Posts tagged ‘security’

Even at the Margin With Capital Charges Sunk, Light Rail Economics are Awful

A reader and frequent contributor sent me this:

When 120,000 people head to downtown Orlando for the big July 4 fireworks show at Lake Eola, none will be getting on SunRail.

It’s not running.

Central Florida’s $1 billion commuter-rail line usually only operates Monday through Friday, and while a few special weekend events in recent months have booked the train, one of the biggest gatherings of the year won’t.

Fireworks at the Fountain, in addition to the sky show, will feature more than 25 vendors, live music and children’s activities.

But Orlando city staff researched the addition of SunRail service, but found it wouldn’t work, said Cassandra Lafser, the city’s public information officer.

“Several factors contributed to this decision, including safety, availability and costs,” Lafser said in a prepared statement.

“The city’s concerns included: total train capacity, safety and security, hours of operation, pedestrian wayfinding and transport operations between the downtown stations and Lake Eola, and funding availability.”

So, even in a situation where capital costs are sunk and can be ignored, an incremental decision to operate the train on a very heavy commuter day makes no economic sense.  You want to know why?  Because it makes no economic sense Monday through Friday either.  Light rail never pays back any of its capital costs, but the vast majority of light rail loses money operationally at the margin as well.

Question: Name An Activity The Government is Better At Than the Private Actors It Purports to Regulate

I am serious about this.  We saw in an earlier story that the government is trying to tighten regulations on private company cyber security practices at the same time its own network security practices have been shown to be a joke.  In finance, it can never balance a budget and uses accounting techniques that would get most companies thrown in jail.  It almost never fully funds its pensions.  Anything it does is generally done more expensively than would be the same task undertaken privately.  Its various sites are among the worst superfund environmental messes.   Almost all the current threats to water quality in rivers and oceans comes from municipal sewage plants.  The government's Philadelphia naval yard single-handedly accounts for a huge number of the worst asbestos exposure cases to date.

By what alchemy does such a failing organization suddenly become such a good regulator?

Update:  On the topic of cyber security competence or lack thereof, there is this:

In mid-May, the Federal Bureau of Investigations lost control over seized domains, including, when the agency failed to renew a key domain name of its own. That domain, which hosted the name servers that redirected requests for seized sites to an FBI Web page, was purchased at auction—and then used to redirect traffic from and other sites to a malicious site serving porn ads and malware. Weeks later, those sites are still in limbo because somehow, despite a law enforcement freeze on the domain name, the name servers associated with and those other seized sites were changed to point at hosts associated with a domain registered in China.

Yep, that is the lead government agency tasked with investigating hacking and cyber security breaches.

Your Government At Work

Statists believe in a kind of alchemy.  They will say that individual citizens cannot be trusted with, say, selecting their own health plan.  This must be entrusted to a government official who gained such lofty powers by ... being selected by the self-same citizens that couldn't be trusted to choose a health plan.  How is it that schlubs who cannot be trusted can be elected by the mass of schlubs who cannot be trusted, placed into a monopoly with guns and no competition, and miraculously suddenly be trusted?

As you probably know, the institution that demands ever more power because of external threats to our security and constantly bashes private companies for not being careful enough with privacy had most of its employee data  stolen by a group of Chinese hackers. After the hack was made public, the government claimed the hack was discovered due to their diligent internal security efforts.  This turns out not to be the case, and the reality is pretty damn funny:

At the time, OPM said the breach was discovered as the agency “has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks.”

But four people familiar with the investigation said the breach was actually discovered during a mid-April sales demonstration at OPM by a Virginia company called CyTech Services, which has a networks forensics platform called CyFIR. CyTech, trying to show OPM how its cybersecurity product worked, ran a diagnostics study on OPM’s network and discovered malware was embedded on the network. Investigators believe the hackers had been in the network for a year or more.

Update:  Extra points for this one:

The breach has expedited plans by the Senate to vote on cybersecurity legislation, with Majority Leader Mitch McConnell (R., Ky.) saying Tuesday a vote now could be held in the coming days.

Mr. McConnell said he planned to use an annual defense policy bill currently on the Senate floor to advance the cybersecurity measure, which is aimed at responding to a growing prevalence of data breaches at large U.S. companies.

So the government gets breached because it is using outdated software major private companies have long-ago replaced or patched, and the reaction is new demands on private companies?

The Problem with Email is That It's Free

Yeah, I know, free is always supposed to be better.  But the problem of spam is caused entirely by its being free.   Here is an example:

According to the indictments, between 2009 and 2012 Nguyen and Vu hacked at least eight email service providers -- the companies that collect your data under slightly more legitimate circumstances -- to steal marketing data containing over a billion email addresses. After that, they worked with Da Silva to profit from the addresses by sending spam with affiliate links for a company he controlled,

At least according to the DoJ, all of that work netted around $2 million in affiliate marketing fees.

We don't have any idea how many emails they sent to each of these billion addresses.  But let's say they sent 10 spams to each (probably a low guess).  That is 10 billion spam emails for a net revenue of $2 million, or around $.0002 per email sent in revenue.

Long ago I proposed that (and I am not sure how to do this technically) emails should cost $0.001, or a tenth of a cent, to send.  For you and I, say if we sent 200 emails a day (an email copied to 5 people would be 5 emails for this purpose) it would cost us 20 cents a day or about $75 a year, not much more than we pay for security software and updates.  But if you could make it work, spam would be reduced drastically.  No way there is any profit in sending an email for $.001 for an expected return of $.0002.

I have no idea in the current structure of the Internet how one would even do this.  The charge would have to come from the receiving end, somehow refusing to deliver it if it does not get payment information.  However, anyone who is going to steal a billion email addresses could likely hack the payment system.

I was going to call this tragedy of the commons, but that is not really quite right.  Tragedy of the commons is sort of related to free public resources, but is more of an issue of lack of property rights than of the zero price.

