Rebuilding GIStemp Engine and Model Platform

OK, I’ve been low on postings for the last week or so (despite having the weekend to work in and despite having about 50 tabs “open and waiting” to be written up. Why? Well, that’s the subject of this posting… Sometimes you just must take time to work on the tools.

I have an “interesting collection” of hardware. When I first got back to The Lab here, the old Compaq Evo had “had issues” ranging from Mephis scrogging the boot block for the NT partition to a flat out failure (eventually traced to a loose memory stick). I’d gotten all that working (details down that rabbit hole here: https://chiefio.wordpress.com/2015/06/09/wheezy-debian-seems-stable-on-evo-now/ in the ‘tale of woe’ link).

And Debian has been, mostly, stable since the last iteration. I’ve installed a half dozen other windows managers and desktops on it, and a couple seem to be completely stable (so far); though I have still had the odd hang return in my default XFCE choice. All in all, workable as a play space / browser home, but not quite the “industrial strength” stability I prefer for “real work”.

Along the way, I’d bought a $70? dollar XP box at Weird Stuff Warehouse (one of my favorite haunts for old and good-but-cheap hardware). Despite them having a few dozen boxes with Linux already installed, I chose an interesting one that was both 64 bit and XP. Why? Because at the time the EVO was DOA and I thought I might need to just restore the data to a different XP box (as that was the platform / application set it was all working with…). After recovering the EVO, that need diminished (though I still want it as a ‘spare’). My secondary goal had been to make it the “New GIStemp box” with decent FORTRAN compiler and all, running LINUX.

That was where “Tale Of Woe Two” kicked in.

It is an Antek box with an ASUS mother board. I read the label on it (each box at Weird Stuff is labeled with tech info like disk size, memory size, motherboard, OS / Level, and more). I knew what I was buying, or so I thought. AMD Sempron processor. More than enough memory. SATA disk. etc.

What I didn’t know was “That thing that bites me in Linux Land” so often. Of all the motherboards in all the world, this ASUS board had to walk into my bar… It is an ASUS M2V-M with an odd video chipset on it. Turns out most flavors of Linux don’t know about it on their Live-CDs or Live-DVDs. So “no joy” on the “boot and go” for most of them.

That also means no go on the boot then install. It’s back to long-hand land and fixing up the video drivers supported by that release. A somewhat painful old school process I’d rather not do again. So I didn’t. After a cruise through my canonical collection of live-disks (Crunch Bang, Knoppix, SliTaz, Debian, Puppy-several variations, Gentoo, Arch, etc. etc.) there were exactly 2 that came up fine, native, with the right video driver. CentOS and SystemRescueCD.

I’ll spare you the long and painful series of attempts to get something to run from a USB Stick (way too slow and prone to boot one day, not the next, along with CentOS having heavy write activity and will likely burn the USB stick fast. Limited write cycles on USB, after all). As near as I can tell, getting this particular mother board / BIOS / USB set to load the right stuff to get a boot to happen (and being 64 bit in a world of old 32 bit pieces) to actually reliably boot something on USB is “not easy”.

I’d been trying to avoid an install to the hard disk as that is prone to sometimes wiping your old Windoz partitions and / or breaking the boot sector / MBR. (Master Boot Record). I suspect some of the USB fail-to-boot were over things like MBR vs syslinux vs 32 bit vs 64 bit bios/CPU… And I didn’t want that to come up on this hard disk / XP backups copy. But…

For two days I’d worked on getting a very nice CentOS installed to an older Western Digital 111 GB USB disk. Works fine on the EVO. The same 32 bit CentOS Live-CD also boots on the Asus/Antek, so I’d expected it to work there, too. No joy. Could not get it to boot. Not with BIOS settings to boot from USB, nor with Plop Bootmanager. Plop works fine for other things on the Antek/Asus, and works with the WD111 disk on the Evo 32 bit, but not with it on the Antek/Asus.

That was last night and it is a stellar example of my mantra:

“Why? Don’t ask why. Down that path lies insanity and ruin… -E.M.Smith”

Sure, I could spend a few days at it and probably work it out, but I decided otherwise.

