Does Walmart pay its employees better than left wing magazine “The Nation”?

An email landed in my email box today:

Walmart pays workers 80% more than its liberal critic

Oh, SNAP1! That sounds really bad.  Damn liberal hypocrites!  A click through to the underlying web site reveals this headline with more details:

Walmart still pays its average associate in N.Y. 80% more than The Nation will be paying its interns.

Hmmm, not quite as bad, but still bad sounding.

The web site goes on to quote an article in The Daily Beast entitled Walmart Calls Out The Nation for Its Low-Wage Internship Program.  That article comments on an email sent out by Walmart that chastises The Nation magazine for only now beginning to pay its interns minimum wage (instead of a previous $150 stipend).  The Daily Beast article goes on to state that Walmart employees average much higher wages (pointing out an average of $12.53 in Alabama) and get access to health benefits. So “The Nation” is a hypocritical left-wing double-standard holder who demands high wages from Walmart while paying the absolute minimum itself? Let’s look to the evidence presented to support their case.

Continue reading

Twitter Hashtag Spam on #nerdland (Melissa Harris-Perry Show) and What to Do About It

For an update on this topic, please also see my more recent post.

If you like to watch shows such as Up With Chris Hayes or The Melissa Harris-Perry Show and also tweet along with them, you’ve probably been plagued with spam.  Whenever a show’s hashtag starts to trend, spammers will begin to swamp the tag with messages like:

What can you do about this?

Pretending it doesn’t exist is impossible. During today’s (Saturday 9/22) MHP show, roughly 20% of all Tweets using the #nerdland hashtag were spam.  But because the #nerdland hashtag popped in and out of the trending topics list throughout the show, at #nerdland’s peak somewhere between one-third and one-half of all Tweets were spam — and started to crowd out the real tweets.

The normal Twitter spam tools are mostly useless.  You could block each user and report them for spamming.  But when you see spam messages, on average, every 20 seconds, there is no way to keep up with them.  Because the accounts are frequently different, blocking one still allows most of the other spam to show up:

Click to enlarge

(The SPAM SPAM is not part of the original tweet, but is a flag my Twitter client puts in when it detects spam tweets — see more later in this post).

Clearly, you can try to ignore the spam.  It isn’t too hard to identify spam tweets yourself:

  • Twitter spam almost always has a URL click. In the case of today’s attack, it ultimately took you to an AOL job listing site where, presumably, the spammer gets paid if you use the site.
  • The text of the spam is usually unrelated to the show.  And often it’s not particularly gramatical.  This is because spammers use sentence generators — one popular one is called “spintext” — that generate sufficiently random sentences to avoid immediate shutdown by Twitter.

A word of warning: you should never click the spammer’s URL.  Today’s spam was fairly innocuous, but there are moments like just this week where hackers find a new weakness in a browser and may be able to infect your computer if you visit their web site, even if you have an up-to-date anti-virus and browser.  (By the way, there is an update to Internet Explorer just released yesterday, 9/21 — make sure you get it!).

But even if you avoid clicking on spam, you still have the annoyance of seeing it in your Twitter feed.  Until Twitter takes it upon itself to stop this, you will need a Twitter client that filters the spam for you.  And that’s where I can help you…

The above screen shot is of a Twitter client I built that detects and hides spam (normally, that is: I had it just tag spam tweets with SPAM SPAM for this article).  The client is free to use.  It does not have advertising that gets in your way.  The spam detection is evolving, but it basically looks for patterns in tweets that identify spammers with a very high probability and then prevents the client from showing them to you.  It won’t catch the first couple of spam tweets, but after a few of them it detects the pattern and kicks in.

In addition to deflecting spam, the application specially designed for tweeting along with shows like the MHP Show or Up With Chris Hayes.  I built it because I am a #nerdland fan and was frustrated with all the other ways to live tweet the show and was annoyed by spam and trolls.

