Someone asked the other day about top ten favorite movies, and I've been slowly coming up with answers since. In no particular order, mine settled on something like:
Real-world economics in action! Goozex, a video game trading service that's now pretty much defunct, ran like this: a game has a value in 'points'. You can offer a game for its point value, or you can request a game for its point value. When there is both an offer and a request, the two are matched up, the points change hands, and the requester is also charged a "token", which costs a dollar. The seller pays for the shipping to the buyer, and ships the game. Also you can buy points.
For a while this model worked pretty well, games traded regularly, people were happy with it. Gradually, the request queues got longer, and there were no dangling offers to be found. And in talking about this, and what could cause it to have collapsed like that, I think I found the answer. And it's kind of interesting.
Imagine on a small scale, let's say there are 6 people. One of them buys 5000 points and 5 tokens. Each game costs 1000 points. The other 5 people all have a game they want to trade, so they sell their games to the first person. Now they each have 1000 points and the first person has no points and 5 games. Now in the system is 5000 points worth of demand, and zero supply. The guy who bought the games finishes them, decides to keep one, and sell the others. Now there's 5000 points worth of demand, and 4000 points of supply. The other users buy tokens so they can spend their points, and one of them buys a thousand points too. That one buys two of the games, two of the others buy a game, and two are left with their 1000 points and are in a queue. Now the original user has 4000 points, two users have 1000 points each, and there's no supply again.
This sort of trading can go on indefinitely, the point is, the demand never ever goes down - there will always be 6000 points worth of demand, or more if someone buys some points again. Supply can go up if people buy games for money and sell them for points, down when people make their trades, or stay the same when people make trades and then want to resell the game back in again. But anyone who has points won't want to buy games for money and sell them for points - they want to use their points to get their game, obviously, because cash is good for other things but points aren't. Demand can only ever go up, short of people dying with a points balance and no request queue. So it's inevitable, with this design, that the Goozex economy would fail. The prices were fixed, at first, but now they freed them up which has resulted in massive inflation as the prices go up to try to compensate for more demand than supply, but since there is essentially infinite demand, inflation can't fix it - all it does is make people mistrustful of the system so they try to cash out, making the problem even worse.
The funny thing is they could have solved this problem at the beginning, if they'd thought it through and realized this would happen - rather than charging a dollar for a trade token, they could have just charged a percentage of the points involved in a trade. That way the demand and supply would both 'soften' when a trade happens, preventing their current situation where there is literally no supply and nobody wants to provide any supply - it doesn't matter how many points you can get for your game if there's nothing you can spend points on.
On the other hand, maybe with a points-only system a different problem would arise - people would try to trade in games for more points than they could buy for the same amount of cash, and would refuse to pay cash for points because they would perceive that they could get a better deal. However, this problem would resolve itself - an oversupply of cheap games would reduce their point price (before trades are made since not enough people are buying those games for points) until that game's point value corresponds to the cash value of buying that many points. So in the end there would be no advantage to trading for points rather than buying them, unless you were trading games people actually want, in which case the system is working as intended!
There might be a problem persuading people that buying points is ever a good idea though, when they could just buy the game they want in the first place for the same amount of money. Tokens are a clever way of sidestepping that psychological issue. Alternatively, if the point value (including the transaction 'tax') is always slightly lower than the cash value of the game, then it would make sense to buy points if you don't have any, while still making sense to trade games in.
I just noticed a really obviously stupid thing about operating system design, mostly Windows but partly true in others as well. There's the concept of the "administrator account", that enables installing software, to prevent things from secretly installing malicious software. But here's the problem - every time we intentionally install something, we give someone's arbitrary program the permission to run as an administrator.
So basically every piece of software we ever use, at the very first point in its life cycle has administrator privilege. At that point, what good is that barrier even doing? I suppose it's useful for preventing buffer overflows and things from giving system-invading access, but those things are a tiny minority of infections - the usual vector is people installing something that has a malicious thing piggybacked on it. That malicious thing now has administrator privileges if it wants them, because it can grant itself them during the install!
It would make much more sense to have a single operating-system-owned "installer" program, and only install packages, globs of files with coded installation instructions. There would still be an annoying "are you sure you want to install this?" popup, and there would still be the possibility of installing malicious software that you might run at the user level, but there would only be an "are you sure you want to give an arbitrary thing administrator privileges?" warning if the installation package was specifically requesting that. The installer program could also have a separate warning for "are you sure you want to install a thing that will run at startup / immediately?" which would vastly reduce the risk of malicious software infections, since there isn't a lot malicious software can do if you have to actively elect to run it every time.
