Just a geek who lives in Olympia, WA with my wife, son, and animals, writing fiction that he hopes will make the world a better place someday.
203 stories
·
2 followers

Changes in Password Best Practices

2 Comments and 23 Shares

NIST recently published their four-volume SP800-63-3 Digital Identity Guidelines. Among other things, they make three important suggestions when it comes to passwords:

  1. Stop it with the annoying password complexity rules. They make passwords harder to remember. They increase errors because artificially complex passwords are harder to type in. And they don't help that much. It's better to allow people to use pass phrases.

  2. Stop it with password expiration. That was an old idea for an old way we used computers. Today, don't make people change their passwords unless there's indication of compromise.

  3. Let people use password managers. This is how we deal with all the passwords we need.

These password rules were failed attempts to fix the user. Better we fix the security systems.

Read the whole story
popular
66 days ago
reply
Share this story
Delete
2 public comments
CallMeWilliam
66 days ago
reply
A meeting recently:
Developer Team: Our passwords require special characters, and max out at 30 characters.
Me: Why on EARTH did you do any of that? Why do you have a max?
Devs: Because ... it's hard to remember something long? How long do you want it to be?
Me: ... Get rid of the max. Get rid of the special characters.
CIO: Wait. Why do we have passwords at all? Can we link to google/linkedin/facebook and make it their problem? We are not in the security business.
Devs: Yes!
acdha
66 days ago
reply
I’ve been happy watching such sensible guidelines make it through the review process
Washington, DC

Cover for my next book ‘The Tangled Lands’ released

1 Comment

TangledLands crop2

Last week Saga released the cover and art for my and Paolo Bacigalupi’s next book project, The Tangled Lands, with a big cover reveal at Tor.com.

Krzysztof Domaradzki is the artist, who created some very evocative and cool art for this book.

TangledLands final

Here’s the official book description:

Khaim, the last great city of a decaying empire, clings to life. The living memory of the empire’s great city of Jhandpara is told in the hovels of the refugee camps across the river in Lesser Khaim; the other cities are buried under cloying, poisonous bramble.

It is a world where magic destroys. Every time a spell is cast, a bit of bramble sprouts, sending up tangling vines, bloody thorns, and a poisonous sleep. It sprouts in tilled fields and in neighbors’ roof beams, thrusts up from between cobblestones and bursts forth from sacks of powdered spice. A bit of magic, and bramble follows. A little at first, and then more—until whole cities are dragged down under tangling vines, monuments to people who loved magic too much. Teams of workers fight a losing battle to preserve the environment against the growing bramble. To practice magic is to tempt death at the hands of the mob, yet the city of Khaim is ruled by a tyrant and the most powerful of defilers, the last great Majister of the world.

Award-winning authors Paolo Bacigalupi and Tobias S. Buckell explore a shared world, told in four parts, where magic is forbidden and its use is rewarded with the headman’s axe—a world of glittering memories and a desperate present, where everyone uses a little magic, and someone else always pays the price.

The Tangled Lands will be released in February.

Read the whole story
Share this story
Delete
1 public comment
pawnstorm
90 days ago
reply
I hadn't realized that there were any plans to follow up There Alchemist and The Executioness. Can't wait.
Olympia, WA

A little tale about the creation of a pocket-sized worker placement game

1 Share
Hello there! I’m Justin Blaske, one of the Mad Scientists, and founder of Five24 Labs. A small game design and publishing studio out of Lincoln Nebraska. I spend my days as a husband, father and work as a software developer, and as a game designer by night, with my own ‘bat cave’ AKA workshop. If [.....]
Read the whole story
Share this story
Delete

Would $10 have been enough to monitor septics at poisonous Summit Lake?

1 Share
Not for nothing, but this post was hard to write straight-faced. I feel like this should be a light your hair on fire moment for this county commission and their constituents. I can't believe people aren't screaming at the county commissioners demanding to know why they didn't stand up for public health and institute a measly $10 annual fee. Even the high end of $54 A YEAR seems like a steal compared to toxins in your drinking water.

Google imagery of Summit Lake. Obviously, where else was I going to get it?
The Thurston County commission passed a new plan to manage septic systems last winter.