CentOS Install Style

CentOS is oriented toward Enterprise scale operations. Big companies. Professional staffs. R&D Labs. It is prone to being fairly stable, highly reliable, and a bit out of date. Little “bleeding edge” here, but lots of “just works”, along with a “tasteful” professional look and feel. Nice. However…

The install process is a bit, um, “authoritarian”. It just KNOWS what you really ought to be doing and it is not about to coddle you with a bunch of choices and silly wrong options and warnings. After all, you ought to have done this 100 times already during your internship…

So the root file system WILL BE EXT4. No debate. No options. Fine on large servers. Chews writes to a USB stick like crazy. ( I had one working from a USB stick on the ASUS, for a while, and it was just bog slow. Painfully so.) EXT3 and EXT4 are journaling file systems. That means they make an entry to disk “I’m going to write file FOO”, then they write it, then they write “I have succeeded and finished writing file FOO”. This makes recovery from surprise shutdowns easier, but at the expense of 3 writes for one block written. USB / SD Cards / FLASH likes to write a large (very large…) block of data all at once, so it will ‘read out the nearby stuff, update the bits in the middle, then write the giant block back’ for a small spot of update. Now multiply that by 3. Just a killer. So while I’d wanted to make root EXT2 to cut those writes to 1/3, that was not allowed.

Similarly, it gives you some disk formatting choices as a bullet list. Blow it all away. Blow away any prior Linux partitions but not the Windows (FAT / NTFS) partitions. Slide some other partition out of the way. A couple of others, and “custom”. BUT custom will not let you make a SWAP partition on a USB drive. Even a real hard disk USB drive. It makes a lot of sense not to swap to flash as the writes will kill it, but not so a real disk on USB. (About a decade and 1/2 ago was my first USB Linux. Swap killed the stick in about a week…) But in a large enterprise they just KNOW swap will be on your large hard disk…

I did find that by using the SystemRescueCD I could build the partitions I wanted (large “/” or root, nice 4 GB swap, and large /home; and it let me shrink the XP partition to about 1/2 the disk without problems). Then, I thought, I can just use the “install to existing Linux partitions” in CentOS and move on.

I was almost right.

The one I chose looked like it meant “I’ll use what you gave me”, but in true “I know better authoritarian” style, it knew better. The good news is that it knew enough to keep hands off the XP partition. (For some reason the ‘move it over’ option didn’t love me, so I’d had to resort to the SystemRescueCD to slide XP over… IIRC it was because the XP partition was not seen as “empty”. CentOS install didn’t look inside the partition and resize it, just wanted to slide things over full sized.) At any rate, I’d gotten past that, had my partitions ready, and said “use them”.

And it did. It sucked up all that disk space, turned it into sizes it liked instead (after all, it knows best…) nuked swap (since it doesn’t think old fashioned real swap partitions are the way to go) and spit out a file layout using Volume Groups…

Now don’t get me wrong. I like Volume Groups; especially in large shops where downing volumes and swapping what lives on which disks are common problems. You can do RAID like things with them and dynamically resize partitions. Lots of good stuff. But for a 1 disk 2 partitions plus swap it is just way overkill. And I would like to have been asked before being reformatted…

Now you can get that layout as you like it (and I’d done so before) using the “custom layout” option. So that looks like the ONLY way to stop it from doing what it wants to your disk or open space. Sigh. It was either “start over with partitioning” or just move on and live with Volume Groups.

I moved on.

Besides, I rationalized, I could use the review / practice with that part of SysAdmin. And on my “someday list” is set up a file server with RAID and networked disks and a cluster and… VG is well suited to that kind of use. Figure I’ll get to it in about 3 more years. Maybe…

Just be advised that CentOS has firm ideas about what to do and often does NOT ask your opinion.

Moving On

That was last night about 2 or 3 AM. This morning at about 9 AM I woke up and “moved in” to the machine. I’ve gotten the WD USB disk to mount onto it, so all the data from archives I’d loaded into that CentOS install are visible. I’ve moved some of the data archives onto hard disk on the ASUS (as for some reason the AUS is surprisingly slow with USB disks (even in Windoze) and keeps nagging me that I can speed them up by plugging into one of the fast ports, that it lists, but any port I try gets the same message… but it’s fast enough for moving stuff and light duty).

Then, about an hour ago, I decided to start building the development environment.

On the old Red Hat 7.2 system that was the GIStemp station, that was a major pain. On CentOS, it was a cake walk. I’d planned to just keep using the Vectra that replaced that old White Box (on the same Red Hat 7.2 release) but that motherboard had the CD/DVD drive fail at some point, so it was deprecated too. Thus the move to something newer.

