Through Their Children, I Know Them
Members of my parents' generation have begun their final traverse across the plateau of life and over the cliff that all of their ancestors went, before, and down from which my generation will, too, eventually fall. Among my contemporary friends, few of their parents, have I ever met. Without a direct encounter, it is only through a lens of abstraction - the interface of an interface - that I can know those I've never known.
Teresa Wagner, a friend I met five years ago, said goodbye to her mother, today, and I joined her in paying respect. Though I never met her mother, I know her, still. If not completely, then largely of Native American descent, Teresa is one I can describe as very much the salt of the Earth, as were her ancestors, exhibiting only the highest ethical standards. Through spirituality, Teresa seeks personal enlightenment. She recognizes her oneness with this world and her connection with another, intangible place, and her ethos follows suit.
Goodbye, Hattie Joyce Brown. Though I never met you, I know you. I feel your strength all around, thanks to your daughter, and my friend, whom you gave the name, Teresa.
The Sadder and Sadder State of Paper Mail
Paper mail continues to be the most effective way to communicate with an elected official. Sadly, this sort of mayhem could take away the ability for average citizens to directly and physically communicate with their government.
Between the slow financial asphyxiation of the post office, through the 2006 postal law, and dangerous mail being sent to people who work in government, I can see paper mail service coming to an end.
Repeal H.R. 6407
Today, I prepared and mailed out three postcards. Two were addressed to California's United States Senators, Feinstein and Boxer, and the third postcard was addressed to my district's United States House of Representatives delegate, Sanchez. Rather than by members of the Republican Party, I am glad to be represented by three Democrats, in the United States Congress, though, even the Democratic Party has moved quite far away from its New Deal and Great Society positions of the past. In comparison with their Republican counterparts, Democrats still exhibit a reasonable degree of lucidity in the legislation that they pass and the Article III judges, whom they nominate and confirm. I changed my party affiliation, in 2002, from Republican to Democratic, because I disagree with the extreme measures to which the greater Republican Party has gone in its effort to overturn Roe v. Wade, by choosing Supreme Court Justices who are apparently willing to define even a block of wood as a legal person in order to justify the eventual reasoning that will be used to overturn the 1973 landmark 7:2 decision, rendered by a very different Supreme Court.
Extremism, among modern Republicans, is found in every aspect of what they believe. Today's Republicans stand in favor of taking away litigation rights from people injured by doctors and businesses. Many of them would like to erect a crucifix in the Capitol rotunda, and pass legislation that permits religious anti science to creep into children's classrooms. They promote training, rather than education. They hypocritically claim that the free market solves everything, but then, block legislation requiring companies to reveal to the free market their use of materials, dangerous to the environment and inappropriate for human consumption. Republicans, today, also seek the total destruction of organized labor. They believe that competing with the Third World involves demoting the American worker to that of the slum dweller.
A majority of Republican Party members even seek to destroy the United States Post Office, which is an agency specifically established, not by amendment, but by the Articles found in the United States Constitution - the Constitution's body - and not within its addenda. The United States Post Office was not some passing thought, considered by the founders of America, a posteriori to the Constitution's ratification. The United States Post Office is an integral part of this country, and mail still matters. If there were no US Post Office, then delivery of products sold by online businesses would be much more expensive, because US postal employees provide inexpensive last mile carriage of many items shipped via UPS and FedEx. Also with the dissolution of the US Post Office, parcel transport service companies, no longer given a pricing counterweight, will raise their rates, making into a luxury, the shipping of parcels and also the hand delivery of paper correspondence.
Furthermore, the United States Postal Service is one of the last strongholds of organized labor, though even there, the power of unions has been eroded. Nonetheless, the postal workers of America, demonstrate to the rest of us the importance and value of organization.
In 2006, H.R. 6407 was passed into law. It was titled the Postal Accountability and Enhancement Act. The Act requires the United States Postal Service to fund its retirement programs, seventy-five years into the future, and to do so within ten years, henceforth, from the Act's transformation to law. Thus, the bill, passed by a Republican House of Representatives and a Republican Senate, was signed into law by George W. Bush, long before future mothers would give birth to children who might eventually staff the United States Post Office, and who upon retirement, might collect a pension and healthcare from that fund.