@kevindrum Finds Absolutely Ubiquitous Feature of Regulation to be Mysterious

Kevin Drum simply does not understand why Wall Street might be piling into broadband stocks despite proposed "tough new regulations."  He posits a number of hypotheses -- that Wall Street expected the rules to be worse than they turned out to be.  But this can't be it because the hundreds of pages of rules are still a secret.  He also hypothesizes there might be some nefarious secret loophole buried in the rules Wall Street knows about but we don't.

This is crazy!  How can a reasonably bright person like Drum who writes about the political economy not understand the issue of regulatory capture?  Seriously, I have always figured that the Left, which has a seemingly infinite appetite for regulation, must favor regulation because they find the benefits to out-weight the crony-ist downsides.  Is it really possible Drum is unfamiliar with the downsides altogether, or is he just being coy?

Here is what regulation, particularly utility-style regulation, tends to do -- it locks in current business models and competitors.  It makes it really hard for new entrants to challenge incumbents with innovative new business models or approaches, because regulations have been written based on the old business model and did not take the new one in account.  So a new entrant must begin business by getting regulators to allow their new model, which never happens because by this time incumbents have buildings full of lobbyists aimed at the regulatory process.  Go ask Tesla and Uber and Lyft about how easy it is to enter a heavily regulated business even with a superior new business model.

This is particularly true in the technology world.  The biggest threat to incumbency is someone with a new technology or approach to the technology.  Don't believe me?  I suggest you go to the offices of Netscape or AOL or Lycos or Borders or Circuit City or Radio Shack and interview them about the security of their multi-billion dollar businesses in the face of new online technologies.  At best, regulators put a huge speed bump in the way of competitors, costing them time and money to get their alternative business model approved.  At worst, regulators block new competitors altogether.

I will give you a thought experiment.  Let's say these exact same rules were adopted in the year 2000, when AOL and Earthlink dial-up ruled the internet access world.  Would cable and satellite and DSL have grown as quickly?  I can see the regulators now -- "hey, all the rules specify phone dial up.  There's nothing here about cable TV.  Sorry [Cox, Comcast, whoever] you are going to have to wait until we can write new rules.

The other thing that happens with utility-style regulation is that companies in the business tend to get their returns guaranteed.  Made a bad investment in a competitive market?  Well good luck getting customers to pay extra to bail you out from your bad decision when they have other options.  But what happens when your local power company wastes $10 billion on a nuclear plant that never opens -- it gets built into your rate base!

In the cast of broadband, they are locked in what business school students would see as a classic supply chain battle.  Upstream companies like Netflix supply content via downstream broadband companies.  Consumers are only willing to pay a certain amount for this content, so the upstream and downstream fight a lot over who gets what share of that consumer $.    This happens everywhere in the business world, from Cable TV to oil refining to selling TV's at Wal-Mart.  There is a real danger that broadband will lose this fight in the future -- but not now.  Regulated industries never die, they appeal to their regulators for help.

As of yesterday, Wall Street is looking at broadband companies and realizing that they are now largely immune from competition and some level of minimum returns are likely now gauranteed forever.  Consumers should hate this, but what's not to love for Wall Street?

Postscript:  Kevin Drum describes the new regulation this way:  "Basically, under Wheeler's proposal, cable companies would no longer be able to sign special deals to provide certain companies with faster service in return for higher payments."  This is a bit like describing the Patriot Act as a law to force people to take their shoes off at the airport.  Yes, it does that narrow thing, but it does a LOT else.  The proposal is hundreds of freaking pages long.  It does not take hundreds of pages to do the narrow little niche thing Drum (like most neutrality supporters) wants.

This Administration has cleverly taken this one tiny concern people have and have used it as an excuse to do a major regulatory takeover of the Internet.  This is a huge Trojan Horse. But I have already ranted about the details of that and you can read that here.

Thinking of the Gracchi Brothers Today

It is with mixed emotions that I greet this day.  Frequent readers will know that I long for a system of much more open immigration.  I don't think that the US Government should be limiting who can and cannot seek work or live within the US borders (setting rules for citizenship and receipt of benefits are different matters).  So I would like to see many long-time immigrants legalized today (and in fact I likely have friends and acquaintances who will benefit, though it's always been a bit awkward to ask them about immigration status).

However, I would MUCH rather see a rational process implemented than these once a decade amnesties we seem to go in for instead.

I also worry that Obama is taking these actions for all the wrong reasons, seeking to add 5 million Democratic voters rather than trying to help 5 million people who are seeking prosperity.  The reason I suspect this is that he is also seeking higher minimum wages that will likely make it harder for these folks to find work, likely something he has promised to his union allies so they won't freak out.  I have always said that Republicans want immigrants to work but not vote and Democrats want immigrants to vote but not work.

But I am much more worried about the un-Constitutional process that is going to be followed.  Of course, this is not the only Executive power grab over the last two presidencies, but it is a big one and one of the first where the President has admitted he doesn't have the power but is going to do it anyway.

Around 133BC, Tiberius Gracchus was ticked off that the Roman Republic would not consider necessary land reform.  I am going to oversimplify here, but in their conquests the Romans had grabbed a lot of new territory and by law that land was supposed to be parceled in small sections to lots of individual land holders.  Instead, powerful men (many of whom were in the Senate) grabbed the lion's share of this land for themselves in huge estates.   Gracchus rightly saw this as unfair and a violation of law, but it was also a threat to the security of the nation, as independent landowners who bought their own weapons were the backbone of the Roman army.  The shift of agriculture to huge estates staffed with slaves was not only forcing a shift in the makeup of the army (one which would by the way contribute to the rise of despotic generals like Sulla and Caeser), but also was creating social problems by throwing mobs of unlanded poor on the cities, particularly Rome.

Anyway, the short version is that Tiberius Gracchus had good reason to think these reforms were important.  But traditionally they would have to be considered by the Senate first, and he was too impatient to wait that process out, and besides (probably rightly) feared the Senate would find a way to kill them.   He was so passionate about them that he violated the (unwritten) Roman Constitution by ignoring the Senate and setting new precedents for using his position as Tribune to pass the new laws.  It was absolutely the prototype for a well-intentioned bypassing of the Constitution.  I won't go into detail, but Tiberius was killed at the behest of some Senators, but his brother picked up his mantle 10 years later and did some similar things.  Which is why we talk of the Gracchi brothers.

