Rational Action

I suspect that every Jew who lived through the Holocaust acutely fears that a new movement will arise to finish off what Hitler started. And with just cause: these people lived through a nearly successful attempt to exterminate their entire religion. As far as I’m concerned, their experience makes that fear, however extreme it might get, completely understandable.

It’s simply a fact that many of the aforementioned people have a lot of money, and so they wield plenty of influence at universities, which often depend on their donations. They’re also rightfully afraid of anti-semitism. Add together their wealth and their fear, and you’ve got a dangerous combination. Just hearing about a few scary minutes of film could dramatically change how they spend their money.

That’s where Columbia Unbecoming, a new “documentary” by The David Project, comes in. The film introduces itself as a plea for academic integrity within the Columbia MEALAC (Middle East and Asian Languages and Cultures) Department. After 25 minutes of interviews touting Columbia’s vibrant anti-Semitic professors, students, and clubs, the film concludes with a message that the problem of academic integrity goes beyond the classroom: academic imbalances go hand in hand with racism, sexism, and homophobia. If it had a coherent structure, believable interviews, and cold, hard evidence, then maybe Columbia Unbecoming would achieve its ostensible grand objective of solving the world’s problems of hate. Unfortunately, the producers get lost in their broad strokes and never convince the audience of their details.

At times, the film incriminates itself. One interviewee repeats that a professor tried to silence her by looking into her eyes, mentioning her eye color, and so determining that she wasn’t a Semite. Silence, silence, silence me, she repeats over and over again. Yes, the story she tells is a bit scary, but it only holds up if we ignore the rest of the interview. Initially, she explains that in class she discussed her objection to one of the professor’s points. When class ended, the professor motioned her aside, and the two continued to discuss the issue privately. This professor who was trying to silence and intimidate her — yes, that’s right, silence and intimidate her — apparently was so determined to do so that he spoke with her for 45 minutes out of class.

One wonders if the statements about the student’s Semitic heritage were taken out of context, since taking the events at face value indicates instead the teacher’s great degree of respect for the student. Few professors, in particular few popular professors, are willing to devote so much time to their students. If the professor wanted to intimidate her, why didn’t he yell at her during the class? Furthermore, why did he wait until 45 minutes into their private conversation to deliver the knockout intimidation punch? Were they actually just joking? Had she insulted him?

Beyond this “intimidation” incident, the film has little or no hard evidence of academic integrity failures. Much like the electoral campaigns, it uses talking points in place of pesky verifiable facts. While the editors clearly had a few words which they sought to emphasize, one begins to wonder whether the interviewees knew about them too. Words like “intimidation”, “silence”, and “anti-semitism” pop up all too often in the same contexts. One interviewee in particular sounds like she has rehearsed her lines. Rather than living up to its hype as a hard-hitting and moving documentary, Columbia Unbecoming feels… staged. It’s understandable though, because with only 4 academic incidents to report, all of them of questionable severity, the producers likely needed to manipulate their interviewees a bit.

As the film drags on, it switches themes and gives up on trying to prove any hard corruption in MEALAC. With talking points at full throttle and topicality completely ignored, the painful discussion of Columbia’s rampant anti-Semitism begins. The examples are inevitably ludicrous or exaggerated. One student posts a sign for an Israeli film festival and a Socialist tears it in two. The same student attends a talk entitled “Why Divest in Israel?” and complains that the talk failed to viably present Israeli investment opportunities. Another student claims that when he put up posters mentioning Israel, people drew swasticas on them. However, the film offers no corroborating evidence for his claims, indicating that the producers think lowly of their audience’s reasoning skills, don’t know how to make a convincing argument, or don’t actually have any more evidence. These reasons are listed in order of increasing likelihood, although they should not be considered mutually exclusive.

The film’s case is so shoddy that I fail to see how any critical viewer could leave the theater convinced that MEALAC has violated Columbia’s academic integrity standards. Likewise, the claims of anti-Semitism lack any substance. So why make a “documentary” about a “problem” when piecing such a movie together requires interview manipulation and perpetual running from the facts? Because there’s a whole class of powerful people who get very scared whenever they hear about anti-Semitism. It’s the message that matters, whether it’s true or not. Very few people will actually watch Columbia Unbecoming, but plenty will hear about it. For those who never see the film, all they know is that anti-Semitism has become so rampant on campus that a group of students got together to make a film about it.

Those complicit in the making of this documentary should feel ashamed of themselves. Columbia Unbecoming uses anti-Semitism as a manipulative tool, taking advantage of a painful ideology rather than trying to fight it. I hope that anyone who even suspects of its validity finds a way to watch it, because its success relies on popular ignorance.