Give it a try, if you like.  You can go to its web site at http://www.tweetwatch.tv/, or if you just want to launch the application to give it a whirl, you can start it here: http://apps.tweetwatch.tv/app/index.html.  It’s easy to select all the MSNBC shows, as well as all the other cable news shows:

Click to enlarge

In addition to blocking spam, there are a bunch of other things my Twitter client does to make live tweeting a show more pleasant.  It allows you to flag people as “trolls” and hide their tweets (which does not report them to Twitter, as most trolling is not really a violation of Twitter’s terms).  It allows you to hide retweets if you wish (you’ve probably already seen the original tweet).  And it highlights Twitter users who are connected with the show (e.g., @MHPShow) so it’s easy to spot their tweets in the stream.

I’ll continue to evolve the program to block spammers (as well as other improvements that are unrelated). Give it a try, and give me feedback — my focus is on making it the best possible Twitter client for following along with a show.  And if you really hate Danish Modern, I apologize for my theming: I’m also a fan of mid-century modern.

The one paragraph that proves Rick Scott is BSing the DOJ

I am not a lawyer, and so when I looked at the competing letters from the Florida Department of State and the Federal Department of Justice about the voter purge, I thought that, well, it doesn’t look like the law is on the side of Florida — but since our legal code is written in lawyerese and not plain English, I couldn’t be sure what the definition of “is” is in this case.

However, I am a computer systems architect.  I work with the largest of corporations on issues of managing their customer data, and the problem of reconciling two lists of customers is a frequent challenge my customers have.

And that is exactly the same problem Rick Scott wants to solve: he wants to match up his list of Florida voters with the list of aliens in the Department of Homeland Security’s SAVE database.  Matches would theoretically allow him to identify non-citizens who are registered to vote.  Rick Scott points out, correctly as far as I can tell (again, I am not a lawyer), that the law permits Florida to gain access to the database for any lawful purpose.  And then he chides the DHS for not fulfilling what he perceives to be their obligations under law.

Continue reading

Password Perversity and LinkedIn’s Lost List

Yesterday, we all awoke to discover the urgent need to change our LinkedIn passwords.  A file containing millions of “hashed” passwords was stolen by hackers and then posted on the Internet.

At this point, the real extent of the damage is unclear.  The file which was posted contains passwords, but no user names, so it is useless as-is for any nefarious purpose.  It was also not a complete list of passwords.  Those two omissions leave us wondering what more, if anything, the hackers have: do they have the complete list of all passwords with associated users?  Or did they just find something embarrassing to LinkedIn but with no real value to wrongdoers?

Perhaps those questions will be answered over time, but it was clear that everyone needed to change their LinkedIn password immediately.  That much is common knowledge.

Because the list has “hashed” password (more about that in a minute), it’s not possible to see the actual passwords people used:

But it is nonetheless possible to check to see if a password you know is in the file.

A quick technical diversion: LinkedIn, like most web applications, does not store your actual password on their system.  So then, the question is, how can they tell if you’ve entered it correctly? The answer is that they compute a sort of score for your password, called a hash, and store that.  If the score they saved of your password matches the score of the password you are entering, they let you in.

For a very simple hash function, consider the following.  let’s say you assign every letter of the alphabet a number, starting at 1 for A and ending at 26 for Z.  When someone enters a password, you add up the numbers for the letters.  A password of ABC gets a score of 1+2+3=6.  So they store 6 in their database.  Now, if you enter ABD as your password later, the software adds the letters up, and since 1+2+4=7, there’s no match.  

Now, imagine you, like the hackers, have stolen this file containing all the scores. Just by knowing the saved password is 6 it doesn’t automatically give you ABC.  However — and this is the important part — if you know the score is 6, you can invent a password — for example “EA” — that has the same score (since 5+1=6).  If you were to use EA as a password in this (fictional) scenario, LinkedIn would say your password matches and let you in!

