Monday, January 30, 2023

 How To Secure A Website

One Man's Opinion

The Philosophy

The following approach is top level and omits many concepts. It is intended only to suggest a more secure approach that sites can use if those sites actually want to protect their user's data.

If everything is only in the clear while a user is logged in, then only those users' data can be hacked The bulk of users, not currently logged in, are protected with good encryption. Also note that each user is encrypted with a unique public/private set of keys.

Any website that supports user accounts must take extraordinary steps to protect that user's data.

One reason, often given to reject this approach, is the need to make the user experience swift and convenient.  Another reason to reject this approach is to reduce the per-user cost of doing business.

I am certain there are many other reasons to run an insecure business, but none of them are good reasons.  If I were to run such a business, I would insist on the following:

1. The user's login credentials must never be exposed in the clear.

3. No user data should exist in any database unless it is encrypted.

3. The user's wallet must be encrypted and stored separate from the user's other data.

4. No encryption of user data can be briefly allowed only if that the session interaction needs to be livelier.

1. Login Credentials

When a user logs in, even when using two-part security, that user's login credentials must be immediately one-way hashed, and the hash used instead of the login credential parts themselves. Also, if possible, the credentials should be cleared from memory after the hash has been created.

For example, an internal machine (or machines) receives a SHA512 or better hash and returns a public key if successful or an ERROR if it fails. It can also return other information, such as the user's index number.

That machine is populated with a SHA512 or better hashes when an account is created.  The web interface collects the login name, a pin, and a password. The pin is computed to yield a number 0 through 9, where that number determines the order of the combination of name, pin and password are hashed. For example, a pin of 555 might modulo 9 yield 6 specifying for example the order of: "pin, password, name."

That hash is passed by the web interface into the internal machine which looks it up and returns a public key if successfully found. If the hash is not found, the internal machine returns an empty string or some other indication of failure.

2. Credentials Must Be Encrypted

Whenever the users data is changed (or a new user is added), that user data is transferred into that same (or a different) machine, which randomly selects a new public/private key pair; associates that new private key with the saved login hash; and returns the encrypted user data for storage in the encrypted-user database.

The key for the encrypted-user database should be an index number, but should never be the login hash, which can be used to fetch a public key to decrypt the encrypted-user data 

3. The User's Wallet

The user's wallet (which holds credit card and perhaps bank credentials) must only exist in an encrypted-wallet database.  That encryupted data can exist briefly in decrypted form for a purchase or to add or subtract a card or other financial information.  This data must only exist in the clear for the briefest interval and only as long as absolutely necessary.

There is an internal machine that receives the wallet data, and the user's ID number. It randomly selects a new public/private key pair, encrypts the wallet with that private key, and returns the encrypted data and the user' ID number on success.

If the web interface needs to use information from the encrypted-wallet, it passes that encrypted data and the user's ID index, and an SQL query to fetch that information. The internal wallet machine (or machines) uses the user's ID to select the appropriate public key, decrypts the wallet into a small one-item database, and runs the SQL query against that one-item database. Upon success, it returns the result of that query. A timeout is enforced. The one-item database is only allowed to exist for a small window of time.

If the web interface needs to update the wallet, it passes the encrypted data and the user's ID, and an SQL UPDATE command. The internal wallet machine (or machines) uses the user's ID to select the appropriate public key, decrypts the wallet into a small one-item database, and runs the SQL UPDATE against that one-item database. On success, the wallet machine randomly selects a new public-private key pair associated with a user ID, re-encrypts the wallet, removes the one-item database, and returns the newly encrypted wallet and the user's ID. The web interface than updates the encrypted-wallet database with this information.

4. No Encryption While User logged in

Instead the user data (except the wallet) is in the clear only for as long as the user remains logged in for swiffer interaction. For this reason only, a site should recommended that users log out, rather than relying on cookies to stay logged in (which can be copied and used by others) unless those cookies are also encrypted.

Sunday, February 27, 2022

Oregon Rail Plan

Oregon Passenger Rail
Bryan Costales

Rather than spending hundreds of million of dollars exclusively on expanding freeways and freeway interchanges, the state of Oregon should consider a more sustainable carbon free alternative.