It started with Florida.

I was looking closely at the county returns. Broward and Palm Beach weren’t in yet, so I checked out the more moderate and Republican areas. Then I compared the margins with the 2000 returns. Gore had done better in all of them in 2000 than Kerry was doing at the time. And I spoke up.

“Uh, guys, it looks like Kerry isn’t doing so well in Florida.”

Five minutes later CNN said the same thing. That Bush was doing better in most counties this time around. So I turned to Ohio, where Kerry had a slim lead.

Suddenly Bush was ahead. I looked at the counties, and Cuyahuga (Home of Cleveland) was barely reporting. At that point I began waiting for Cuyahuga’s returns to erase the Bush lead, which of course never happened.

Two thoughts:

1) We took Pennsylvania. We took Pennsylvania because I went there with Kate Hurwitz and campaigned in the rain.

2) My father voted for John Kerry. I cannot overstate the importance of this vote. A large part of me hopes that my arguing with him throughout the summer had something to do with it.

Okay, those were statements. So here’s a third thought:

3) The Democratic party is absolutely, absolutely fucked. This election is a complete disaster. Kerry is squeaking it out in states where he should have huge margins. The South is solid red, moreso than 2000. It looks like Daschle is toast. It’s time to rethink the party values, and rethink them fast. It’s also time to think about proportional representation.

This summer I fought in a vicious argument over who would win on November 2. The polls at the time were more or less tied. I predicted that Bush would build a lead over the coming months and ultimately win the election. I reasoned that anyone who bought into Kerry’s foreign policy charges or his cries of economic mismanagement was already voting Blue. With the so-called “transfer of sovereignty” finished, Iraq would fall off the front page of newspapers. Kerry would continue to criticize the administration’s handling of the war, but with public’s perceiving that Iraq was stabilizing, that critique would fall on deaf ears. Likewise, the “jobless recovery” finally seemed to have lost its derogatory adjective: there had been several months of robust payroll employment growth, and with Greenspan indicating he wanted to hike rates, even the experts were claiming that the trend would continue.

As the RNC came to a close, I saw my prediction slowly coming true. The Republicans were running away with the media coverage, making Iraq seem like a another successful Democratic experiment. Payroll employment was up 144,000 in August (from the report released September 3), not enough to increase participation rate, but a sizeable number nevertheless. Media coverage made it seem like a major accomplishment in the recovery.

Then a few unanticipated things happened.

First, Iraq never really faded from the headlines. It returned after the RNC, and the images conflicted with the Republicans’ rosy picture. The 1000th American soldier was killed on September 7, and criticism of the war from within the President’s own party indicated that the security situation was detiorating. It did not help that several major urban areas of Iraq weren’t even under coalition control, shattering the administration’s claims that order had been restored.

The economic news was of no help to Bush, either. When the Current Employment Survey results were released on October 3, payroll employment did not even climb by 100,000 — economists had been expecting gains of roughly 150,000. (For those who think 100,000 jobs is plenty to add in a month, remember that in order to keep (Employment)/(Labor Force) constant, the economy needs to add 150,000 jobs every month.) While this news wasn’t nearly as high-profile as the security situation in Iraq, it left the Bush team with no new information to cheer about, and it allowed Kerry to continue claming that the current administration was the first since Hoover to lose jobs.

These developments in current events occurred along with another factor that I had either not considered or completely discounted in my summer argument: the debates. If you had asked me in August, I probably would have predicted that Bush would blow Kerry out of the water in ability to convince swing voters. In fact, I felt that Bush thoroughly beat Kerry on style in at least the first two debates (I mainly listened to the final debate, and felt like Kerry sounded much better than Bush). However, polls from the first and third debate showed swing voters heavily favoring Kerry, and most polls even gave Kerry a slight lead in the second debate.

As it stands, the numbers have converged and the election is in a virtual tie. Most national polls have Bush up by only a few points, but they said the same thing in 2000, and Gore won the popular vote. The electoral college is a complete tossup. Kerry has hung in there, and time has proven my summer claims incorrect.

Is there a moral to the story?

I’m not sure. For one: please, please, don’t trust my predictions. The truth is that the ups and downs of this election have depended less on the candidates and more on the weather. While Kerry’s debate performance was admirable, he couldn’t have done it without the current events ammunition that was seemingly handed to him by God. Fate has given Kerry good hand after good hand, now let’s see if he can beat my prediction once and for all on November 2.

