, anyway:

When financial questions arose regarding the Mountain Pure Water Company, Washington did not send a few staffers to inspect documents. Instead, last spring, some 50 armed Treasury agents breached Mountain Pure’s headquarters in Little Rock, Ark. They seized 82 boxes of records, herded employees into the cafeteria, snatched their cell phones, and refused to let them consult attorneys.

“We’re the federal government,” Mountain Pure’s comptroller, Jerry Miller, says one pistol-packing fed told him. “We can do what we want, when we want, and there’s nothing you can do about it.”

Power-mad bureaucrats and administrators with guns from departments of the FDA, Education, Health & Human Services? By all means, restrict their access to and use of guns. Via And Your Little Dog, Too - National Review Online.

Maker’s Mark just got a little less stiff. The bourbon brand, known for its bottles sealed with red wax, told customers today that it’s reducing the amount of alcohol in the beverage in order to meet rising global demand.

The horror. The horror. Via Maker’s Mark waters down its bourbon to meet rising demand - Quartz.

DHS has been silent about its need for numerous orders of bullets in the multiple millions. Indeed, Examiner writer Ryan Keller points out Janet Napolitano's agency illegally redacted information from some ammunition solicitation forms following media inquiries.

According to one estimate, just since last spring DHS has stockpiled more than 1.6 billion bullets, mainly .40 caliber and 9mm. That's sufficient firepower to shoot every American about five times. Including illegal immigrants.

To provide some perspective, experts estimate that at the peak of the Iraq war American troops were firing around 5.5 million rounds per month. At that rate, DHS is armed now for a 24-year Iraq war.

*You* shouldn't have guns and ammo. The *government* should have them. Via Why are the feds loading up on so much ammo? by Andrew Malcolm - Investors.com.

UPDATE: See here for why the count is way off.

Up until now, Argentinas descent into a hyperinflationary basket case, with a crashing currency and loss of outside funding was relatively moderate and controlled. All this is about to change. Today, in a futile attempt to halt inflation, the government of Cristina Kirchner announced a two-month price freeze on supermarket products. The price freeze applies to every product in all of the nation’s largest supermarkets -- a group including Walmart, Carrefour, Coto, Jumbo, Disco and other large chains. The companies’ trade group, representing 70 percent of the Argentine supermarket sector, reached the accord with Commerce Secretary Guillermo Moreno, the government’s news agency Telam reported. As AP reports, "The commerce ministry wants consumers to keep receipts and complain to a hotline about any price hikes they see before April 1."Perhaps they will. What consumers will certainly do is scramble into local stores to take advantage of artificially-controlled prices knowing very well they have two short months to stock up on perishable goods at todays prices, before the countrys inflation comes soaring back, only this time many of the local stores will not be around as their profit margins implode and as owners, especially of foreign-based chains, make the prudent decision to get out of Dodge while the gettings good and before the next steps, including such measures as nationalization, in the escalation into a full out hyperinflationary collapse, are taken by Argentinas female ruler.

Anyone paying attention is about to see basic economic principles in action. The Gods of the Copybook Headings will deliver the lesson in person: when you set a price ceiling, you get a shortages. Via Argentina Freezes Supermarket Prices To Halt Soaring Inflation; Chaos To Follow | Zero Hedge.