One such alternative is to connect all the cities and towns of the state with electrified rail. This doesn't have to be high speed rail, because anything significantly faster than driving will lure people out of their cars. A class 7 track would work wonderfully, because trains could run up to 120 miles per hour. This is not high speed rail that achieves speeds over 250 miles per hour, but more affordable medium speed rail. The idea is to allow travel from any city or town in Oregon to any other city or town in Oregon in significantly less time than driving.

The state of Oregon already plans to spend millions of dollars to upgrade the track along the Amtrak corridor so that diesel trains can travel faster. However these trains must still share tracks with freight trains. And these existing diesel trains risk collision by crossing many streets. When a train crosses a street, that is called a "grade crossing." Automatic arms lower to stop traffic, but that can still risk a vehicle becoming stuck on the tracks, or people accidentally walking across the tracks to be hit. This becomes even a more likely scenario when trains travel at 120 m.p.h.

A state rail project could lay class 7 track along a private right of way, by building bridges or tunneling where necessary to avoid grade crossings. That right of way must be for the exclusive use of passenger travel, and would bar access to freight trains. In fact with this system using a wider gauge, would disallow all freight.

If only passenger trains were allowed, then stations could have safety gates and could be automated to avoid the cost of train operators.

Passenger trains could however haul baggage, mail, small packages, and other light freight in common with passengers. For example Fedex might want to purchase one or more electrically driven cars to be hauled along with passenger rail. There would have to be weight limits, otherwise bridges would become too expensive to build.

Although electrified track is twice as expensive per mile to construct than diesel track, it is also environmentally better. Electrified trains are lighter than diesel trains, so bridges may be built for a lighter load.

After 50 to 75 years of construction, the entire system might be complete, How should such a large system be paid for and constructed? Two sources make sense:

1. A statewide non-regressive sales tax. Perhaps only on related purchase such as gasoline, diesel, tires, car repairs, batteries, and parking. Or perhaps on all potentially unhealthy items, such as carbonated drinks, alcohol, and pot. Or perhaps a tax on all these and more.

2. Toll roads. Perhaps turn all on-ramps to interstate freeways into toll booths. Or perhaps toll on all parking places using property tax measures. Or perhaps a toll when automobile registration is renewed, based on miles driven.

It is not the purpose of this essay to recommend any form of rail construction funding over any other form. Only elected representatives could make this decision.

When envisioning this rail network, other than city centers stations, what other stations might be desirable? Other such places that could require stations might be:

1. Airports. Every airport that serves the public with regularly scheduled flights might host a rail station in close proximity to the airport's entry.

2. Population centers. Not all population centers are in the middle of a town or city. Often the actual peak of population is in some neighborhood well away from the city center. Such additional population centers might also be served by a rail station in addition to the downtown.

3. Universities and Colleges. Centers for learning can be large enough to be considered a unique population center. Such centers for learning might also be better served by rail stations.

4. Some may believe that commercial venues should also have train stations. Such venues as shopping centers or fairgrounds may seem desirable, but perhaps might be better served by local trolleys or buses?

Intra-State Freight

It might make sense to run rail freight to many of the same locations as passenger rail. The state might determine that instead of running two tracks of passenger service, it would make sense to run four tracks, two for passenger service, and two for freight.

Because freight is generally heavier than passenger cars, bridges and elevated sections of track will have to be constructed significantly stronger. Four tracks make the system more resilient, because a derailing on the freight line could allows freight on a section of passenger tract to bypass the outage. Similarly a derailing on the passenger line could allow passenger trains on a section of freight track to bypass the outage.

For such a dual system to work, both passenger and freight would need to be identically electrified, with the same gauge and class of track.

Below is one possible (of many) maps of suggested stations and routes. Naturally, no routes or stations should be planned without public input. This is more of a dream than an actual plan.

Tuesday, March 23, 2021

C Is The Best Language

The following text was extracted from my recently revised "C From A To Z" book. The tables and bulleted lists below look far better in that book.


