Paul M. Jones

Don't listen to the crowd, they say "jump."

Thank Evolution For Your Alcohol Tolerance

The boozing gene can be traced back 10 million years to the common ancestor humans share with chimpanzees and gorillas, new research claims.

It is believed these ancient forebears were the first to pick up fruits fermenting on the ground after they developed a lifestyle away from the trees.

Individuals able to stomach the boozy fruit would have survived better in this new environment than those who could not, programming the ability into their descendants' genetic codes.

The theory could explain why humans, chimps and gorillas are able to digest alcohol, while our tree-dwelling cousins like orangutans cannot.

"The cause of, and solution to, all life's problems." Via Scientists trace the boozing gene: Taste for drink 'originated 10million years ago in common ancestor of humans and chimps' | Mail Online.


Government Puts Man In Solitary For 2 Years: No Charges, No Trial, No Health Care

Slevin was arrested on suspicion of drunk driving in New Mexico in 2005. But he was never convicted, never tried, never even saw a judge. Yet he spent almost two nightmarish years in solitary confinement with treatment that devastated his physical and emotional health. Once you read this, you'll never look at our justice system quite the same way again.

After Steven's arrest on suspicion of DUI and driving a stolen car, he was placed in solitary confinement because because officers felt he might be "suicidal."

There, he was essentially forgotten about by the legal system. He was given no health care. His toenails grew so long they curled around his feet. He developed bed sores. A fungus grew on his skin after being denied showers. He lost a ton of weight. His hair grew long and shaggy -- he looks like he just got off a desert island. He descended into madness. And his dental problems grew so severe that he was forced to pull out one of his rotting teeth by himself.

Eventually, after 22 months, Steven was released after all charges against him were dismissed! Not only couldn't anyone prove he was drunk driving, but his lawyer says the car wasn't stolen -- it was a friend's car. Now the poor man has lung cancer and suffers from post-traumatic stress disorder.

At least Steven was just awarded one of the largest civil rights settlements in history. He was awarded $15.5 million, but the county is appealing. Appealing??! Give this man every penny!

Yet another example of why government powers need to be reduced, not expanded. Via Man Left in Solitary Confinement for 2 Horrific Years ... for Suspected DUI (VIDEO) | The Stir.


Dawkins And Allah: The Answer Is, "Because They Will Try To Kill You"

In a recent Al-Jazeerah interview, Richard Dawkins was asked his views on God. He argued that the god of "the Old Testament" is "hideous" and "a monster", and reiterated his claim from The God Delusion that the God of the Torah is the most unpleasant character "in fiction". Asked if he thought the same of the God of the Koran, Dawkins ducked the question, saying: "Well, um, the God of the Koran I don't know so much about."

How can it be that the world's most fearless atheist, celebrated for his strident opinions on the Christian and Jewish Gods, could profess to know so little about the God of the Koran?

As the title says, criticism makes you an assassination target. I wonder if he'd be as fearless regarding the Jewish and Christian God if the Jews and Christians had a credible recent history of killing their critics. Via Facing uncomfortable truths | The Jewish Chronicle.


You And Your PHPNess

I get that many (but not all) women, and many (but not all) men, in the PHP community are upset by the Web & PHP Mag "Enhance Your PHPNess" shirts as an example of sexism. Maybe it was, maybe it wasn't; note that the women in the photo were the magazine editor and the relationship manager, not random booth babes being exploited for their bodies instead of their minds. (Please spare me your postmodern explanations of how male privilege has been internalized by these strong independent women who are oppressed by the patriarchy; it's not the point of this article.)

The point of this article is as follows: Denouncing it on the Internet is nice and all, but I suggest that the Web & PHP Mag folks won't really care unless it hurts their income stream. Hell, the publicity alone must be huge for them.

If you are really committed to your position against Web & PHP on this issue, I look forward to you boycotting their website, magazine, and conferences. Don't submit to speak for them; hell, submit with a note saying you refuse to speak there. Don't engage any money-making venture of theirs until they issue a public apology that satisfies your sense of outrage.

If you don't back your words with non-violent action, then all you have done is talk. Talk is nice, but I submit that it would be hypocritical of you not to act as well.

But if you back your words with actions, won't that hurt the women who are running the company? Hm, I suppose it might at that. What's a white knight to do? Decisions, decisions.


Makers Mark Reverses Decision to Water Down Whiskey

One week after announcing plans to dilute its whiskey, Maker’s Mark has changed course. The Kentucky bourbon company released a statement Sunday reversing its decision and apologizing for disappointing its loyal fans with the decision to reduce alcohol content to keep up with rising global demands.

“We’re humbled by your overwhelming response and passion for Maker’s Mark. While we thought we’re doing what’s right, this is your brand you told us in large numbers to change our decision,” the statement from president Bill Samuels Jr. and his son and chief operating officer, Rob Samuels, said.