In the near term, the results were some partial successes with land reform.  However, in the long-term, their actions really got the ball rolling on what is called the Roman Revolution.  A hundred years later, the Republic would be gone, replaced with a dictatorship.  Step by step, the precedents often set initially with only the best intentions, were snatched up and used by demagogues to cement their own power.  In later years, what gave emperors their authority was a package of powers granted to them.  One of the most important was "tribunition" power.  In essence, the tribunition power included many of the powers first exercised aggresively by the Gracchi brothers.  More than just starting the ball rolling on the Revolution, they pioneered the use of powers that were to be the core of future emperors' authority.

Sorry for the Downtime

Had some sort of attack running all weekend against one of my more minor web sites.  Hostgator found the attack and changed our security rules, and for now we should be fine.  Sort of violating the security through obscurity rule of thumb since this was a very obscure site they were attacking.

Site Issues

Well, we had just a mess of problems here.  We have had off and on DOS attacks for a week or so, and then last night I managed to embed some oddball code in a quotation in one of yesterdays posts that caused other heartache.

After a lot of debugging, I am hoping all is well again.  I have changed the caching and security options at Incapsula, which I use as a gateway for traffic.  For many of you, you will see substantial performance improvements but at the cost of some caching which may delay your comments showing up by 10 minutes or so.

The Real Money in the Climate Debate

I have yet to meet a skeptic who reports getting any money from mysterious climate skeptics.  A few years ago Greenpeace had a press release that was picked up everywhere about how Exxon was spending big money on climate denialism, with numbers that turned out to be in the tens of thousands of dollars a year.

The big money has always been in climate alarmism.  Climate skeptics are outspent a thousand to one.  Here is just one example

It sounds like the makings of a political-action thriller. The National Geospatial Intelligence Agency (NGA) has awarded Arizona State University a five-year, $20 million agreement to research the effects of climate change and its propensity to cause civil and political unrest.

The agreement is known as the Foresight Initiative. The goal is to understand how climate-caused disruptions and the depletion of natural resources including water, land and energy will impact political instability.

The plan is to create visually appealing computer models and simulations using large quantities of real-time data to guide policymakers in their decisions.

To understand the impacts of climate change, ASU is using the latest advances in cloud computing and storage technologies, natural user interfaces and machine learning to create real-time computer models and simulations, said Nadya Bliss, principal investigator for the Foresight Initiative and assistant vice president with ASU's Office of Knowledge and Development.

I can tell you the answer to this study already.  How do I know?  If they say the security risks are minimal, there will be zero follow-up funding.  If they say the security risks are huge, it will almost demand more and larger follow-up studies.  What is your guess of the results, especially since the results will all be based on opaque computer models whose results will be extremely sensitive to small changes in certain inputs?

Postscript:  I can just imagine a practical joke where the researchers give university officials a preview of results.  They say that the dangers are minimal.  It would be hilarious to see the disappointment in the eyes of all the University administrators.  Never in history would such a positive result be received with so much depression.  And then the researchers would say "Just kidding, of course it will be a catastrophe, it will be much worse than predicted, the badness will be accelerating, etc."

AZ Corporation Commission's Completely Inadequate Response to My Critique on their Site Security

A while back I wrote about my concerns about the total absence of any security at all in the Arizona corporate annual reporting system

I started the annual reporting process by just typing in the name of my company and getting started.  There was no password protection, no identity check.  They had no way of knowing I had anything to do with this corporation and yet I was answering questions like "have you been convicted for fraud."  The potential for mischief is enormous.  One would have to get the timing right (an annual report must be due before one can get in) but one could easily open the site on January 1 and start entering false information in the registrations for such corporations as Exxon and Wal-Mart.

See for yourself.  Here is their web site.

I showed how one could open and file the report for a company like Wal-Mart, changing all their officers names, and confessing to all sorts of imagined corporate crimes

Again, note what I am saying.  This is not the result of hacking.  This is not lax security I figured out how to evade.  This is the result of no security whatsoever.  I simply went to the link above, clicked on the Wal-Mart Associates link, and then clicked on the annual report link.  I know from doing my own registration that there is a signature page at the end, but all you do is type in the name of an officer and a title -- data that is right there on the site.  It's like asking you for a password after the site just listed all the valid passwords.

The head of the Arizona Corporation Commission wrote me back. Here is here email in its entirety:

Dear Mr. Meyer:

Thank you for your email regarding the Corporations Division.  The Arizona Corporation Commission is the repository for all business formation documents for corporations and limited liability corporations.  We are in full compliance with state statutes.

Submitting false documents to alter another’s corporate structure or status is a crime and carries a Class 4 or Class 5 penalty.  The Commission or the aggrieved business entity may refer the false filing to the Attorney General’s office for prosecution.  Additionally, the individual business entity may pursue a civil cause of action.  The Commission only accepts on-line charges for a few services such as name reservation or to order a certificate of good standing, and the online payment process is completely secure.

Even though the Commission’s existing security measures comply with the state law and are similar to most other states and other Arizona governmental entities like the County Treasurer’s Office, the Commission is looking at implementing new technology to allow for the online submission of additional services – such as the filing of original Articles of Organization and Articles of Incorporation.  We do intend to provide password protected security features when that new technology is offered to the public.

J. Jerich

Executive Director

Arizona Corporation Commission

I had no doubt that submitting a false annual report for Wal-Mart would be illegal.  Duh.  However, it is just incredibly naive that this is the sole extent of the Commission's security, to prosecute people once the damage is done.  Can you imagine if Amazon had the same security policy - "we are getting rid of passwords because it would be illegal for you to buy something from someone else's account."  I wonder if the commissioners leave their doors unlocked at night, trusting in the threat of future prosecution to deter burglary and mayhem in their homes?