As an added bonus, this would warn you about Adobe and Sun's auto-updaters being jerks before you installed them, too.
Followup to my Facebook fiasco - I have now got back in by giving it Jessica's phone number. Somehow that is valid confirmation that I am me, while actually valid photo ID went completely ignored for three days. Well played, Facebook. (I then immediately deleted the phone number from my account because fuck you Facebook I don't want a phone number on my account, let alone someone else's phone number!)
That's pretty messed up - a few days ago Facebook decided to accuse me of not being a real person, and challenged me to identify 5 friends from randomly selected pictures. That would be easier if half the pictures weren't indistinguishable baby pictures, and if Facebook hadn't aggressively encouraged me to 'friend' everyone I've ever met in the slightest capacity many of whom I have no idea what they look like today since I last saw them 20 years ago, but I managed to barely defeat the challenge, and regained access to the account.
24 hours later it decides to accuse me of not being real again, and this time it wants a phone number to confirm that I'm a person. So I give it a phone number. "We're going to send a text now, okay?" Well, no, that phone number can't receive a text, and I don't have one that does. "In that case just scan and send us some government-issued photo ID!"
What the hell? This isn't a high-security dealy like a bank account, it's Facebook, and there wasn't any valid reason for the accusation in the first place - the only reasons I can conceive of for this happening are either that I have a funny name that has matched some new no-fake-names algorithm, or someone has decided to report my account as a fake and Facebook just arbitrarily takes someone's word about such things a second time even after the accusee has jumped through hoops to show the accusation to be false less than a day earlier.
But it's worse than that, because Facebook has become such a ubiquitous thing that many sites have a "log in using Facebook" button - so Facebook deciding to randomly cut you off from your account isn't just cutting you off from their service, they're cutting you off from an unknown number of other services too.
And it's worse than that too, because the remedy "send us photo ID", which I'm willing and able to do because they do say "obscure any parts that aren't relevant", and I have a scanner and am okay with Photoshop (what the hell would my mother in law do with this situation?) ... this remedy isn't actually processed in a timely manner, so even if you're willing and able to jump through hoops you're still cut off from whatever accounts you use Facebook to log in to for an arbitrary amount of time.
Yet another reason why I wish "log in using Facebook" buttons were replaced with "log in using singlepassword.com", a hypothetical nonexistent service for which you would create an account as anonymous as you like and use it to log in to any other accounts.
A product that should exist; robot simulator. With several environments and components as plugins so they can be easily added, with everything based on things that actually exist - so you could build a virtual robot, for example, made of an arduino board or a raspberry pi, say, with moisture sensors or GPS or cameras or LEDs or lasers or motors or arm-controllers or touch-screens or whatever, attached to whatever pins of the boards, plus batteries or solar panels or etc. then you can program it in a virtual arduino/pi programming environment, and see how it operates in a given context.
I am surprised. I was predicting that some time in the last few weeks there would have been a lot of noisy news about poor sales figures over the Black Friday and Cyber Monday time, but I haven't seen a one. I was planning to be grumbling "maybe your sales figures wouldn't be rubbish if you were having actual worthwhile deals!"
Maybe they successfully sold a lot of things despite all the deals being pretty pathetic this year, in which case I suppose we can expect every future Black Friday to consist of ads saying "it's Black Friday! Buy something at its usual price or even more!" And people queuing up overnight to do so just out of a sense of tradition.
Recently, there's been a fair bit of noise about Rick Santorum saying "We will never have the elite smart people on our side". It got me thinking about what could possibly be the justification for saying something like that, given that it seems pretty risky to call your target audience relatively stupid right to their faces. The only thing I could come up with is kind of silly, and is not a serious suggestion at all, but if it were the goal then it would be completely brilliant; that idea is that it's a fantastic piece of misdirection, a kind of mental sleight of hand, designed to get people who think of themselves as smart to unthinkingly buy into the idea that there are two "sides", and thus perpetuate the reign of Kang and Kodos. (Against this argument must be raised the point that nearly everyone already bought that idea, hook, line and sinker, so there would be absolutely no need to sneakily subconsciously re-endorse it. So instead we can fall back on "never attribute to malice what can be attributed to incompetence.")
The junk undermining SSL/https makes me angry. For people who don't make websites, here is a quick explanation; https means your connection with a website is both encrypted and verified to be the real site. The encryption is a good and desirable thing. The verification is achieved through third party "root certifiers", and costs an unjust amount of money every month (given that the act of weakly verifying that you are who you claim is something done once, and renewing is something done without human intervention, a cost of say $50 once and maybe $5 per year would be reasonable). There exist organizations that verify who you are better, and issue SSL certificates at no cost, but they're not in the "approved list" so browsers won't recognize those certificates.