 The C language has been called: "The only portable assembly language." Which means that C is available on all computers and can be used to write anything from operating systems to device drivers, from web servers to user interfaces. Correctly written C Language programs always run significantly faster than programs written in other languages. This speed and portability has distinct advantages, both economic and application specific:

  • C programs require fewer CPU cores to accomplish the same tasks compared to other languages. 
  • C programs manage their own memory so are not slowed by garbage collection. 
  • C programs are equally adept at handling strings and binary (ISO) data.
  • C programs, even when run by root, can give up special permissions to run more securely.
  • C programs run without the need for an enclosing environment. Ruby, for example, often requires Rails to start before the Ruby program can run. Java, for example, requires its Run Time Environment to be present to run the Java program.
  • C can be used to write operating systems. Unix and Linux, for example were written in C.
  • C can be used to write other languages. C++, Ruby, Python, Java and other languages are written in C.
  • C can be used to interact efficiently with the outside world. Apache is a popular web server that was written in C. Sendmail, postfix and qmail are all written in C and are used for the world-wide exchange of email.
  • C can be used to create databases. Posgres, mysql, and Oracle are all written in C.
  • A well written C program is extremely portable and can be easily built on any system. Sometimes, a built C program can be run on other related systems (such as flavors of Linux) without the need to rebuild it for each system.
C versus other languages
Why should you learn to program in C when there are so called modern languages available? After all, businesses practices often drive language adoption:
  • Many website businesses only hire programmers who can write using the Python, Ruby, Php, or Java languages. 
  • Other website businesses are only interested in object-oriented languages and programmers that use them, such as C++, Python, Ruby, Php, or Java.
So one must wonder, if there is any role for the C language in such a world of specialized languages?
Yes there is! Consider the following:
  • All of these modern languages are written in C: C++ is written in C. Python is written in C. Ruby is written in C. Php is written in C.
  • Programs run 10 to 1000 times faster when written in C than when written in one of these other modern languages.
  • C creates slimmer, more efficient code than these other languages.
  • C programs start up faster than programs written in these other languages.
  • C handles errors more adeptly than do these other languages, which typically use traps to handle errors.

To illustrate, we compare and contrast the speed of C to the speed of those other languages. Note that all of the following tests are available in Appendix B.

C runs faster

The problem with interpreted programs is that they run slower than compiled languages. This lethargy is because the interpreter must read and process the code a line at a time. Ruby, Python, Php, and Perl are interpreted languages. For example the php program, or a library in a web application, must interpret (run) your php code.

Compare the run time speed of these interpreted (script) programs against the run time speed for the C language program. All the programs and scripts did exactly the same thing, count up to ten-million with a loop inside another loop. In the following, the time command produces output in four fields of which we are interested in the third, the total run time:

% time php looptest.php

34.82u 0.07s 0:35.18 99.1%

% time ruby looptest.rb

45.19u 0.06s 0:45.47 99.1%

% time python

65.24u 0.09s 1:05.97 99.2%

% time ./looptest

1.58u 0.00s 0:01.60 98.7%

Here, the compiled C program (looptest) ran in 1.6 seconds, whereas the interpreted Php program (looptest.php) ran in 35.18 seconds, which makes the C program 22 times faster. We summarize these results in the following:

Table 1: Interpreted Versus Compiled Loop Test Runtime Comparisons

Language Runtime C Faster By

C Language 0:01.60 1x

Php                 0:35.18 22x

Ruby         0:45.47 28x

Python         1:05.97 41x

Another test that looked at the speed of reading and processing files showed similar results. The same file was opened, read and closed in each step of the loop:

Table 2: Interpreted Versus Compiled Read File Runtime Comparisons

Language Runtime C Faster By

C Language 0:03.90 1x

Php                 2:01.04 31x

Ruby         0:37.60 10x

Python         4:57.01 76x

In the above, the file to read was /usr/dict/words, and its lines were counted 1,000 times.

And finally the comparison of results from a simple test to see if a string contains a valid integer. This test is executed in a loop 10,000,000 times:

Table 3: Interpreted Versus Compiled Integer Test Runtime Comparisons

Language       Runtime    C Faster By

C Language         0:02.00 1x

C++ Language 0:04.01 2x

Php                         0:20.80 10x

Ruby                 2:02.10 61x

The loop included a test to see if the check failed or succeeded.

Clearly the C language runs faster than these other languages by a significant amount. If you want to milk every bit of performance from your hardware, C is the obvious choice.

Consider the scalable cost of hardware versus your fixed cost of labor. Isn't it better to double the performance (code speed) on your existing hardware every six months rather than to double the cost of your hardware every six months? Such amazing efficiencies are only possible with C.