In light of this I am considering taking up religion again, as this could be considered "proof" (heh) of a benevolent God. Via Makers Mark Reverses Decision to Water Down Whiskey | TIME.com.


It's Not Enough To Have Data; You Also Need A Theory. Multiple Theories Can Fit The Same Data.

You want to find empirical studies that show free trade to be harmful to free-trading nations?  No problem; you can find them.  You want to find empirical studies that show government stimulus spending to be a sure-cure for what ails a slumping economy?  There are plenty of such data-rich studies out there.  You want to find empirical studies that show that violent crimes aren’t deterred by the death penalty?  Not a problem.  You want to find empirical evidence that increased rates of handgun ownership increase citizens’ likelihood of dying of gunshot wounds?  Many such studies are available.

You can also find plenty of empirical studies showing the opposite of what is shown by all of the above studies.  And these other studies are, as a group, no less carefully done than are the studies that they contradict.  And these other studies, also, are done by scholars no less credentialed and no less objective than are those scholars who produce the contrary findings.

That’s the reality of the social sciences.  It’s not an exercise in simple observation of simple and self-defining facts, only one or two of which change at any time.

Therefore, theory is important.  Among other roles, theory directs our attention to what patterns to look for, and helps us to better understand what empirical findings warrant our suspicion more than others.  Obviously, theory should never be used as dogma to prevent our learning from careful empirical studies.  Nor, however, should well-accepted and coherent theories be tossed aside simply because a handful of people produce a few studies that are inconsistent with that theory – especially if other careful empirical studies support the theory.

So while it’s always a good instinct to ask “What do the data say?  What does history tell us about this matter?”, it’s just as scientifically naive to ridicule thoughtful discussion of theory (including discussion of pitfalls in interpreting data) by suggesting that the discussion is useless because it presents no data as it is to suggest that theory should never be subjected to empirical tests.

via Where Are My Data?!.


Facebook Gets a Multibillion-Dollar Tax Break

It's bad for Big Business to get tax breaks, right?

It hasn’t drawn much attention, but Facebook’s first annual earnings report contains an accounting gem: a multibillion-dollar tax deduction for the cost of executive stock options and share awards.

Even though Facebook (FB) reported $1.1 billion in pre-tax profits from U.S. operations in 2012, it will probably pay zero federal and state taxes--and even receive a federal tax refund of about $429 million--according to a Feb. 14 statement from Citizens for Tax Justice.

via Facebook Gets a Multibillion-Dollar Tax Break - Businessweek.


The Verbrilli Sound - Ultrawide - Weirdest Lyrics Ever

It's a sample, but still, this dude sounds high and hungry. And not bright. The fun starts at about 4:45.

I'd like, uh, Captain Crunch, and, some Special K,
toasted on the out and nice & on the inside,
and, uh, I would, would like some spaghetti, linguine,
sandwich, with a light bread, on the out, on the medium over
on like, some, like some candy canes
and eggs sunny side up
on, uh, on the toast
and i'd like the (aveneen?) rare,
i'd like some moo goo, gai pan, without the pan,
some pans
and i'd like, uh, i'd like some corned beef
on mustard with, with the rye and some (therma?)
i'd like a pickle with the lettuce
and (add it's all good)
I'd like an eggcream with chocolate, with vanilla in it,
and vanillas, shakes
and i'd like on the rye
i would like some scrambled eggs
and would like some muffin
limey to go
with feet


For CSRF tokens, mt_rand() is ok-ish but openssl_random_pseudo_bytes() is a lot better

On the pages for rand() and uniqid(), as well as looking at the C code, they specifically state that these functions should not be used for generating secure tokens.  They tend to generate predictable values.  And the documentation for md5() states that it should not be used for password hashing.  Granted we’re not hashing passwords when creating a CSRF token, but with the tooling available shouldn’t we be using functions that are more cryptographically secure?

...

The goal here is the random value.  As such the hashing using hash_hmac() does not buy you a whole lot extra.  The number of possible values in a 32 byte random string is 1.1579208923731619542357098500869e+77.  That alone would seem to be enough for a CSRF prevention token.  mt_rand() returns an integer which gives you  about 4 billion possible numbers.  While that will probably protect you, the other value will offer you better protection.  There’s no sense in gambling with a smaller value if you have the ability to generate a larger value with virtually no additional cost.

So it would seem that, for generating a proper token the code that you would really need is this:

$token = base64_encode( openssl_random_pseudo_bytes(32));

The only reason for the base64_encode() call is to make sure that the value provided will not break your HTML layout.

Looks like we need to update Aura.Session to use openssl when available and fall back to mt_rand() when it's not. Via Generating secure cross site request forgery tokens (csrf).