Arizona Corporation Commission Web Site is Criminally Insecure

Today I had to do my annual renewal of my corporate registration in Arizona.  As in most states, this involves a bit of information foreplay followed by the purpose of the exercise -- sending in a check to the corporation commission.

But here is the extraordinarily scary part -- I started the annual reporting process by just typing in the name of my company and getting started.  There was no password protection, no identity check.  They had no way of knowing I had anything to do with this corporation and yet I was answering questions like "have you been convicted for fraud."  The potential for mischief is enormous.  One would have to get the timing right (an annual report must be due before one can get in) but one could easily open the site on January 1 and start entering false information in the registrations for such corporations as Exxon and Wal-Mart.

See for yourself.  Here is their web site.  Below is a screen shot of the site letting me in to edit one of Wal-Mart's corporate registrations in Arizona:

click to enlarge


Again, note what I am saying.  This is not the result of hacking.  This is not lax security I figured out how to evade.  This is the result of no security whatsoever.  I simply went to the link above, clicked on the Wal-Mart Associates link, and then clicked on the annual report link.  I know from doing my own registration that there is a signature page at the end, but all you do is type in the name of an officer and a title -- data that is right there on the site.  It's like asking you for a password after the site just listed all the valid passwords.

If I disliked Wal-Mart, I could put all kinds of crazy garbage in here.  I did not go further, because I would have had to answer these questions to proceed and I had no desire to mess with another company's critical data, but if I had gone further I could have changed their mailing address, the names of their officers, etc. -- all I had to do was just pay the $60-ish registration fee for them and they would have a big mess on their hands to sort out.   If I had access to a fake or stolen credit card and a public computer, I could have done it all without any hope of being traced.

By the way, from my experience, this is not unique to Arizona.  This criminally lax behavior seems to be the norm in most states.

I have submitted this all as a complaint to the state, so far with no response.  If anyone in AZ knows how I can get someone's attention with this, let me know.

Windows 8 Even Worse Than I Thought

Up to this point, after some initial bad impressions trying Windows 8 briefly, I have avoided it like the plague.  However, my son needed a new laptop and the only ones that really met our requirements only came in Windows 8 flavors, so we bought one.

What an awful mess.  The system boots up into a tiled mess that looks like some cheesy website covered in moving gifs and viagra ads.  To make matters worse, nothing on this tablet-based interface is organized at all logically.  The interface is like the room of an ADD child that dropped all of his toys and books in random spots.  I am sure these tiles have some sort of navigation paradigm, but it is completely different from any used in past windows versions.  I could not, for example, figure out how to easily exit the store except to alt-tab out (there is no exit or quit option and right-click context menus which are one of the great advantages of windows over mac don't seem to work a lot of the time).  Again, I am sure there is some way to do it, but I have no idea what it is and no desire to learn new navigation commands.  Perhaps Microsoft intends that one use a gamepad instead of a mouse -- I would not be surprised at this point.

Unlike older versions of windows, windows update did not run automatically at first bootup.  I knew from past experience there were likely dozens of security patches I needed to install right away.  I hunted for quite a while just to find the windows control panel (so I could run windows update).  It was buried in a sub-menu of a toolbar on the right side of the screen that only pops up if you find a tiny (unmarked) spot in the corner of the screen with your mouse.   It amazes me that anyone thought replacing the start button with an unmarked spot on the screen was a good idea.

Of course, the control panel is called something entirely different now, but I did eventually find windows update and there were, as expected, over 70 security patches that needed to be installed.  But for some reason they would not download immediately, but kept giving me a message that they would be downloaded at some future indeterminate date.  I finally found a way to force them to download.

My next step was to get rid of the stupid application tile interface and get the computer to boot directly to desktop and get the old start button back.  This requires a free upgrade to windows 8.1, but there is no obvious way to do this, even through windows update.  I finally had to search the internet to find the link.  This sent me into the windows 8 app store.  What a total mess that is!  If anything, it is more poorly organized than the Apple app store.  Like the Apple store, it seems aimed at people who want to browse applications virtually at random rather than find something specific.  Incredibly, there is no search function.  Yes, I know, I have to be wrong about that, but I scrolled all over that damn storefront and cannot find a search box.

So I cannot actually find the Windows 8.1 upgrade.  The web site tells me that I should be presented with a prominent option to download it in the store, but I am not.  It is nowhere to be found.  I found an FAQ somewhere that suggested that I would not be offered the 8.1 upgrade if my 8.0 installation is missing certain patches, so I am going back to windows update to see if there is something I am still missing.

I was wrong about windows 8 -- I once wrote it was bad but perhaps not as bad as Vista or ME.  But it is.  This is the worst thing I have ever seen come out of Microsoft.  It is inexplicable that this company with such a strong market share in the business world could saddle its flagship OS with an interface more appropriate to an XBOX.

In the past, I have said that I would not want a desktop with a tablet interface.  But at the end of the day, I would not want a tablet with this interface.  Perhaps with hours of work, I will make this computer usable.  Who would have ever thought I would have longed for the day when I had to spend an hour with a new computer removing bloatware.  Now I have to spend a day trying to emulate the windows 7 experience on windows 8.

People have developed many hypotheses for the lingering recession.  Some say it was too small a stimulus.  Some blame the sequester.  I blame the Windows 8 launch, which I think has a lot to do with suppressing PC sales and thus much of the electronics and retailing sector.

2014 Obamacare Headlines

Here are a few shoes that are left to drop for Obamacare:

  1. Millions complain about their doctor no longer being in-network
  2. Thousands of companies are finding it cheaper to drop coverage and pay Obamacare penalties than continuing to provide health care coverage under new rules
  3. Despite fewer exchange enrollments than expected, total Federal subsidy payments higher than expected
  4. Emergency rooms overflow with new Medicaid patients that no private doctor will take on
  5. Exchange-sold health policies, particularly the unsubsidized ones, were mainly bought by the old and sick
  6. Obama Administration works to bail out health insurers via a number of different avenues
  7. Small to mid-size companies are shocked as Obama Administration finally reveals new record-keeping requirements
  8. After 5 years of 3-4% growth, health care spending skyrockets in 2014
  9. ________ health insurance company dropping coverage in  ____(state)_______
  10. Hackers steal tens of thousands of names and social security numbers from health care exchange computers.