Tuesday, February 19, 2019

Socialism Is Good for Capitalism

Homeless Can Be Good for Capitalism

What would you say if I claimed that Socialism could increase the number of customers for almost any business by 14 percent?  You would probably laugh. But read on and be surprised.

Most capitalists oppose socialism because of a belief that the role of government is to maximize the use of capital, while reducing the size and expense of government For example, corporations desire lower corporate taxes so that they may return greater profits to their share holders. Lower taxes means a reduced government and results in, "A lessor boot heel on the neck of every struggling businessperson."

Most businesses achieve higher profits by attracting more and more customers. One way to attract more customers is to advertise. Another way is to reduce customer cost by cutting manufacturing costs by moving manufacturing overseas, or by reducing the number of employees.

But what if there was a better way to increase the number of customers?  Consider that the homeless contribute nothing to the economy and are not customers, yet draw funds from local government, and lower the quality of life for all. Consider that the poor are supported by government expense which minimizes their use as customers.  Consider that the disabled contribute little to the economy, yet draw disability funds from government. And consider that when jobs are scarce, the laid off rely on unemployment payments, far less than the prior income, and of a limited duration.

A Minimum Income

One way is to streamline and thusly reduce the size of government would be to combine the homeless, the poor, the disabled, and the unemployed.  A simple way to achieve this unification is with a "minimum income" or a negative income tax.  A "minimum income" would be administered by the social security administration. A negative tax would be administered by the Treasury Department by way of Income Tax.

I prefer a minimum income because it is administered monthly rather than annually. In its simplest form, everyone with a  social security number will receive the minimum income.

For example, a homeless man on a "minimum income" would be able to rent an apartment, pay for utilities and food, and would be in a much better position to find a job. As potentially solvent customer, he and those like him would increase spending on manufactured goods.

For example, a single mother on a "minimum income" could afford an apartment, utilities and food, and could afford to find child care so she could find a job.  She and those like her would become better customers.

Note that "minimum income" is greatest when all other income is zero.  Then for every $100 that all other income increases, "minimum income" would reduce by $50. This gradual reduction means that when a person gets a job his or her total income ("minimum income" plus other income) will increase to be more than "minimum income" alone.  It is important that minimum income not be cut off suddenly at some level, but rather tapers off so that the poor are encouraged to find employment and better their situations.

As other income increases, "minimum income" decreases at half the rate.

For example, if the minimum income was $1,000 per month, it would reduce to zero when the individual's other income reached $1,900. If a person on disability received $900 per month from the state, they would also receive $550 "minimum income." But if "minimum income" was the law, that same disabled person would receive $0 disability payment, and instead receive $1,000 "minimum income."

But if a state wanted to provide a disability payment over $1,000, they would be free to augment the "minimum income" but that augmentation would become other income and would reduce the "minimum income." For example, if a person qualified for $1,500 per month in disability, the state could pay an extra $500. $500 extra income would reduce the "minimum income" to $750, resulting in a net total disability income of $1,250.

For "minimum income" to work, it would need to be tax exempt. It must also belong to the individual and couldn't be given away, could not be used to settle a law suit nor any other property settlement, and couldn't be garnished or taken by any government nor by any corporation nor any company nor any private individual.  It could not be used to guaranty a loan, because the bank could not take it.

As you can imagine this "minimum income" could only benefit the poor directly. The population of the US is about 380 million, so if the poor represent only 14% of the population, then only 47 million people would be receive this "minimum income."

But what about dependent children of those receiving "minimum income"?  I propose that up to the age 18, such dependent children would receive 1/4 of the "minimum income" those funds to be administered by the legal guardian or parent.

And what about Social Security? It would not change, except that the minimum social security payment per month could never be less than the "minimum income."

How would we pay for the "minimum income"? One way would be to increase the social security tax rate from 6.2% to 7.2%, and to remove the wage ceiling of $132.900 at which social security taxes are cut off.

A 14% increase in the number of customers is nothing to sneeze at.  Would it be worth the cost? It depends on if the increase is permanent and can be counted on by the nation's businesses. If so, budgeting based on such a permanent fixed increase in the customer size will benefit all businesses here and abroad.