Now the thing that makes this annoying is that when the browser doesn't recognize a certificate's verifier, you get giant alert boxes swearing that the offered certificate is made of toxic slime and will eat your face off given the chance, making it seem like the website in question is less secure than a website that doesn't even try to be secure (ie. you don't get any alerts about face-eating when you go to any site without https). So while you technically can just have the encryption without the verification, using a self-signed certificate, no users would visit your site because their browser makes it sound like a terrible scary disaster waiting to happen.
Now to some extent this does make sense - it's plausible that, with an unverified certificate, someone can intercept your conversation with a server by pretending to be the server, to you, and pretending to be you, to the server, and thus steal all the data. This is known as a man in the middle attack. It's prevented by root certificate verification. The prevalence of this kind of attack is approximately zero attacks in every thousand, so the mandatory verifying is very helpful for preventing those zero attacks.
Without encryption at all, you can just passively 'sniff' traffic to steal passwords - this is maybe five attacks in every thousand, which could be prevented with encryption, which would be a lot more prevalent if you didn't have to do the damn verifying. So that's five attacks in every thousand that aren't prevented because of the additional security price hurdle that prevents websites from bothering with encryption. This is why I am annoyed by it.
Most of the other 995 out of a thousand attacks involve installing trojans on people's computers and stealing their passwords right from their keyboard or browser. None of the security measures discussed help with that. So basically, SSL certificates ask that you pay money every month to prevent zero attacks, to make your website more secure, while still being vulnerable to the vast majority of attacks. SSL is the internet's TSA.
Today I came up with the silliest idea for an income tax loophole. For it to make sense, you first have to know that gambling winnings are taxable as income, and gambling losses are only deductable as an offset against gambling winnings (except the stock market, where you can deduct all losses for years, because that's gambling for politicians and lobbyists, and those guys don't like to pay taxes, everyone else loves it.)
Here's how you can exploit this as a tax loophole.
Step 1: Have your employer pay you minimum wage plus a limited number of gambling opportunities at odds which average out to winning the rest of your wage. (eg. if you're paid $20 an hour and minimum wage is $10 an hour, your new wage is $10 an hour plus an option of 20 opportunities to gamble $1 against $2 with 50:50 odds.) So now half of your income is legitimately "gambling winnings" and can be declared as such.
Step 2: Open shops at which you can 'gamble' for all the things you would normally buy. 10 cents for a one in twenty chance of winning a loaf of bread, a loaf which normally costs $2. Now your "gambling losses" are more than half your income, though your "gambling winnings" are also increased by the same amount when you win the bread since you also have to declare non-cash prizes, leading to...
Step 3: The gambleshops also sell all prize items for ten percent of their normal-shop price, limit one item per customer (lifetime). Thus we establish that the tax-declared 'value' of your 'prize' loaf of bread is just 20 cents, since that's what you can buy it for.
Bringing it all together, now you work for an hour and earn $10 regular income, gamble 20 times and now have $20 (on average, made up of your initial $10 plus $20 gambling winnings and $10 gambling expenses/losses). Now you gamble for bread 100 times, winning 5 loaves, costing you $10 ($10 gambling losses, and $1 in gambling winnings of 'prizes'). Your running totals for the taxes are now $10 regular income, $21 gambling winnings, and a deductible $20 of gambling losses, totaling $11 of taxable income, versus the normal-world $20 you'd be taxed on for that same practical result.
Essentially, the idea is that through making everything "gambling" you can make everything you "win" instead of buying tax-deductible. Note that this only works if you're also paid in "gambling winnings", because the "losses" wouldn't be deductible otherwise, and also only works if you establish the "value" of what you "win" as lower than its normal cost, because otherwise your additional prize-winnings will be equal to your losses and cancel them out.
I would love to see the court case that would result when the IRS cries "fraud" if someone actually set up a town that worked on this basis. Presumably the argument would be about the "value" of the prizes, but what is the true value of a loaf of bread prize? If that was the argument then, worst case, you could still end up tax-deducting the difference between what you pay for a loaf of bread and what a loaf of bread costs the store wholesale. I'd be really interested to find out what the true and proper value of intangible goods is in the eyes of a court too - if you were to win rental of a house that has never been rented for money, what was that prize's cash value according to the IRS?
Navigate: (Previous 10 Entries)