I will score myself as the year progresses to see how many of these we actually see.  I would not be surprised to see every one of these.

A Milestone to Celebrate: I Have Closed All My Businesses in Ventura County, California

Normally, the closure of a business operation or division is not grounds for a celebration, but in this case I am going to make an exception.  At midnight on December 31, I not only drank a toast to the new year, but also to finally getting all my business operations out of Ventura County, California.

Never have I operated in a more difficult environment.  Ventura County combines a difficult government environment with a difficult employee base with a difficult customer base.

  • It took years in Ventura County to make even the simplest modifications to the campground we ran.  For example, it took 7 separate permits from the County (each requiring a substantial payment) just to remove a wooden deck that the County inspector had condemned.  In order to allow us to temporarily park a small concession trailer in the parking lot, we had to (among other steps) take a soil sample of the dirt under the asphalt of the parking lot.   It took 3 years to permit a simple 500 gallon fuel tank with CARB and the County equivilent.   The entire campground desperately needed a major renovation but the smallest change would have triggered millions of dollars of new facility requirements from the County that we simply could not afford.
  • In most states we pay a percent or two of wages for unemployment insurance.  In California we pay almost 7%.  Our summer seasonal employees often take the winter off, working only in the summer, but claim unemployment insurance anyway.  They are supposed to be looking for work, but they seldom are and California refuses to police the matter.  Several couples spend the whole winter in Mexico, collecting unemployment all the while.  So I have to pay a fortune to support these folks' winter vacations.
  • California is raising minimum wages over the next 2 years by $2.  Many of our prices are frozen by our landlord based on past agreements they have entered into, so we had no way to offset these extra costs.  At some point, Obamacare will stop waiving its employer mandate and we will owe $2000-$3000 extra additional for each employee.  There was simply no way to support these costs without expanding to increase our size, which is impossible (see above) due to County regulations.
  • A local attorney held regular evening meetings with my employees to brainstorm new ways the could sue our company under arcane California law.  For example, we went through three iterations of rules and procedures trying to comply with California break law and changing "safe" harbors supposedly provided by California court decisions.  We only successfully stopped the suits by implementing a fingerprint timekeeping system and making it an automatic termination offense to work through lunch.  This operation has about 25 employees vs. 400 for the rest of the company.  100% of our lawsuits from employees over our entire 10-year history came from this one site.  At first we thought it was a manager issue, so we kept sending in our best managers from around the country to run the place, but the suits just continued.
  • Ask anyone in the recreation business where their most difficult customers are, and they likely will name the Los Angeles area.  It is impossible to generalize of course, because there are great customers from any location, but LA seems to have more than its fair share of difficult, unruly, entitled customers.   LA residents are, for example, by far the worst litterers in the country, at least from our experience.  Draw a map of California with concentric circles around LA and the further out one gets, the lower the litter clean-up costs we have.  But what really killed it for me in Ventura County was the crazy irresponsible drinking and behavior.  Ventura County is the only location out of nearly 200 in the country where we had to hire full-time law enforcement help to provide security.  At most locations, we would get 1 arrest every month or two (at most).  In Ventura we could get 5-10 arrests a day.  In the end, I found myself running a location where I would never take my own family.

And so I got out.  Hallelujah.

PS-  People frequently talk about taxes in California being what makes the state "anti-business."  That may be, but I guess I never made enough money to have the taxes really bite.  But taxes are only a small part of the equation.

Update:  Wow, reading this again, I left out so much!  An employee once sued us at this location for harassment and intimidation by her manager -- when the manager was her sister!  It cost me over $20,000 in legal expenses to get the case dismissed.  I had an older couple file a state complaint for age discrimination when they were terminated -- despite the fact that our entire business model is to hire retired people and the vast majority of our employees are 70 and older.  And how could I have forgotten the process of getting a liquor license?  I suppose I left it out because while tedious (my wife and I had to fly to California to get fingerprinted, for example), it is not really worse than in other places -- liquor license processes are universally bad, a feature and not a bug for the established businesses one is trying to compete with.   We gave the license up pretty quickly, when we saw how crazy and irresponsible much of the customer base was.  Trying to make the place safer and more family friendly, we banned alcohol from the lake area, and faced a series of lawsuit threats over that.


Masked Credit Cards

I wrote the other day about shifting to unique passwords for every single web site I visit (there were 300 I had to change!) to limit the damage from a data breach such as that at Adobe.  The irony was that to make this work, I adopted a password vault program to remember all these 300 strings of random characters.  Which means that I am putting a LOT of trust into one site, instead of a moderate amount of trust into multiple sites.

The same sort of approach is being investigated with credit cards, where intermediaries are providing masked credit cards with one-time numbers (hat tip to a reader).  In some ways Paypal has a masked approach where the transaction is settled off the retailer's site entirely, though I am not sure I am entirely comfortable with Paypal's security.


I am registered at a LOT of sites - blogs, hosting accounts, stores, message boards, etc.  A few years ago I started using the Lastpass Chrome add-in to track and remember all these passwords.

One problem though: like most people I was using the same few passwords over and over.  I had fixed, mostly, the most egregious mistakes, such as using the same password for low-trust sites like bulletin boards as for critical sites like banks.  But Lastpass showed me was that I still had a lot of password duplication.

The Adobe security breach finally got me off my butt.  My user name and password were among those that Adobe lost (which was particularly irritating because Adobe was one of those software companies that demanded a registration even when one should not have been necessary).  There was nothing at Adobe of mine they could screw up -- the registration was obviously to try to sell me more stuff but I never bought anything.  But there were possibly other sites using the same password they could screw up.

So I began a mission to change my passwords to 12-digit randomly generated strings of letters and numbers.  Having Fastpass helped a ton, as I would never have remembered all the sites with which I had registrations.  There were hundreds.