A new set of county commissioners were seated and voted to strip the ability to actually pay for the plan a few months later. A $10 annual fee was just too much to help ensure clean, drinkable water.

Then there was an outbreak of poisonous algae in Summit Lake. According to the state Department of Health, malfunctioning septic systems are one of the likely causes of a poisonous algae outbreak.
The problem on Summit Lake is that the same residents who live along the lake and use septic systems to deal with their human waste also depend on the lake for their drinking water.

Do we know for sure that septic systems are the cause of excess nutrients in Summit Lake that caused a poisonous algae outbreak? Well, no, we don't. But that we don't know this is the main problem.

Any sort of expanded monitoring or education that could have done anything to prevent a situation like the one at Summit Lake will go wanting for lack of funding.

In the approved, but apparently unfunded septic plan, the county specifically called out Summit Lake as a very vulnerable spot for mismanaged septics. Said the plan:
Summit Lake, which is used by most residents for their drinking water source, shall be designated as a Sensitive Area. All wastewater disposal systems in the Summit Lake watershed shall have required operational certificates and dye testing to assure that routine inspections and maintenance is completed at least every three years and failing systems are identified and repaired. 
The plan also pointed out that Summit Lake, despite being the water source for drinking water for people living on Summit Lake, presents some real issues about how exactly septic tanks wouldn't pollute that source:
Its steep slopes, shallow soils, and generally small lots sizes make siting and functioning of on-site sewage systems around the lake difficult. A 1992-1997 sanitary survey found 58 systems failing (18%) – the majority of which were repaired. Surface waters cannot be adequately protected from contamination to be safely used as a domestic water supply without treatment. A public health advisory issued in 1987 advises against consumption of untreated lake water at Summit Lake. A comprehensive program would ensure routine inspection and maintenance of all OSS within the Summit Lake basin and identification and correction of failing systems. The Summit Lake watershed should be considered for special area designation due to the serious threat posed to the drinking water supply by failing septic systems.
Twenty years ago they knew that 18 percent of the septics were failing because they went out and looked. Just like when they found 14 percent failing on Henderson Inlet.

Here's the underlying point: Since 1997 the county hasn't gone back to take another look at septics around Summit Lake. Now the water has too many toxins to drink. The reason we can't rule out septics as the source for algae with toxins is because we haven't looked.

Nothing that I've seen from the county says that they can do anything to track down the source of the algae. The very least you could say is that $10 a month could have gone to a small bit of dye testing to see if in twenty years any septics around the lake started not working.

Right now what the county is doing is just waiting for sunlight and time to deal with the algae. But, I'm sure a more progressive standpoint would be get out there and start figuring out why we have a public health crisis on Summit Lake to begin with.
Read the whole story
Share this story
Delete

Washington had a surge of Independent voters. What does that mean?

1 Share
Here is the last 10 years of Survey USA statewide poll results charted out (background data), focussing only on how the respondents identified their partisan affiliation.


Basically, following the trendlines, both the Republican and Democratic parties have lost marketshare and three times since 2006 there have been more identified independents than anything else. Also, in the most recent survey from last fall, the independent identification has a big lead.

It is worth noting that independents have always been strong in Cascadia, but I'm convinced we're seeing something different in this trend here.

What could have caused this?

I have a couple of theories, but I'm far from totally convinced by them.

I think the Top Two primary had something to do with this. Especially, in combination with a redistricting process in 2010 that had a lot to do with protecting incumbency and not with creating competitive districts between the traditional left and right.

So, since the first Top Two primary in 2008 and redistricting races in 2012, we're seeing more legislative level races that aren't competitive between the two major parties. So what do member of a minority ideology do when left in the cold without a standard bearer? I think it's possible they drop the partisan standard all together.

I think there's also something wrong with how we structure party politics around here that encourages not identifying as a partisan. Basically, political parties, the local county and legislative district ones, aren't forces in the lives of most voters or even most activists.

Campaigns can be built, volunteers recruited and advertising funded, without a lot of help from local party officials. The web has a lot to do with this, but the fact that the basic party structure is an obscure elected official called a precinct committee officer probably doesn't help.