Instead of finding and downloading Python and FORTRAN language suites / compilers and building them all by hand, it was just one command. Here’s a link to a page saying what to do, the command, and a screen capture or two of the build happening:

The key is to realize you are getting all of the “core development tools” and not just FORTRAN.

http://www.cyberciti.biz/faq/centos-linux-install-gcc-c-c-compiler/

You need to install ‘Development Tools’ group on RHEL/CentOS/Fedora/Scientific/Red Hat Enterprise Linux. These tools include core development tools such as automake, gcc, perl, python, and debuggers which is required to compile software and build new rpms:
[…]
Installation

Open the terminal or login over ssh session and type the following command as root user:

# yum groupinstall 'Development Tools'

That’s it. Here’s the screen shots:

Screenshot of CentOS install during gfortran portion

Screenshot of CentOS install during gfortran portion

Click for a very large easy to read version, but realize there are a lot of windows in that screenshot… The foreground middle right on line (23/82) shows gcc-fortran in the mix. In the left middle part of the panel is that page with the one line command on it. Up top are my tabs and menu bars for CentOS and FireFox (where you can see the first pages I bookmarked ;-) and at the very bottom you can see a bit of a system performance monitor and a terminal window where I was moving a copy of GHCNv3 from USB disk to hard disk.

Now you know my usual working style. Half dozen panels open, with a system status monitor, a “top”, a working terminal, a root terminal, a browser, a background major task, and some foreground task.

Here’s a similar screen cap where it has gotten to the install Perl stage:

Development Tools Install at Perl step

Development Tools Install at Perl step

This mostly shows that it is installing a lot more than just FORTRAN.

In the upper right is the Perl and related tools being installed. Just below it is the upper edge of a terminal window running “top” that shows 46.5% CPU for “user”, and that I’ve used most of the real memory (though much of those blocks now released) and have a 6 GB Swap area with only 84 Meg used. Why 6 GB for a 1 GB memory machine? CentOS decided I only needed 2 GB, and put that on the VG volume anyway. I know I like to have a LOT of tabs open in a browser, and they each take memory, so I’d had a 4 GB real swap partition that it blew away… So I added a file in /usr/SWAP of 4 GB and did a mkswap / swapon /usr/SWAP to get the added space (and show it who was really boss ;-)

I foregrounded the full performance monitor that comes with it. Nice. It shows only 635 MB of memory used while “top” shows 956 MB. They are both right. It has to do with how stale blocks and cache is reported, IIRC.

Finally, at the end of the install, I brought the system config panel to the front to document what the hardware might be.

Dev Tools Install finishes on CentOS

Dev Tools Install finishes on CentOS

And with that, I’m starting a new set of work on GHCN and GIStemp. Don’t know exactly what I’ll start with. There are many directions to go. V1 vs V2 vs V3? Make my own unadjusted composite V0? Compare new GIStemp to old? Who knows.

There will be about a week more of unpacking old copies of the data. Downloading a new pristine copy. Unpacking the old GIStemp sources and build. Cleaning up some old junk (and maybe figuring out again how it worked when I wrote some trick analysis bit of FORTRAN :-) and generally settling in.

I’m also really enjoying having a Real Linux Workstation again as my Daily Driver. The tablet is OK as a ‘read mostly; comment terse’ portable thing at the coffee shop. The Chromebox is a very reliable does-just-enough to do postings straight jacket with guards watching. The XP Evo is, well, XP. And the Debian is comfortable, but I’m a bit wary of things that sporadically hang for no reason; even if mostly fixed now. This box, despite the pain and suffering to reach this point, is acting rock solid.

Not a glitch. Not a hang. Not a slowdown or hiccup that isn’t clearly from my loading it to the hilt with parallel tasks to do.

So, with that, I’m going to shut it down and take a dinner break. (Well, really, a “cook dinner for the spouse who wants The Butler to stop playing with his computer” break…) and come back a bit later to continue unpacking data and code, and maybe in the wee hours of the cool night do my first trial GIStemp compile.

Subscribe to feed

Posted in AGW GIStemp Specific, NCDC - GHCN Issues, Tech Bits | Tagged , , , , , | 4 Comments

Greece, Puerto Rico, the U.S.A., and how a debt crisis happens

There’s a couple of things that interact to cause a debt crisis. IMHO they come directly out of what happens as debt levels get to over about 150% of GDP, and “austerity” measures cause a simultaneous reduction of tax revenues to the central government AND a driving out of businesses and with them employment and that all important GDP.

(It is a terribly flawed metric, GDP, and has a bunch of variations. It also includes a load of crap that has nothing to do with actual production of valuable goods or services; but it is what we are stuck with in the general press. If time permits, I may add a posting on the various ways to measure national production, but I doubt it would help much for this topic, as “the statistics are what they are” and rule of thumb ratios are based on them as they stand. So I’ll be using GDP “unadorned” and without many qualifiers on it, though in reality it needs a boat load of qualifiers and caveats.)