This was a real slog, a task so boring it was equaled only by the month when I ripped all my CD's to my hard drive and surpassed only by the 3 months when I ripped all my DVD's to hard drives.  The problem was that every web site was essentially a little portal-like adventure puzzle, trying to figure out where the hell the options for password change could be found.  I challenge those of you who have registered at to sign a survey to find the place to change your password.  At JetBlue, there is no such option in the user accounts -- you have to log off and click "forgot my password" at the logon screen and then click on the option to reset the password, but the reset email never shows up.  At two or three sites I had to email the site web manager to send me a link to the password change page.

Anyway, it's finally done now.  There are a couple of sites I use from my iPad for which I had to create unique memorable passwords because iOS does not have very good support mechanisms for such services as Lastpass, though as Chrome for iOS gets better, I expect that to make the problem easier to manage.  I had forgotten how many of these passwords (Netflix, Hulu, Amazon, etc.) were plugged into things like my Roku.  It was irritating with the crappy remote to enter these random strings of characters as new passwords.

Of course security of the Lastpass account becomes a problem.  I guess I have to trust them.  My password for them is unique and never has been used anywhere else and contains no real English words.  I use 2-step verification at all times to log into it, so hopefully I am moderately well-protected.

The Two Lame Answers Obama Supporters Are Giving Those of Us Who Have Had Our Health Insurance Cancelled

1.  The first Obama Administration response to people (like myself) who have had their health insurance cancelled because of Obamacare and who are facing much higher future premiums is that many of can expect a subsidy.  Do you realize how awful this is?  Basically they are acknowledging that millions of people who paid for their own health care in the past will now be getting taxpayer money.  Essentially, a huge and unnecessary increase in government dependency.

2.  The other equally awful Obama Administration answer is that our new health coverage will be more expensive because it will be "better".  First, there is no evidence of this -- early returns are that people are paying more for less.  Second, though, this is horribly arrogant.  A $200,000 Maserati sedan is likely "better" than my car I am driving, but given its price I would consider myself worse off if forced to buy a Maserati.  In the same sense, forcing me to by expensive insurance options I don't want is not "better", even if I am making choices Obama's advisers would not make for themselves.  I spent a lot of time shopping for health insurance and running numbers on various cases and picking the best plan for me, and am insulted that Obama does not respect my decision.

By the way, I will remind you of what I said way back in 2007 about government health care proposals

Americans are unbelievably charitable people, to the extent that they will put up with a lot of taxation and even losses of freedoms through government coercion to help people out.

However, in nearly every other case of government-coerced charity, the main effect is "just" an increase in taxes.  Lyndon Johnson wants to embark on a futile attempt to try to provide public housing to the poor?  Our taxes go up, a lot of really bad housing is built, but at least my housing did not get any worse.  Ditto food programs -- the poor might get some moldy cheese from a warehouse, but my food did not get worse.  Ditto welfare.  Ditto social security, unemployment insurance,and work programs.

But health care is different.... what is different about many of the health care proposals on the table is that everyone, not just the poor will get this same crappy level of treatment.  It would be like a public housing program where everyone's house is torn down and every single person must move into public housing.  That is universal state-run health care.  Ten percent of America gets pulled up, 90% of America gets pulled down, possibly way down.

Obamacare Not Only Raising My Rates, But Making The Process Much Harder

On September 26 of this year, President Obama said this of the new Obamacare exchanges:

“If you’ve ever tried to buy insurance on your own,” he said, “I promise you this is a lot easier.”

Well, let's see.  Here are some notes on my previous health insurance buying decision

  • I was able to price shop policies online without creating an account, without giving up my social security number.  The websites to do so worked and operated quickly
  • A broker who had decades of experience in health care (rather than being a former Obama campaign worker with a few hours of training) walked me through the options and how they worked.
  • Once we chose a policy, the application process online was quick and easy

Here is one thing that was likely worse

  • I had to provide medical history information, which probably is not required under Obamacare because of community rating (though I am not sure)

And here is one thing that was better for me but I guess must be worse for the Left since they complain about it so much

  • There was a lot more choice.  If the process was "harder" in any way before, it was because there were far more choices.  It was harder in the same way that it is generally harder to shop in the US than, say, in the old Soviet Union.  Obamacare circumscribes policies such that a large package of benefits are mandated, not optional (I have to pay for mental health coverage and probably aromatherapy) and the size of one's deductible is capped.

It is also this latter difference that will make my next policy substantially more expensive.  In standardizing options, the Congress standardized on the most expensive options (broadest possible benefits, smallest possible deductible).

By the way, this is not proven yet but there is probably one other way my Obamacare policy will be worse than my last one:  the doctor network in my policy will very likely be a LOT smaller.  We could almost be sure this would happen precisely because Obama promised it wouldn't  (his promises on health care are pretty good "tells" that the opposite will happen).

Insulting Treatment by the US Forest Service

This was posted by the US Forest Service outside of a privately-funded, privately-operated campground:



All the maintenance at this site, as well as all cleaning, utilities, security monitoring, staffing, customer service, etc. are provided and paid for by a private concessionaire that does not take one dime of government money.   The "our ability to perform maintenance" is incredibly disingenuous, because over the course of a year likely no US Forest Service maintenance person even steps on the property.   The last half of the message therefore has absolutely nothing to do with the first half.  The campground is closed and not being maintained because the US Forest Service has arbitrarily suspended the concessionaires contract in an apparent attempt to make the shutdown more painful for the public.

Forest Service Closing Only Small Private Campground Operators, Not Closing Large Ski Corporations or State Parks that Operate on Forest Service Land

As readers will know, the US Forest Service has issued and unprecedented and unnecessary order to close over a thousand privately-funded campgrounds that don't take one dime of Federal money (example here).  All the 100+ parks we operate in the US Forest Service have been ordered closed.

But there appears to be more to this story.  There are several groups that operate parks on National Forest lands under agreements nearly identical to ours who appear to have been exempted from the closure order.