Because I am certain that none exist, I am comfortable with challenging anyone reading this wexBlog entry to name one business with a retirement fund that is at all similar to that specified by H.R. 6407. While, in the private sector, no such retirement plan exists, under H.R. 6407, employees of United States Post Office are required to carry the unprecedented burden of saving up money to pay for the retirement of employees who are some three generations removed from those in the present day. How can this make sense? It makes sense, only because the bill was drafted by Republican congressmen, passed through the legislature by a House of Representatives, controlled by the Republican Party, then by a Republican Senate, and shortly thereafter, the bill was signed into law by George W. Bush.
Members of the Republican Party, and particularly its TEA and Libertarian Party subsets, subscribe to a philosophy written about by Ayn Rand, in her novel titled, "Atlas Shrugged." Though fiction, many modern conservatives keep the book on the same shelf as their revered copy of the New Testament, a religious text which they've never actually read. In Rand's novel, she asserts that government can do no good, and society prospers only because of benevolent corporate tycoons.
Extremism never results in a positive outcome. Economic policies are unhealthy where, at one extreme, a nation's government is charged with running all matters of industrial activity, and at the other, where private businesses are delegated with the responsibility to control all aspects of the commons, with no points in between. For example, giving financial incentive to private sector firms that operate prisons will assuredly increase the number of people who are sent to prison. In another example, leaving it to private businesses to self regulate leads to no oversight of things that can be hidden.
Private businesses are innovators that, given the chance, will over innovate. Southern California Edison presents a good example, with the firm's 2006 discovery, and quiet dumping of tritiated water into the Pacific Ocean, at the San Onofre Atomic Power Station. Only when the recent disaster in Japan took place was a harsh light shone on San Onofre, and then, the discovery of and investigation into recently installed leaky steam generators created enough political pressure on the US Nuclear Regulatory Commission to force a shutdown of the plant's remaining two reactors. In another example, "Honorable" Pennsylvania Judge, Mark Ciavarella Jr, was paid bribes by the private prison industry to commit people to long term sentences.
Each matter of privatization is different, and seemingly unrelated. However, the perception of dissociation between incidents is wrong. In each case, private sector companies answer to shareholders, who risk nothing but the money that they invest in given ventures, which creates an incentive to drive up profits at any cost to the rest of society. Next up for privatization is the United States Post Office, which is being shoved into bankruptcy by the heavy burden of carrying the unreasonable weight of future retirees who've not yet been born. Then, once the post office is gone, UPS and FedEx will be the only mail carriers left standing, and they will charge whatever the market will bear, with some people priced out of the market, therefore taking away their right to communicate by pen and paper.
Thus, I stand with the Post Office, and I support a bill to repeal H.R. 6407.
Programming Exploration: The Zend Framework
The following are some basic notes on the first steps in creating a project, using the Zend Framework:
zf create project __PROJECT_NAME will create a directory with the following items visible at the top level:
.zfproject.xml
application
docs
library
public
tests
The following book excerpt describes the top level structure of a ZF project:
File This Under: America's Crumbling Infrastructure
Many people deny that America's infrastructure is crumbling. They express annoyance when they hear the word "infrastructure."
This, they will argue, didn't happen, just like the walk taken on the moon by Neil Armstrong and Buzz Aldrin didn't happen.
Possible Success of a Student and the Matter of Leadership
Bad PHP Code, Part I
The following is a script for an upcoming wexBlogCast. It's meant to be heard, not read.
Security is one of two first priorities that developers must weave into their website designs. My name is Peter Wexler, and in this wexBlogCast, I will address one major security oversight made by untrained and inexperienced web developers. So, welcome aboard the Anonymous train to Virusville!
Recently, I sorted through some very seriously flawed PHP code, which directly expresses server, database, and password information, and is accessible from the internet, potentially subjecting the owner of a commercial website to a security failure that could range in severity from yellow to red.
Proceeding, I will ferret out credential-containing unsecured web server code. (It should be noted that the code shown in this demonstration is made up. It is not taken from any specific website, but it mirrors the well-documented error of credential embedding.)
* * *
I wrote my first line of programming code, using a language called BASIC, in January of 1983, more than thirty years ago.
I've been writing web-based software, since July of 2001. After entering my first line of HTML, my explorations quickly turned to learning interactive programming models for the world wide web. Server-side, I've used PERL, Java, and PHP.
I prefer PHP because its syntax is somewhat old style, and it offers both procedural and object-oriented interfaces in a fairly similar fashion as C++, thus allowing developers to choose their programming philosophy, without choosing altogether different programming languages, depending on desire. Java, conversely, requires every part of an application to be enveloped in, what I like to call, an object husk.