The Usual Metrics

When dealing with what is called Sovereign Debt (debt of a nation, or in prior times, of the king, queen, or other sovereign) the usual way to measure how far in debt a country might be is to make a ratio of the debt to GDP. The idea being that the country makes a load of “stuff” (that Gross Domestic Product) and you want to compare their debt to how much they make every year. So Debt/GDP ratio is “the usual metric” and at 100% you are “tight”, while at about 150% you are pretty much up against the wall.

Now the problems with this metric are legion. Along with the question of GDP vs NNP (Net National Product) as to which is a better measure of production, or do you use DGP raw, or “real” inflation adjusted (with what deflator?); there are a load of things packed into GDP that are not really production. Along with the iconic ‘broken window’ example where breaking a window and fixing it counts as increased production, but no net wealth was created; there are other issues. This article is an easy read that touches on some of them:

https://www.foreignaffairs.com/articles/2014-02-16/beyond-gdp

Aside from “real” GDP being inflation adjusted with a rubber ruler, and things like counting wars and the damage they cause as a positive in GDP, there are a load of other detailed problems with it. But it is the statistic used most.

The assumption is that the “junk” in “real” GDP is, on average, about the same from place to place and time to time so a rule of thumb ratio of it is as good as anything.

What Debt/GDP Today?

The wiki has a nice chart of the world. Pretty much accurate as to who is “having issues”. Just a bit more finesse needs to be added to it:

Debt / GDP ratio shows who is in trouble as of 2013

Debt / GDP ratio shows who is in trouble as of 2013

Click on it for a bigger image.

Now folks love to point to the USA and Japan as deeply in debt, but “no worries” so why not everyone join in the debt fest. IMHO, that’s wrong on a couple of counts. But for the moment, notice the other countries.

Sudan, Eritrea, Portugal, Ireland, Italy, Greece, with honorary mention for Iceland and Spain. Next notice that the graph tops out at 100% of Debt/GDP ratio. The SHTF moment comes in at about 150%, so there’s an important tranche of difference hidden by that cut off.

Japan was about 180% in 2013 and now is about 280%, the USA was at about 102% in 2014. Greece is now at about 170%, but was 150% just a year or two back (despite austerity, this has increased. More on that below.) Italy is 132% while Spain is “only” 98%. While the wiki puts Puerto Rico at about 150% right now.

http://www.tradingeconomics.com/united-states/government-debt-to-gdp

United States Government Debt to GDP 1940-2015

The United States recorded a Government Debt to GDP of 101.53 percent of the country’s Gross Domestic Product in 2013. Government Debt to GDP in the United States averaged 60.81 percent from 1940 until 2013, reaching an all time high of 121.70 percent in 1946 and a record low of 31.70 percent in 1974. Government Debt to GDP in the United States is reported by the U.S. Bureau of Public Debt.

It also includes some nice charts at that link.

So that’s most of the Debtors Row. So “why are Greece and Puerto Rico toast and the USA & Japan OK?”

Three things.

1) Greece and Puerto Rico can not inflate away their debt via currency inflation as they use a currency controlled by someone else.

2) Someone else sets their economic context (laws, regulations, minimum wage rates, etc.).

3) The USA & Japan are not OK.

Let’s take those in reverse order. Japan is moribund. They have a zero interest rate from their central bank (JCB) and it just isn’t doing a thing to make the economy grow. As seen by that 180% to 280% balloon, they are a rapid railroad to debtor’s prison. However, the JCB is floating tons of money into their economy to try to keep it going. Not doing much other than preventing a massive deflation of real estate and stock prices; but since a lot of perceived wealth is tied up in those, that’s enough to prevent a run on the banks and currency flight. For now… Japan also has a strongly cartel driven economy (the Keiretsu System) and strong barriers to entry for foreign competition. This is not very efficient, but can keep things from collapsing even as the growth rate is near zero (or perhaps actually a bit below zero but hidden in the web of happy talk…). Everyone is whistling past the graveyard and nobody is going to touch the money bubble and pop it. Then there is the regulatory environment. It strongly encourages and works with major corporations. You can get a lot of mileage out of easy credit and compliant regulation. Just not enough to cause any real growth.