(P.S. About the current events ammunition: I still haven’t figured out where goose hunting comes into play here.)

After getting sick of poor polling coverage online and on the news, I decided to cut through the spin and make my own electoral vote map. Unlike the establishment media, I’m going to show the real American vote.

<rant>

I’ve watched the debates, I’ve read the commentary, and I’ve seen the spin doctors at work. We’re all talking about the election right now, and this election has come down to two fronts: foreign policy and economics.

Just so you know, I’m pretty focused on the latter. So let me give a rough paraphrasing of an interview I saw on CNBC recently. Some financial megapundit was questioning an Economic advisor to John Kerry:

INTERVIEWER: So what exactly is John Kerry’s plan for the economy?

ADVISOR: John Kerry is going to grow the economy. He’s going to support jobs here in America. He’s going to give tax cuts for the middle class while rolling back George Bush’s tax cuts for the wealthiest 1% of Americans. He’s going to make sure every American has health care. John Kerry is going to promote energy independence. John Kerry. John Kerry.

INTERVIEWER: How exactly is John Kerry going to promote job growth?

ADVISOR: Let me say first that John Kerry will create jobs by promoting job creation.* We’re going to close tax loopholes. And we’re going to give companies incentives to make jobs here.

INTERVIEWER: Alright! Moving on to a completely unimportant topic…

* This line more or less ad verbatim

I walked back into my dorm about to cry. The interview made no sense. But oh, so what? Why are you being so emotional, Adam? It’s just job creation!

Forget that the livelihoods of so many Americans rest on good economic policy. I was upset because I wanted more from the candidate that I was — and still am — proud to be voting for. This stupid afternoon interview was symptomatic of the discussion of economics throughout the entire election run.

Dishonest, misleading, opportunistic, nonsensical. That’s the economics of Campaign 2004. We’re not watching real economics. We’re watching talking points covered in economics-colored saran wrap. The statements of the candidates don’t reflect reality; instead they reflect what tests well and what sounds good, irrespective of a positive or negative influence on the country.

You can lie all you want when the swing voters won’t call you on it. The candidates have an incentive to tell economic untruths because these lies damage the opposition in a particularly vicious way: for the opponent, they are for all intents and purposes impossible to rebut. Refuting false statements about economics necessitates an appeal to the more complex concepts of the science. Honestly, who has time to consider the short-term versus long-term stimulative effect of tax cuts of varying degrees of progressivity? The lie sticks.

And so we find ourselves in a situation where each candidate has an incentive to tell as many untruths as the swing voters will believe. If he doesn’t, his opponent will, and by that time it’s too late for any defense — no one’s listening to the response. It’s a prisoners dilemma in which the American people perpetually lose.

Is there anything we can do to heighten the level of Economic debate? I’m not sure. Individually, we start by educating ourselves, but not everyone wants or has time to learn the intricacies of economics. Blogs are certainly helpful in providing both a source of information and a forum for debate, but that won’t help if people continue to have other, more important things on their minds. For the casually interested, then, media coverage is critical. It would help if accountability-inducing media outlets became more prominent; FactCheck.org (not FactCheck.com, Mr. Cheney) is all over this one. It also wouldn’t hurt to have economists more involved in the production of media content, although I’m not sure Paul Krugman should be the one doing the reporting.

I’m don’t know where I fit in here. I’d like to do a series of posts about the economic issues of Campaign 2004, but even I don’t trust myself to report about Economics. On the other hand, this post deserves a follow-up. Let’s see if I can’t put together a list of common Bush and Kerry economic untruths. Feel free to respond to this post with a few, and maybe I will discuss them.

If you find errors, poor logic, or lapses of judgement in anything I say, please point them out. In writing all of this, I wouldn’t mind correcting any faults in my own understanding.

</rant>

Here is a list of my priorities for the next president.