What does this mean?

I think we're already seeing the impacts of what a possible non-partisan identifying stable plurality or even majority could mean in Washington State. With little buy-in with their actual policies, the Thurston County commission is now made up of conservative independents. There is was also an independent election on the Grays Harbor County commission, a more conservative but still usually solidly Democratic county.

Also, in Grays Harbor, you saw them support a Republican for president for the first time since the Democratic party was near its death in the 1920s in Washington State. My guess is that they voted for Trump not because was running as a Republican, but because he was running as a non-partisan under a partisan label.

What could this mean in the future is two things:

One, maybe Bill Bryant could have won if he'd shed the partisan banner. With 41 percent and growing, the independent population in Washington serves as a much handier base than a shrinking third place identification. It also seemed to me that Bryant ended up not running as really a conservative, but as a better version of the centrist pro-government governor we already have.

And two, on the local level, even more independents. I hope.

 It is one thing for three anti-growth regulation independents to be elected in a county that voted overwhelmingly for an urban environmentalist of lands commissioner. That (plus the way we voted for the independents across the county), means that enough voters didn't know what policies they were actually supporting and just pulled the lever for the non-partisan.

But, what happens when there are two non-labeled candidates in the race? What shortcuts do the voters use to make their decision? Or do low information voters drop out and leave the election to the voters who have their minds made up?
Read the whole story
Share this story
Delete

Why I Hope California Goes Ahead With Medicare For All

1 Share

As part of my attempts to reduce anxiety-loops related to media consumption, when the argument broke out about Obamacare eight years ago I purchased a number of books about healthcare around the world to better understand the global context and options.

I find Americans tend to argue that there’s ‘market’ driven healthcare and ‘socialist’ healthcare. Europe has ‘socialist’ healthcare and that’s expensive, they use a high amount of taxes to support it. America has less taxes, and spends more on defense, so it uses ‘market’ healthcare that its citizens pay for.

Often, the argument between left and right Americans is between arguing for higher taxes and better healthcare, or using the ‘market.’ Many Americans who have healthcare via their jobs are also somewhat uninformed about what American healthcare looks like and how it works. The number of people I’ve talked to who have day jobs and healthcare through employers and who are upset about Obamacare market exchanges being forced on them when they’re not using it, is somewhat astounding to me.

Talking to Europeans and other folk around the world, I also noticed that people took it for granted and saw it as invisible, or talked about the downsides. It wasn’t until I would outline how it worked in the US that they got horrified faces (I knew it was bad, but fuck me, was one friend’s response via email).

As far as I can tell, the America system is an amalgamation of a number of different healthcare approaches all followed somewhat haphazardly. It actually uses elements of ‘socialized’ healthcare and ‘market’ healthcare. But those two dualities are not altogether right, as far as I can tell.

The book that laid it all out the best is The Healing of America, which I really recommend anyone who opens their mouth about healthcare options read.

Different Types of Healthcare Models

There are basically 4 approaches to offering healthcare in the world that humanity tries. Wikipedia summarizes them here:

The Bismarck Model

This is the model followed in Germany and in its rudimentary form was laid out by Otto von Bismarck. The system uses private initiatives to provide the medical services. The insurance coverage is also mainly provided through private companies. However, the insurance companies operate as non-profits and are required to sign up all citizens without any conditions. At the same time all citizens (barring a rich minority in the case of Germany) are required to sign up for one or the other health insurance. The government plays a central role in determining payments for various health services, thus keeping a decent control on cost.

The Beveridge Model

This model adopted by Britain is closest to socialized medicine, according to the author. Here almost all health care providers work as government employees and the government acts as the single-payer for all health services. The patients incur no out-of-pocket costs, but the system is under pressure due to rising costs.

The National Health Insurance Model

The Canadian model has a single-payer system like Britain; however, the health care providers work mostly as private entities. The system has done a good job of keeping costs low and providing health care to all. The major drawback of this system comes from the ridiculously long waiting times for several procedures. The author, T.R. Reid, would have had to wait 18 months for his shoulder treatment in Canada.