Naturally one would not want to implement a "minimum income" all at once. Instead, perhaps at the state level, one could introduce the concept using the disabled as a test, or the homeless as a test. And then track those people to see if the effect is as predicted.

Also note that $1,000 per month was a purely arbitrary guess for a "minimum income". Also note that the $50 drop in "minimum wage" per $100 increase in other income, was also a purely arbitrary guess.  Greater or lessor amounts would have to be decided by those actually implementing this or a similar proposal.

Tuesday, December 11, 2018

A Better Sales Tax

A Better Sales Tax Is Non-Regressive

One problem with the normal sales tax is that the rate is the same for the poor as it is for the rich. Consider a galvanizes pail used in gardening. Suppose it cost 10.00 to buy, and suppose the sales tax were 10%. The cost of that pail would be 10.00 in states like Oregon, that don't have a sales tax, or 11.00 in states that had the 10% rate. The rate in some cities is as high as 13.5% and in others as low as 4%. But all have the same problem. The difference between 10.00 and 11.00 may seem inconsequential to folks with a high income, but to folks with a low income, the difference might be enough to encourage purchase of a plastic bucket instead.

A progressive sales tax would would look much different. It would be tiny or zero for low priced items, but would grow higher as the cost increased. For example the tax on a 10.00 bucket might be zero, whereas a tax on a 200,000.00 boat might be 4%. And the tax on the sale of a 5,000.000 home might be 8%.

When a medium income person buys a home it us usually for less then 250,000. When a high income person buys a home, they usually pay less then 1,500,000. When a wealthy person buys a home they usually pay 3,000,000 or more. It makes sense that, when a wealthy person buys an expensive property, they are uniquely in a position to afford a higher sales tax.

One possible formula for such a non-regressive sales tax might look like this:

$0                -       $9.99       %0
$10              -      $99.99      %0.25 (1/4 percent)
$100            -     $999.99     %0.50 (1/2 percent)
$1,000         -   $9,999.99    %1
$10,000       -  $99,999.99   %2
$100,000     - $999,999.99  %4
$1,000,000  - and above      %8

If you were to buy a galvanized bucket for $9.99 you would owe no tax. If you were to buy $99.99 in groceries, you would pay three cents in tax ($100.02 total). If your were to pay 1,000.00 for a car repair, you would pay $10.00 in tax (1010.00 total). If you were to pay $10,000 to five trees removed and the stumps removed, you would pay $200.00 in tax ($10,200.00 total). If you were to pay $100,000.00 for a fully tricked out Range Rover Sport, you would pay $4,000.00 in tax ($104,000.00 total). If you were to pay $1,000,000 for a small studio condo in New York City, you would pay $80,000.00 in tax ($1,080,000.00 total).

Scaling up of the tax rate moves the bulk of the tax onto the rich.  For such a non-regressive tax to work, there must be no exemptions. Although it is tempting to exempt groceries or prescription drugs, one should resist that temptation. For if groceries are exempted, then similar logic might lead to the exemption of  real estate or car purchases. The choice must be to either scale the sales tax, or to apply the same tax to all and provide exemptions.

Policy will determine the rate that the tax increases. For example, instead of doubling the tax rate for each ten times the amount, perhaps triple the tax for each twenty times the amount.

Policy will also determine the amount below which no sales tax occurs. For example, you might want to benefit the poor and middle classes together. One way to do that might be to charge zero tax for all sales below one-thousand dollars.

One advantage of scaling by a formula is that formula, and starting and ending amounts, are all that are needed to find the tax. A later law might change the starting point or the ending point or the formula, but would likely change only one of the three at at time. This simplifies updates to cash registers.

The alternative is to chart the increments and rates in law. This has the disadvantage that the chart would look like a table and the entire table might have to be altered to change one amount or rate. Updates to cash registers would require a simultaneous update of them all with a new table.

Another requirement should be that sales tax never taxes a tax. For example, sales tax should only be applied to the untaxed portion of gasoline or to the untaxed portion of a hotel room.

This blog is not the end all or be all of a scaled sales tax. It is merely intended as a means to get others thinking about a non-regressive sales tax.

