What the heck could be going on? My friend stated the obvious: “It’s clear that they’re getting more traffic than they can handle. The question is why they can’t handle the traffic they’re getting.” Load problems could explain servers hanging in California and New York … but the drop-downs? The standard explanation for this is “high load,” but high server loads don’t cause your security dropboxes to empty out.
“The drop-down thing is mystifying,” he told me. If federal exchanges decided to populate the security question fields by calling up a list of possible questions from another server — one that didn’t have a lot of capacity — then that might be causing the sign-up process to stall at that step. For an application that expects a lot of traffic, this is a very bad idea.
“Just cache them on the front ends, for heaven’s sake, so you only need to ask once,” he said. “A database call to get questions shouldn’t be in the critical serving path. If you’re hitting the database just to load the security questions, then just serving individual pages is going to be expensive.”
The various glitches, he pointed out, “could very easily be because deadline pressure caused them to take some shortcuts that impacted their ability to scale.”
“The aforementioned let’s-hit-the-database-for-security-questions thing.”
Why would they use such a seemingly obvious poor design?
“It can be easier to make a call to another server to get something when you need it than to implement a cache that you prepopulate either from static files or from the database on startup. Making a call to another server is also something you’d naturally think to do if you hadn’t had to focus on scalability before. The security question page is probably not the thing you’re most concerned about, so you give it to the new hire to do as their starter project. They don’t know what they’re doing, so they implement it the straightforward way … and since you’re under unbelievable deadline pressure to get something working now nobody reviews it in detail.”
Obviously, we don’t know if this theory is correct — but it does fit the particulars.
Government programmers are subject to the same development pressures as the rest of us. Via Untangling Obamacare’s Web Glitches – Bloomberg.
As the 2.0 state fails, we are seeing increasing awareness, urgency, and activism in response to a deepening crisis. The emerging America 3.0 will reverse several key characteristics of the 2.0 state: decentralization versus centralization; diversity and voluntarism rather than compulsion and uniformity; emergent solutions from markets and voluntary networks rather than top-down, elite-driven commands. Strong opposition to the rise of America 3.0 is inevitable, including heavy-handed, abusive, and authoritarian attempts to prop up the existing order. But this “doubling down” approach is doomed. It is incompatible with both the emerging technology and the underlying cultural framework that will predominate in America 3.0.
via America 3.0: The Coming Reinvention of America — The American Magazine.
Attorney General Eric H. Holder Jr. is set to announce Monday that low-level, nonviolent drug offenders with no ties to gangs or large-scale drug organizations will no longer be charged with offenses that impose severe mandatory sentences.
The new Justice Department policy is part of a comprehensive prison reform package that Holder will reveal in a speech to the American Bar Association in San Francisco, according to senior department officials. He is also expected to introduce a policy to reduce sentences for elderly, nonviolent inmates and find alternatives to prison for nonviolent criminals.
Good. Better if they end the drug war entirely, but I’m happy for baby steps in that direction. (Credit where credit is due.) Via Holder seeks to avert mandatory minimum sentences for some low-level drug offenders – The Washington Post.
“We knew USG would come after us”. That’s why Silent Circle CEO Michael Janke tells TechCrunch his company shut down its Silent Mail encrypted email service. It hadn’t been told to provide data to the government, but after Lavabit shut down today rather than be “complicit” with NSA spying, Silent Circle told customers it has killed off Silent Mail rather than risk their privacy.
The Silent Circle blog posts explains “We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now.” It’s especially damning considering Silent Circle’s co-founder and president is Phil Zimmermann, the inventor of widely-used email encryption program Pretty Good Privacy.
Silent Circle’s other secure services including Silent Phone and Silent Text will continue to operate as they do all the encryption on the client side within users’ devices. But it explained that “Email that uses standard Internet protocols cannot have the same security guarantees that real-time communications has.” With too many opportunities for information and metadata leaks in the SMTP, POP3, and IMAP email protocols, the company believes there was no way to live up to its promise of total privacy.
“We wanted to be proactive because we knew USG would come after us due to the sheer amount of people who use us- let alone the “highly targeted high profile people”. They are completely secure and clean on Silent Phone, Silent Text and Silent Eyes, but email is broken because govt can force us to turn over what we have. So to protect everyone and to drive them to use the other three peer to peer products- we made the decision to do this before men on [SIC] suits show up. Now- they are completely shut down- nothing they can get from us or try and force from us- we literally have nothing anywhere.”
The Feds don’t like it when you try to keep your communications private. The police state is here. Via Silent Circle Preemptively Shuts Down Encrypted Email Service To Prevent NSA Spying | TechCrunch.
The government currently backs about 90 percent of newly issued mortgages, through Fannie Mae, Freddie Mac, the Federal Housing Administration and Department of Veterans Affairs. To all intents and purposes, except for very large loans to very affluent people, there is no private mortgage market in the U.S.
More socialism. Or is it fascism? Via How’s Obama Going to Get U.S. Out of the Mortgage Market? – Bloomberg.
… HB 603 passed without much fanfare in the spring. At the time, the law might have seemed extraneous, or even paranoid. But knowing what we know now, the law seems prophetic (not unlike the way Shia LaBeouf warned us about spying back in 2008) and is getting some new-found attention. The law is pretty straightforward—the government can’t spy on Montanans through their electronic devices unless they obtain a warrant …
And “electronic device” is meant to encompass laptops, cell phones and tablets …
That effectively makes Montana the first state in the country’s history to pass an electronic privacy law that protects you from the government. The bill’s sponsor, Rep. Daniel Zolnikov, and Montana’s lawmakers outpaced all the states in the country when it comes to privacy—Texas signed an email privacy bill into law last month, and Massachusetts and a handful of other states are considering their own privacy laws when it comes to electronic surveillance and wiretapping.
Of course, the question now is, how do you enforce that? Still, it’s a good symbolic move. Via If You Don’t Want the Government to Spy on You, Move to Montana – Alexander Abad-Santos – The Atlantic Wire.
I am not a legal scholar, so I need someone to explain it to me. In what sense do we live under the rule of law if the Congress can pass a bill, the president can sign it, and then the president can unilaterally announce that it is not going to be implemented as planned? Telling me that this kind of discretionary power is routinely exercised by the executive branch is not an answer. In what sense is legislation that permits such discretion the “rule of law”? Isn’t the essence of the rule of law that ordinary citizens can know what the rules are? Can be confident that the rules are not guidelines but, you know, The Law?
We live in a country where the law has not only become unintelligible, written in thousand-page chunks, but has morphed into a giant mass of silly putty that can be reshaped as our rulers find convenient.
via The Obamacare employer mandate delay is another symptom of our crumbling ‘rule of law’ | AEIdeas.
… when countries like Russia and Iran say the US is simply too untrustworthy to manage the Internet, no one will be able to argue.
We can’t fight for Internet freedom around the world, then turn around and destroy it back home. Even if we don’t see the contradiction, the rest of the world does.
via Schneier on Security: Blowback from the NSA Surveillance.
A bureaucracy is bad. A politicized bureaucracy is worse. A paramilitary politicized bureaucracy is nuts. And, in fact, evil. There is no reason in a civilized society why the Deputy Assistant Commissioner of Paperwork should have his own SEAL Team Six.
The police state is not “coming” — it’s *here*. Abolish the IRS and replace it with the Fair Tax. Via When Your W-2 Meets an AR-15 | National Review Online.