The Out of Pocket Model

This is the kind of model followed in most poor countries. There is no wide public or private system of health insurance. People mostly pay for the services they receive ‘out of pocket’. However, this leaves many underprivileged people without essential health care. Almost all countries with such a system have a much lower life expectancy and high infant mortality rates. The author gives his experience with the system in India, and a brief description of the ancient medical system of Ayurveda.

So by the writer’s estimation, the USA mixes in from all four of those models above in bits and pieces.

Healthcare Models the US uses all simultaneously:

  • The Bismark Model for people under 65 and in the workforce. Although not non-profit, as in cheaper and more successful Bismark models, for profit companies work with employers to get health insurance set up in US. 64% of the US population, according to the US Census, is covered by the for-profit Bismark model. Kaiser Family Foundation claims it’s 49%.
  • The Beveridge Model for Veterans, Active Military Personnel, and Native Americans. This is where the government directly hires the doctors, and builds the hospital. This is how the UK creates national health care (and is actually sort of what Americans think socialized healthcare is). .5% of the population is active military, 5.2% are veterans, and about .5% of the US population are Native American eligible for that coverage. Up to 6% of the US population is covered by this centralized government healthcare model.
  • The National Health Insurance Model in the US is used for anyone 65 or older. This is called Medicare and Medicaid. The government acts as the insurer, collected payments (either through taxes or straight payments) and negotiates with private hospitals and doctors. According to Kaiser, 14% of the US population is on Medicare. 20% of the US population is on Medicaid. 2% is on other public assistance (like CHiPs for children to get access to healthcare if their parents have none). Canada uses the NIH model, it’s even called ‘Medicare’ and it’s basically Medicare for all, even though it’s decried as socialism by the American right wing.
  • The Out of Pocket model is used in the US for poor folk who have slipped between all those other systems and is often advocated for by right wing folk.

So, 36% of the US uses some form of a system from the NIH model, 50-60% of it uses some form of Bismarck mode, but using for-profit systems that are lightly regulated, whereas every other place that uses the Bismarck model (some of Germany, France, Belgium, Netherlands, Japan, and Switzerland) don’t actually do socialized medicine, they just highly regulate the companies that provide and demand they cover all citizens and offer minimum benefits.

Canada and the UK, which offer what some might imagine as socialized medicine, do it through two radically different mechanisms (Canada creates a national health insurance company via the government, Medicare, while UK government directly hires doctors and makes hospitals).

Few of the above, even in Europe, are actually truly socialized medicine, by the way. The UK comes the closest. Socialism is ‘seizing the means of production from private capital.’

What is ‘Single Payer?’

Okay, a number of debates are about ‘single payer’ and socialized healthcare vs ‘market’ healthcare.

Single payer means the government acts as an insurer and collects all the payments, whether via a tax, or via a set payment, and then pays private hospitals or doctors for your treatment. Having a single source means the government can negotiate down costs.

Medicare and Medicaid are single payer. The UK and Canada are single payer models. Canada is Medicare for all. A third of the US system is single payer. It is just that most Americans do not realize this, it’s a wonky term. Many people hear ‘single payer’ and they don’t think ‘Medicare’ they think ‘Canada’ or ‘Europe’ even though Europe has a mix of systems.

Who likes their healthcare the most?

Funnily enough, UK patients tend to self-report as liking their healthcare the best:

 

But that doesn’t mean the more socialized the healthcare the happier people are. Switzerland has a fairly lean Bismarck model that the US would recognize and is second on that chart up there. The difference is that they regulate the ever-loving hell out of it and require (mandate) that everyone buy some, something the US keeps shying away from.

Who lives the longest?

People in Japan live the longest. Switzerland is next, followed by Singapore, then Australia, Spain, Iceland, Italy, Israel, Sweden, France and then Republic of Korea for your top 10.

Now whenever I post that someone links me to a look at how much more they have public transportation, or a better diet. Sure, it’s not healthcare alone. But it’s the single largest impact on life expectancy of a civilization. The fact the USA is #31 on the life expectancy list  and dropping (one of the few or only developed nations to be reversing a trend in life expectancy growing in areas of the US) demonstrates the power of healthcare and quality and longevity of life.