  • Large corporations that run ski resorts and certain other large resort properties on National Forest lands have been exempted.  It should be noted that ski resorts operators, unlike campground operators, have full-time lobbyists stationed in Washington and can afford in-house staff lawyers to fight these kinds of orders.  My guess is that knowing they would immediately get sued if they ordered larger private firms to close, the USFS focused only on smaller and more helpless private firms.
  • Many state parks, including at least 3 in Arizona and many in California, are actually on US Forest Service land and operate through special use permits almost identical to those we have with the USFS, yet none of these parks have been asked to close  (Slide Rock and Fool Hollow State Park in Arizona and Burney Falls SP in California are just a few examples of state parks that operate on US Forest Service land).

In other words, the US Forest Service seems to be issuing closure orders inconsistently, targeting only private operators who are too small to fight back.  The USFS has not been especially clear how they are justifying this order (perhaps since it can't be justified) but they have hinted that it is either because a) they can no longer "administer" these contracts, whatever that means since they have no day-to-day administration responsibilities or b) they are removing everyone from Federal lands.  Note, though, that both explanation "a" or "b" would apply equally to ski resorts and state parks operating on Federal land leases which are not being closed.

I will also add that the USFS is continuing to allow individuals to hike and camp in non-developed areas of the forests.  I have no problem with this -- there is no reason for the USFS to halt public access to public land just because their employees are getting a paid vacation.  But this just highlights how crazy and inconsistent their policies are.  People can camp in the National Forest everywhere except in developed campgrounds where private companies who take no Federal money normally have employees on site to clean up trash and provide security and prevent fires.  Many campers take good care of the land but some do not, and driving these campers out of privately-operated developed sites into dispersed areas where their impact cannot be mitigated is just another way these actions increase rather than decrease costs.


Vagrant Economy, Dodging Garnishments

I have zero desire to comment on Tawana Brawley, but this article raised an issue at the end that has always been interesting to me.  After literally decades of court action, Brawley finally had a garnishment order enforced on her paycheck to start making good on a defamation suit by the man she victimized with her false rape allegations  (Which in fact demonstrates another point I have made before -- you can win a judgement in court but that can often be less than half the battle.  It can be harder to get the judgement actually paid).

Anyway, apparently as soon as the garnishment order was applied by her employer, she quit the job without a forwarding address (the headline says "loses her job" as if she was fired but the text seems to say she quit, presumably to dodge the garnishment).  This happens in my business all the time.  On our 400+ employees, we probably get 5-10 new garnishment orders a year, often tax liens or child support payments.  These take a while to catch up with people, so while the orders may be years old, the employees might work for me 3-6 months before the order shows up in our office to enforce.  (For those who don't know, each state typically requires some sort of new employee notification by our business to the state, so they can run the employee's name and social security number against various data bases to generate these orders).

Once the first garnishment hits their paycheck, at least 80% quit immediately, moving on like Brawley to get another 6 months of work somewhere else before the garnishment presumably catches up to  them again.  I have no idea how large this group of job vagrants is that are constantly moving to dodge garnishments, but from our sample it is pretty large.

Obamacare Mandates Delayed -- And That Other Shoe

Well, it certainly comes as happy news to this correspondent that the Administration announced this week it will delay health insurance mandates on businesses.  Our company has spent a ton of time since last November trying to minimize the expected cost of the mandates -- the initial cost estimates of which for our business came in at three times our annual net income.  Our preparation has been hampered by the fact that the IRS still has not finalized rules for how these mandates will be applied to a seasonal work force.  Like many retail service businesses, we have studied a number of models for converting most of our work force to part time, thus making the mandates irrelevant for us.

I know this last statement has earned me a fair share of crap in the comments section as a heartless capitalist swine, but the vitriol is just absurd.   Many of the folks criticizing me can't or don't want to imagine themselves running a business, so let's say you have an annual salary of $40,000.  Now, on top of all your other expenses, the government just mandated that you have to pay an extra $120,000 a year for something.  That is the situation my business is in.  Are you just going to sit there and allow your savings to become a smoking hole in the ground, or are you going to do something to avoid it?  Unlike the government, I cannot run a permanent deficit and I cannot create new revenues by fiat.  Congress allowed business owners a legal way to avoid the health insurance mandate, and I am going to grab that option rather than be bankrupted.  So are every other service business I know of, which is why I have predicted that full-time jobs are on the verge of disappearing in the retail service sector.

Anyway, it appears that the IRS and the Administration could not get their act together fast enough to make this happen.  Not a surprise, I suppose.  You and I have both been in committee meetings, and have seen groups devolve into arguments aver useless minutia.  This is not a monopoly of the government, it happens in the private sector as well.  But in the private sector, in good companies, a leader steps in and says "I have heard enough, it is going to be done X way, now go do it."  In government, the incentives work against leaders cutting through the Gordian knot in this way, so the muddle can carry on forever.

There are at least two more shoes that are going to drop, one bad, one good:

  1. On the bad side, while companies like mine complain about the cost of the PPACA, they are going to freak when they see the paperwork.  My sense is that we are going to be required to know in great detail what kind of health insurance policy every one of our employees have, even if it was not obtained through our company, and will have to report that regularly to the government.  In addition, there are gong to be new reporting requirements to new agencies for wages and hours.  It is going to be a big mess, and my uneducated guess is that someone in the last week or so looked at that mess and decided to hold off announcing it.

    But readers can expect a Coyote freak out whenever it is announced, because it is going to be bad.  Wal-mart will be fine, it has the money to build systems to do that stuff, but companies like mine with 500 employees but only 2 staff people are going to get slammed.  There is a reason government agencies, even government schools, have more staff than line personnel -- they live and breath and think in terms of complex reporting and paperwork.  They love it because for many it is their job security.  Swimming every day in that water, it is no surprise they impose it without thought on the private sector.  This makes it hard for companies like ours that try to have 99% of our employees actually serving customers rather than pushing paper.

  2. The individual mandate is toast for next year.  No way it happens.  If the Administration cannot get the corporate piece done on time, there is no way in hell it is going to get the exchanges up and running.  And even if they do, some prominent states with political influence with this President, like Illinois and California, likely will not get their exchanges done in time and will beg for a delay.