The actual formula used is far more sophisticated, and, as you can see by the sample printout of the leaked passwords, the results are far more complicated.  But, in theory, the two approaches are exactly the same. And, so, with some effort, if the hackers wanted to break into an account, they could generate a fake password that gets the same score as yours without ever knowing your real password.  It doesn’t matter, the fake one will work as well.

As an alternative, the hackers could try a list of common words.  Some people have very simple passwords, and a list of words (called a “dictionary attack”) will uncover some significant number of passwords.  Some hackers even keep a list of pre-hashed dictionary words around (called a “rainbow table”, in non-obvious naming), so it’s faster for them to check common passwords.

Still, how do you know if your LinkedIn password was in the file — when all you know is your actual password? You will have to score your password (or “hash” it as it is really known) and look for that value in the file.  Two big obstacles for most people: figuring out how to compute the hash of their password and then getting a copy of the leaked file to see if your hashed password is in it.

Fortunately, a reputable software vendor who sells password management software (which is a really good idea to use) has built a web site where you can see if your password is in the LinkedIn file.  Their web site is at:

https://lastpass.com/linkedin/

Just because your password is not in the file, should you not find it, does not mean you are safe.  You should assume the hackers have more than they have given out publicly and that they really do have your hashed password.

Once you’ve checked for your password, you could call it a day and move on.

Or, if you have a strange curiosity like I do, you can see that this password file presents an interesting opportunity for a little research into what people use for passwords.  

First, a word about ethics: the file has passwords, but no users.  There is no way you can break into someone’s account using this file (but we presume the hackers know more and could break into people’s accounts, so that’s not a reason to be complacent).  The passwords are completely anonymous.  We have no way of knowing whose passwords these are.  Also, the password file is now out in the open, so looking at it does not represent a subsequent unethical hacking.

With that observation, let me point out that when you visit that web site to check your password, you can invent any password you want and see if it was used.

For example, those of you with a political bent will find that “romney” was used by somebody as a password, but “obama” never was.  “clinton” was used, but “bush” wasn’t.  There’s nothing you can really conclude from that, however.  This is just password voyeurism.

Where it does show some insights into humanity, perhaps, is when you try out phrases that are more personal nature.  Just about anything you can think of (or, I should be more precise, anything I can think of — perhaps my horizons are not broad enough) is in there as a password.  On the plus side, there are plenty of inspiring religious terms I found. “jesussaves” and “john316” (Tebow? That you?). That makes me feel some faith in humanity. On the minus side, well,  I don’t want to repeat some of the more salacious passwords I tried, but HL Mencken was right.  Whatever level of depravity I have, LinkedIn users showed me I’m just an amateur.  I’m pretty sure that I’m out of my depth here and that my imagination pales in comparison to the collective perversity of 6.5 million people.

So give it a whirl if you like.  It’s a kind of “hot or not” of passwords. Again, I want to point out the ethics of this are pretty clear — you are not hacking anyone’s account by doing this.  You are not decrypting everyone’s passwords.  You are not discovering something private about a person.  You are just looking at anonymous information and seeing if passwords you can concoct have been used.  

If you can draw any conclusions from the password file, it is only that a lot of people hate their passwords.  And, yes, somebody used “ihatepasswords” a password.

War on Caterpillars? Is the RNC in Wonderland?

There you are, working as the social media manager at a construction equipment manufacturer, and suddenly your name shows up all over the place on Twitter:

Caterpillar becomes a more popular term on Twitter

Click on chart to enlarge

Backhoe explode? Bad lawsuit?

Nope, the head of the Republican National Committee has compared women to caterpillars and presumably not the ones that run on diesel…

Caterpillar from Alice in Wonderland

Sure, start a war on caterpillars because they smoke? That’s not very Republican…

Since not many caterpillars are on twitter, I think it’s safe to say that there’s a building anger among women (and gentlemen of honor) at the remark.

Both caterpillars and women can be forgiven for thinking they’ve landed in a bad republican wonderland.  Hmmmm … Santorum as the red queen?  Romney as the march hare? He does seem a bit like that, you’d have to admit.