But can America afford healthcare?

Often I hear an argument that goes “well, the US spends so much on defense we’d have to give up other things to have the government create socialized medicine, socialized medicine is too expensive.”

Well, arguments against the complicated amalgam of systems the US currently has isn’t an argument for socialized healthcare and also no other system is more expensive than the US system.

Here’s what countries spend, both in taxes via the public government, and via private systems, visualized on a graph:

You can see that just in government spending, the US spends as much as Switzerland, Netherlands, Sweden, Ireland, Austria, Denmark, Belgium and more than the UK. So we don’t have to spend any more than we’re already spending, we just need to change what we’re doing.

Also, all of those systems get dramatically better results for longevity and patient-reported happiness.

Woah, why is American healthcare so expensive?

There are a lot of reasons. A big one is that America is one of the few countries that assumes health insurance companies should be big, profitable businesses. Most countries look at it as a service. Fire, police and teachers aren’t big, for-profit business, but are services for the community. They make assumptions moving back from there. America’s education system also puts a huge burden on medical professionals who take on a lot of debt, who then charge more. The US also has a legal system that allows big lawsuits, that means doctors take out expensive operating insurance.

There are many other pain points as well, but another huge one is this:

The entire US system is actually socialized, and it was socialized by President Ronald Reagan in the 1980s with something called EMTALA. I have a long post about that here.

Short version: the US used to require payment or proof of insurance before you went into the ER. Reagan changed that to legally force ERs to take care of anyone who came in. Thus, the moral contract America legalized was that all people should be taken care of.

What Reagan never did was to decide how we paid for it. We’ve been arguing ever since. But hospitals are still admitting people. And since many Americans don’t have insurance for preventative care, they use the ER as their doctor. ERs pass this cost onto any American who has insurance by randomly fiddling with billing to make sure the hospital as a whole makes a profit.

I sometimes thus make the argument that American health insurance is a ‘socialist’ (using some right wing arguments about healthcare) unfunded mandate.

So what do I think we should do?

Funny you should ask.

This is of interest to me:

One of my friends who is a nurse retweeted this and it caught my attention because of the history of how Canada came to adopt the NIH model. In 1947 in Saskatchewan, a Canadian province rolled out an act that guaranteed free care, thanks to one Tommy Douglas. They couldn’t quite do universal health care, the original vision, due to funds at the time. Alberta came next with medical coverage for 90% of the population. In 1957 Canada’s Federal government created a 50% cost payment plan, and by 1961 all the provinces were using that plan to create universal programs. In 1966 it was expanded further.

That hints to me that all we need is one big state to do something similar in the US. Vermont had looked into it after Obamacare was passed, as that law has a provision allowing a state to take federal funds for health and pool them all into one giant pot if it’s creating a universal healthcare situation. That’s basically the Canada path.

I also think using Medicare as the vehicle is smart.

Medicare has a great brand. In the US, 75% of its users report satisfaction, making it one of the more well-liked American institutions.

Further, using existing Medicare program for growing would bring down older users costs in the program by healthifying the Medicare user base.

Lastly, Medicare, even though it’s for older folks and higher risk by default, is pretty damn cheap in comparison to workforce insurance and self employment health insurance. Part A is free (basic emergency stuff and hospitalizations) and Part B (doctors and preventative stuff) is $150/month and part D for drugs is $50. I’d jump on that.

And none of this means employers have to stop offering great healthcare plans to sugar employment deals. In the UK, and all throughout Europe, people who make extra money bolt on private health insurance plans on top of the public options so that they can the care they want in the style they want. Medicare has a part C, which is where you can get a more Cadillac private insurance set up added on.

But having the option so you can get out of a shitty employer healthcare plan, or move around, be portable? That sounds great.

One Canadian province setting it up got other provinces to look over there and say ‘hmmm’ and spread the idea. If California got rolling, it wouldn’t be too long before Washington and Oregon joined up, and the entire west coast was set up. They’d draw a lot of small business over there.

I’ll be rooting for California.

Read the whole story
Share this story
Delete
Next Page of Stories