• A foreign policy that promotes the United States as a positive world influence and as an ideal worthy of replication. That means a greater focus on our alliances with other democracies (A democracy should never be treated as an antagonist; see America vs. France, America vs. Germany). The message must be: all freely elected democracies are friends of the United States, so come join the community. We must make a massive commitment to “soft power” (The power of our ideas) instead of “hard power” (The power of our military).
• The continued lowering of barriers to trade. For the United States, that probably means putting agricultural subsidies on the table, and then subsequently pushing those subsidies off the table, into the trash. If American companies need government checks to produce food profitably, then they shouldn’t be producing food. Since outsourcing is a form of trade, lowered trade barriers would likely encourage it. That’s okay: we have lots to gain from outsourcing. Yes, there will be losers, but the government can help them by e.g. providing incentives to learn new skills and assistance during this retraining period. In this way, most Americans will get small gains from increased globalization, and although there will be losers, they will be able to change for the times and find new jobs.
• The balancing of the federal budget. It’s a pipe dream — both candidates only promise to halve the deficit by 2008 — but any current debt just gets tacked on to future budgets. Whenever we run a deficit now, we’re making it harder to run a surplus later. If we find ourselves in need of a large fiscal stimulus in the near future, large deficits could make that stimulus very difficult to deliver.
• A foreign policy that confronts the Middle East by acknowleding the complexity and interrelatedness of its actors. Iraq was the wrong place to start; our invasion has only made things worse, and the more-or-less true perception that the war was a unilateral act has damaged our credibility. Peace and democractization are heavily linked to the Israel-Palestine question. No more blank checks for Israel — demand an end to settlement creation, demand the beginning of settlement destruction (Gaza is a start). If the U.S. can give itself the appearance of being more even-handed on the conflict, it will have more diplomatic influence on other Middle Eastern nations. (This is probably too optimistic. It may be impossible for any Israeli PM to rein in the far right…)

Here are my secondary priorities:

• Some kind of health care reform that decreases the number of uninsured. That doesn’t necessarily mean any huge programs, but we do need to get these people on some kind of basic coverage.
• The lifting of NIH stem cell research restrictions. This is blindingly obvious.
• Support for pro-choice organizations. Allow government money to fund institutions that teach more than abstinence, especially those institutions based abroad. Stop trying to ban partial birth abortions, and stop trying to make a fetus and a baby legally equivalent.
• Civil unions for same sex couples. Don’t call it marriage, it angers too many people and makes any progress politically impossible.
• A renewed focus on civil liberties. Thankfully a lot of people have latched on to that.
• Decreased censorship of the media — filtering at the client level (e.g. you tell your TV to block shows with sexual content, instead of the government prohibiting sexual content from being broadcast). No mandates for libraries to filter content. No regulation of basic cable.
• Copyright reform. Protect fair use in digital content, allow for reverse engineering. It’s impossible, but I’ll say it: reduce the term of copyright protection, since it makes no economic sense for the term to last so long.
• Patent reform. Reevaluate our position on software patents, and hire more people at the US Patent and Trade Office so that fewer bad patents slip by.

Okay. Comments?

Let’s Get Sacarny continues with a new first verse, written by none other than Granola’s own Eric March:

I’m the King mack, call me the A-Sac
Five five and jacked you better watch yo back
My mission: efficiency. Let the pain begin
Honeys warm, Economics Keynesian

Experts buggin’, trade international
Supremely rational, what’chu got Krugman?
You ain’t nothin’ when me and MC K-Roll start
Bitch slap you with a tax cut, stuff yo’ ass with a payroll chart

Analysis, paralysis give it up try your next look
Up in here when I close you like an IR text book

Goodnight peepers.

Let’s Get Sacarny (Full Version).mp3

And so I make my glorious return after one month of drunken depravity:

We recorded The Sacarny Song, Part 2 last night. That’s different from Part 1, which goes by the alternate title of Sacarny (Let’s Party). But anyway, I figure everyone wants to see the lyrics:

(To the tune of Let’s Get Retarded)

Lose windows
Just blow your nose
Neva drive too fast
In your wrinkled plaid clothes
Change your contacts, check your syntax
Get into an ivy, cool out & relax
Get Sacarny, throw down the party
Dave and Bonnie will make it all naughty
(fall asleep) on other people’s couches
(sit up straight) nah man he always slouches
(motherboards) as far as the eye can see
Never met a girl that didn’t already like Jesse

Everybody (what?)
Everybody (excuse me?)

Let’s get into it and get Sacarny!

More coming soon, it’s about to get political here…

It looks like a few people liked my Mozilla Bug Fix timeline. And a few didn’t. Unfortunately I ended up posting the thing at something like 3AM, and I didn’t get to write out everything I wanted to say. Now I have some incentive to finish.

The Mozilla developers did a great job handling this extremely critical security hole. After getting word of an exploitable hole, they pushed out a fix in less than 36 hours. Applause. The system worked.

…but not perfectly. The critical bug got fixed in a jiffy, but it was actually the result of known weaknesses in the way Mozilla handles external protocol handlers. These weaknesses came up many times on Bugzilla, starting around 2 years ago. The developers quelled some concerns by implementing an insecure protocol blacklist, but this solution did not fix everything. What I propose here would not have plugged this security hole entirely, but it would have mitigated it to a great deal. I can’t see how the Mozilla team could have prevented this problem entirely, but had they handled several known bugs, it could have been a minor issue.