Monday, April 23, 2018

Right To Vote Ammendment

    States have reduced access to voting by various means over the years. Such laws seek to disenfranchise based on poverty, sex, or race. Some states require photo ID before a citizen may vote. Others reduce the number of voting places in low income areas. Convicted criminals are routinely denied the right to vote.
    The fundamental right to vote needs to be spelled out in the constitution once and for all to insure nobody is ever denied the right to vote.
    Also, in recent history, companies, corporations, and the very wealthy have sought to influence elections in ways that reduce effectiveness of the individual vote. Although corporations are people, they are not voting citizens and so should have no right to influence elections. Also the wealthy citizen can unfairly influence an elections more than a poor citizen can. Such behavior is unfair and should be discouraged.
    In support of these ends I propose a constitutional amendment something like the following:
  • Section 1. No Citizen shall be denied the right to vote, except for reason of too young an age.
  • Section 2. Only a Citizen may vote and only a Citizen may influence an election. Non-citizens are barred by law from influencing any election.
  • Section 3. Individual wealth shall not unfairly influence any election.
  • Section 4. The Congress shall have the power to enforce, by appropriate legislation, the provisions of this article.
    Let me know what you think. Should it be worded differently. Should it be reduced to solving one problem instead of three problems? Do you think such an amendment is foolish? Or do you think it may have a chance?

Tuesday, September 26, 2017

Eugene, Oregon's EMX (BRT) Line Versus

EMX Bus Approaches Eugene Station

The Lane Transit District (LTD) opened its EMX (Emerald Express) west 11th Street extension on Sunday last the 27th of September 2017. I rode it on that opening day and found it bumpy but otherwise comfortable.
The EMX system is a Bus Rapid Transit (BRT) system. So how does EMX compare to regular buses and to light rail?

  1. EMX is basically a bus. Its stations are called bus stops. It has many reserved lanes in the roadway where only it, and right turning cars, may drive. It stops at signals just like all traffic and regular buses do.
  2. Because stops are few and far between, you can think of it as more of a Limited bus route. Riding it reminded me of the 38L on Geary Boulevard in San Francisco. A bit faster perhaps, and less crowded then the 38L. But both only stop where they cross other bus routes. In this sense, EMX is a limited stop bus route.
  3. Bicyclists slow down loading because bicycles most be placed on a special rack a the front of the bus, a rack that can only hold two bicycles. Contrast that to the new EMX bus. It has an internal bike rack that can hold three to six bicycles. And because bikes roll easily onto and off of the bus, their loading/unloading does not slow down the EMX bus.
  4. All LTD buses stick to published arrival times posted at each bus stop. The EMX bus posts those arrival times on electronic screens at each stop. When any bus, including EMX buses, runs ahead of schedule, it must pause in a bus stop and wait to get back on schedule. This is perhaps the one most annoying part of riding the LTD system. Buses that pause to fall back into schedule are frustrating. Instead, LTD signs should show when to expect the next bus in minutes. "The next bus will arrive in 7 minutes." That way, even if the bus ran ahead of schedule, the arrival would be correctly predicted without the need to pause at a bus stop. This is easy to change on EMX because they run at 10 minute intervals. So missing a bus causes little harm. This would not work on other bus lines because they run at 1/2 hour and hourly intervals where missing the bus is a crisis.
  5. Despite having laid special concrete in its lanes, the EMX bus ride was bumpy. All buses are bumpy because they run over road intended for other traffic. The only systems that are smooth are rail systems. Portland's light trail system, for example, is smooth. Light rail costs twice as much as BRT to build. EMX could have built half the distance and put in light rail. Would half the distance of light rail have made sense? Subways cost 10 times more than BRT to build. Would on tenth the distance of subway light rail have made sense? Probably not, because BRT gives you more distance for the buck, but BRT runs a third as fast as a subway.
  6. The real advantage of EMX is its frequency. During weekdays, EMX buses run one every 10 minutes. Imagine if all bus routes ran one every 10 minutes. A rider wouldn't need plan on a scheduled bus, instead the rider could simply show up at a bus stop and a bus would arrive within 10 minutes. Would buses be vastly more popular if so frequent?
  7. As an experiment, LTD should run an express on some busy route to see if frequency is a better draw than BRT with it level boarding and scheduled stops. By way of example, consider a 50x that could run out River Road crossing the 51, 52, and 55 lines. If it ran once each 10 minutes, and only stopped at transit transfer intersections, would it be as popular as the existing EMX line?
How does BRT stack up in your town?