Early on, while learning server-side web programming, I gained knowledge about serious, but preventable, security pitfalls that bad programmers create in all languages, but particularly those, such as PHP, that are interpreted, rather than compiled. An interpreted language is one where source code remains human-readable, and a program, called an interpreter, carries out those readable commands. In other words, the interpreter converts readable words into machine code, during runtime.
The programming errors of exposing to the end-user, one's database server, user, and password information, and also, accidentally sharing oAuth app secrets to unauthorized web clients, are des faux pas majeur, committed by uninformed and inexperienced software developers, particularly those who call themselves, "senior," when they actually are not. Such security breaches are made possible when sensitive data are included in a web-facing program, particularly when such content is human-readable. Thus, interpreted PHP code is put into a perilous state, when industry standard security precautions are ignored. The trouble with embedding secure data within a web application's source code is that, if a server-side language interpreter stops running, which does happen, from time to time, then rather than delivering the results derived from program execution, the web server software may deliver, to the web client, the source code housing the confidential data.
So, in this wexBlogCast segment, I thought that I would share the wrong way to include database, user, and password information in a program. Here it is, one of the programmer's deadliest sins: embedding proprietary, sensitive data in a PHP program that directly faces the internet!
In this scenario, a program called, "index.php," retrieves segments from a module called, "dbSetup.php," which then establishes a connection to a back-end database server.
Again, this is a faux pas majeur that is well-documented – one of which the most junior developers are aware, so long as they've done their homework, of course. In this example, when (and not if) the failure scenario occurs, rather than serving up a web document, the server instead serves up the text found in index.php. The savvy end-user notes the include file, called dbSetup.php, which is part of the main index.php file. Then, it's just a matter of pointing the browser to the dbSetup.php file, and instead of seeing the result of executed code, the client views the textual content of dbSetup.php, which includes the login credentials of the database server!
Wait a minute, you say! The password information to which I refer is in a separate file from the body of the work, following the recommended protocol? Not quite! Because the credential containing file sits in an internet accessible directory – in fact, the very same directory where what should be accessible through the internet has also been placed, and there are no directives to the contrary, the credential data may be accessed by visitors, under the conditions that I've just described. It's a problem that's come up many times and has sometimes made the news, depending on whose website has been breached!
So, how do you protect against it? Come back, later, and I'll tell ya!
Proposition 13 Benefits Only Those, Immortal
I first learned about California's Proposition 13 in 1979, when my parents and I moved, here, from New Jersey. The referendum cut property tax for anyone who owned real estate, in California, but if ownership was transferred, then the Proposition 13 tax reduction would be nullified. By 1981, I learned a thing or two about corporations and limited liability, and I concluded that over a fifty-year period, the only people who would benefit from Proposition 13 would be shareholders in corporations that owned real estate, because corporations never die, and thus, ownership is never transferred. I've been talking about this very unfair "loophole," ever since, and nobody would listen.
Finally, it appears that someone's noticed. Take a look at this article, from today's LATimes.
Many of the people with whom I'd argued this issue are now dead; so, I can't say, I told you so! But, I TOLD YOU SO! Why are people so God-damned-gullible, voting against their own best interests, I wonder? Okay, okay, I know the answer: the average IQ is 100, which is below the threshold of understanding long term implications of short term rewards.
California's Proposition 13 provided a short-term tax reduction to normal property owners, in 1978, which remained in place so long as ownership did not change. In return, funding to schools and municipalities, was cut. Thirty-five years later, only those who'd put their properties under the auspices of an immortal corporation, by 1978, still benefit from Proposition 13, today, and everyone else is left holding the bag to cover the ever-increasing cost of building and maintaining roads, sewage systems, and schools.
Join.me
I participated in a teleconference, today. The presenter used JoinMe to share his desktop. ( that's http://www.join.me .) The software is free, and multiple users may observe the presenter's desktop, unlike other free services that only allow one-on-one computer to computer sharing. Anything more typically costs money. This is worth trying and using, for sure!
Facebook OAuth Identification, Continued
Previously, I wrote about one of several possible PHP routes that a developer may take to authenticate a given e-visitor to a website, using OAuth via Facebook. In this installment, I show the step-by-step results. Readers of this article may click here to try the application for themselves.