Those who feel Mozilla completely botched this bug often point to Bugzilla bug 167475 and bug 173010. Although the latter bug would have fixed the problem completely, it also would have made Mozilla far less usable. The former bug would have mitigated but not fixed the problem. Let’s take a deeper look into the issue:

An Internet Explorer user on Windows has many protocols available to him within his web browser: the protocols IE supports itself, certain add-on protocols supported by Windows, and more add-on protocols implemented by other applications. See http, shell, and ed2k as respective examples. On Windows, Mozilla recognizes these protocol handlers in addition to its own. And, as these bugs point out, Mozilla will launch the associated application whether the link to the handler is in an A tag, where it would make sense, or in an IFRAME, where it really wouldn’t. Since the shell: protocol is insecure, an unpatched Mozilla user could theoretically infect himself by simply going to a webpage with a malicious IFRAME.

The solution in bug 167475 initially is to block external protocol handlers outside of A tags. It’s not a real fix, though: one commenter notes that “It’s not hard for a malicious site to get a visitor to click a link”. Fixing the bug in that way would have resulted in a false sense of security, as websites could still trick users into clicking on malicious anchors. Still, Mozilla should have blocked external protocols from tags like IFRAME. There’s just no reason to allow them. That wouldn’t have fixed this vulnerability, but it would have reduced its severity greatly. It is harder to exploit this hole when the user must click.

Another potential solution is to use a whitelist of allowed protocols (See bug 173010). All other protocols would get blocked. But what happens to our precious convert from IE, who clicks on his ed2k link but sees nothing because ed2k isn’t in the whitelist? Or the GNOME user, who expects all of gnome’s silly little protocols to work when he types them into the address bar? Any Mozilla with a whitelist would quickly become out of date as new protocols became important; the Mozilla developers would be swamped with maintaining an ever-growing list.

The reporter of the blacklist bug then modifies his strategy in a later comment, saying that if a link referring to an external protocol handler is clicked, Mozilla should pop up a warning box. Now he’s on to something.

But what happens in this new case, if we are using a blacklist? The user clicks on a malicious link. Mozilla pops up a warning dialog. The user thinks, “I want to go to that link. Let me click OK without reading the warning first.” The user has now been infected, even though the fix stated in bug 167475 has been implemented.

This confirmation dialog could have been included in the whitelist plan as well. Unfortunately, that puts us into an even more dangerous position: with just a whitelist, the user would see the same dialog for a (dangerous) shell: link as for a (benign) ed2k: link. Inevitably many Mozilla users would accidentally accept the shell: links. On the other hand, Mozilla should get confirmation from the user whenever it is about to launch an external program. I would appreciate the notification, and it wouldn’t make me less secure.

Which brings me to my proposed solution:

1. Block external protocol handlers from tags like IFRAME where they do not make sense. (See bug 167475)
2. Continue to utilize a blacklist of known dangerous protocols. Do not allow Mozilla to trigger them. We can’t give users the option of using known-dangerous protocols, because they will inevitably find a way to use them. (Implemented in bug 163648)
3. Implement a whitelist of known-safe protocols. This should include protocols Mozilla handles along with ones needed for GNOME integration. (See bug 173010)
4. Create UI so that if a protocol is not on the blacklist or the whitelist, Mozilla prompts the user as if it were about to open a helper application. (See bug 167473) Malicious links will inevitably be accepted by many, but the confirmation will stop many more.

Even with this solution, Mozilla still would have been vulnerable to the latest attack. “shell:” was not on the blacklist (and it certainly would not have been on the whitelist.) Users would thus see a confirmation dialog for opening the link. The careful ones could avoid infection, but many would simply click “OK”. Which brings me to my most important gripe:

Get automated critical updates working!

Had the Critical Updates system been functioning at the time of the exploit, its severity would have been minimal, even with only a blacklist. Thankfully, the developers are hard at work getting it up and running. (Or is it working already? I never saw a critical update for the vulnerability. Did anyone else?)

I made my first post about the shell: exploit because I thought Mozilla deserved credit for their open development process. With that process so open, I’ve found that it’s also much easier to find areas of weakness — and that’s a plus. With constructive criticism from the outside, the process can change due to changing needs. I hope the Mozilla team gives itself a pat on the back for its handling of the shell: vulnerability, but I also hope that it will be more responsive to the long-term security holes that many users often point out.