Spying on the Press

Well, the silver lining of this story is that the press, who until now have generally yawned at libertarian concerns about warrantless searches and national security letters, particularly since that power has been held by a Democrat rather than a Republican, will now likely go nuts.

You have probably seen it by now, but here is the basic story

The Justice Department secretly obtained two months of telephone records of reporters and editors for The Associated Press in what the news cooperative's top executive called a "massive and unprecedented intrusion" into how news organizations gather the news.

The records obtained by the Justice Department listed incoming and outgoing calls, and the duration of each call, for the work and personal phone numbers of individual reporters, general AP office numbers in New York, Washington and Hartford, Conn., and the main number for AP reporters in the House of Representatives press gallery, according to attorneys for the AP.

In all, the government seized those records for more than 20 separate telephone lines assigned to AP and its journalists in April and May of 2012. The exact number of journalists who used the phone lines during that period is unknown but more than 100 journalists work in the offices whose phone records were targeted on a wide array of stories about government and other matters.

The AP believes this is an investigation into sources of a story on May 7, 2012 about a foiled terror attack.  This bit was interesting to me for two reasons:

The May 7, 2012, AP story that disclosed details of the CIA operation in Yemen to stop an airliner bomb plot occurred around the one-year anniversary of the May 2, 2011, killing of Osama bin Laden.

The plot was significant because the White House had told the public it had "no credible information that terrorist organizations, including al-Qaida, are plotting attacks in the U.S. to coincide with the (May 2) anniversary of bin Laden's death."

The AP delayed reporting the story at the request of government officials who said it would jeopardize national security. Once government officials said those concerns were allayed, the AP disclosed the plot because officials said it no longer endangered national security. The Obama administration, however, continued to request that the story be held until the administration could make an official announcement.

First, it seems to fit in with the White House cover-up over Benghazi, in the sense that it is another example of the Administration trying to downplay, in fact hide, acts of organized terrorism.  I have criticized the Administration for throwing free speech under the bus in its Benghazi response, but I must say their reasons for doing so were never that clear to me.  This story seems to create a pattern of almost irrational White House sensitivity to any admission of terrorist threats to the US.

Second, note from the last sentence that the White House is bending over backwards to investigate the AP basically for stealing its thunder before a press conference.  Wow.  Well if that were suddenly illegal, just about everyone in DC would be in jail.

Update:  Some thoughts from Glenn Greenwald

how media reactions to civil liberties assaults are shaped almost entirely by who the victims are. For years, the Obama administration has been engaged in pervasive spying on American Muslim communities and dissident groups. It demanded a reform-free renewal of the Patriot Act and the Fisa Amendments Act of 2008, both of which codify immense powers of warrantless eavesdropping, including ones that can be used against journalists. It has prosecuted double the number of whistleblowers under espionage statutes as all previous administrations combined, threatened to criminalize WikiLeaks, and abused Bradley Manning to the point that a formal UN investigation denounced his treatment as "cruel and inhuman".

But, with a few noble exceptions, most major media outlets said little about any of this, except in those cases when they supported it. It took a direct and blatant attack on them for them to really get worked up, denounce these assaults, and acknowledge this administration's true character. That is redolent of how the general public reacted with rage over privacy invasions only when new TSA airport searches targeted not just Muslims but themselves: what they perceive as "regular Americans". Or how former Democratic Rep. Jane Harman -- once the most vocal defender of Bush's vast warrantless eavesdropping programs -- suddenly began sounding like a shrill and outraged privacy advocate once it was revealed that her own conversations with Aipac representatives were recorded by the government.

Rich People Acting Like Babies

I don't pay much attention to TV and entertainment news, but I found myself kind of fascinated by this train wreck.  

I was amazed at the stakes, how many hundreds of millions of dollars were on the line, based on small changes in the perceived likability of certain talking heads.

But I was even more amazed by how juvenile, thin-skinned, and emotionally-immature people making 10 million + salaries could be.  One woman, who had a reputation as a serious journalist (at least until she took a job on a morning show) breaks down into tears and goes into a year-long depression because she lost her job -- and was effectively given a $12 million severance, a figure well north of my lifetime cumulative income.  Jeez, who in this day and age has not lost a job, likely with no more to show for it than a box of their personal items and a security escort to the door?  Reading this thing I just wanted to keep shouting "grow the f*ck up!"

Why Do We Need Electronic Medical Records? So Your Personal Data is More Readily Available to the Government

Given recent legislative and judicial decisions, there are vanishingly few electronic records that the government cannot rape at will.  Increasingly, government agencies can access electronic data without even bothering with silly stuff like warrants or judicial review.  Latest case in point:  Electronic medical records

The Drug Enforcement Administration is trying to access private prescription records of patients in Oregon without a warrant, despite a state law forbidding it from doing so. The ACLU and its Oregon affiliate are challenging this practice in a new case that raises the question of whether the Fourth Amendment allows federal law enforcement agents to obtain confidential prescription records without a judge’s prior approval. It should not.

In 2009, the Oregon legislature created the Oregon Prescription Drug Monitoring Program (PDMP), which tracks prescriptions for certain drugs dispensed by Oregon pharmacies, including all of the medications listed above. The program was intended to help physicians prevent drug overdoses by their patients and more easily recognize signs of drug abuse. Because the medical information revealed by these prescription records is highly sensitive, the legislature created robust privacy and security protections for the PDMP, including a requirement that law enforcement must obtain a warrant before requesting records for use in an investigation. But despite those protections, the DEA has been requesting prescription records from the PDMP using administrative subpoenas which, unlike warrants, do not involve demonstrating probable cause to a neutral judge.

While the government needs a search warrant to access paper medical records, it apparently feels it can look at electronic records without a warrant,.  Which explains one reason why the Administration is so excited about the new medical records requirements in Obamacare.   You didn't think HIPAA applied to the government, did you?  And if you wondered why Obamacare requires doctors to ask medically-unrelated questions (e.g. on gun ownership), now you know.