The USA is almost as moribund. We have, until the last decade or so, had fairly light regulation of industry, and a very low cost infrastructure (roads, rail, power, fuels, etc.) Add in our own ‘near zero’ interest rates and we’ve managed a growth rate of not quite 2% (on average of the last decade or so) and only a tiny bit below inflation (or a medium bit below actual inflation…). We are essentially “Japan Lite” with an attempt to paper over real lack of competitive posture with a flood of paper money. The biggest issues going forward are that our government has gone on a Regulatory Jihad (that kills companies and jobs), and is determined to drive our power and fuels costs to astronomical levels (and road / rail transport with it). Add in that at $1 Trillion or two a year of new debt, that near zero interest rate will be hard to maintain. Stealth inflation is also reaching the point of being obvious and once the inflation demands kick in, the debt service will be lethal. We are in the stage Japan was in just as they went stagnant. Oh, and the government wants to drive the minimum wage up at a fantastic rate, to better drive jobs out of the country.

For item #2, both Greece and Puerto Rico can’t have their own policies to let their economies do what is best. The EU sets policy for Greece, while Puerto Rico has to conform to USA law. So we have a Federal Minimum Wage that is set so high (compared to other nearby countries in the Caribbean) as to drive unemployment sky high in Puerto Rico. Had they their own laws and their own minimum wage and their own regulations; they could attract foreign investment and companies more readily. Furthermore, they could employ their own people in local home grown businesses. (At one time Puerto Rico was fully self supporting for food. Now it’s about 50%. Wage rates too high to justify local farming…)

Finally, currency. For Greece, they can’t devalue their currency to get the prices low enough to attract a load of tourists, nor can they cut the VAT. So “no Greek tour” for me, as I’m not going to pay 23% VAT Tax on an over priced room and meals. Simply put, a free nation can ‘go on sale’ via currency exchange rate cuts and low taxation / regulation and be up to their eyeballs in new companies and business in a hurry. A vassal State is stuck with laws, regulations, tax structures, and currency exchange rates that put it “out of business” compared to the competition. Similarly Puerto Rico. With a Federal Minimum Wage, they can’t “go on sale” and have a low price tourist package (in Euros or $US ) based on a lower priced local peso. Traditionally, countries with too strong an economy have their currency appreciate until their products don’t sell as well, while those countries not doing well “go on sale” compared to the others as their currency inflates. This attracts more sales until the drop stops. But being unable to do that, Greece and Puerto Rico lose business to the nearby countries who can do it.

And it is that “loss of business” that starts the death spiral.

Another Metric: Debt/Taxes

Now a government does not tax away the entire GDP. Tax rates vary. So using Debt/GDP is a bit less rational as that whole GDP is not available to the country to pay the debt. Using Debt/Taxes gives a better idea what the actual ability of the government to service debt really is.

This also gives a bit of clue why Democrats and Socialists love to raise taxes. You get too far in Debt on the OPM (Other Peoples Money) credit card, then just jack up the taxes so that the Debt/Taxes is OK (and screw the GDP ratio, who cares about production anyway…)

The problem, of course, is that GDP depends on a thriving economy, and as you raise taxes “too high”, you drive away businesses and suffer a reduction of GDP; that then leads to a reduction of tax revenues… Oops.

Forbes has a nice write up on it here:

http://www.forbes.com/sites/jeffreydorfman/2014/07/12/forget-debt-as-a-percent-of-gdp-its-really-much-worse/

Forget Debt As A Percent Of GDP, It’s Really Much Worse

/12/2014 @ 10:00AM
Jeffrey Dorfman
Contributor

When central bankers, macroeconomists, and politicians talk about the national debt, they often express it as a percent of gross domestic product (GDP) which is a measure of the total value of all goods produced in a country each year. The idea is to compare how much a country owes to how much it earns (since GDP can also be thought of as national income). The problem with this idea is that it is wrong. The government does not have access to all the national income, only the share it collects in taxes. Looked at properly, the debt problem is much worse.

I collected national debt, GDP, and tax revenue data for thirty-four OECD countries (roughly, the developed countries worldwide) for 2010. The data are a bit old, but that is actually the last year available for government tax revenue numbers. The debt figures are for central government debt held by the public (so the debt we owe to the Social Security Trust Fund does not count) but the central government tax revenue includes any social security taxes.
[…]
A better comparison is to examine each country’s debt to government tax revenue, since that is the government’s income. This also offers a better comparison because different countries have very different levels of taxation. A country with high taxes can afford more debt than a low tax country. Debt to GDP ignores this difference. Comparing debt to tax revenue reveals a much truer picture of the burden of each country’s debt on its government’s finances.

When I compute those figures, Japan is still #1, with a debt as a percentage of tax revenue of about 900 percent and Greece is still in second place at about 475 percent. The big change is the U.S. jumps up to third place, with a debt to income measure of 408 percent. If the U.S. were a family, it would be deep into the financial danger zone.

To add a bit more perspective, the countries in fourth, fifth, and sixth place are Iceland, Portugal, and Italy, all between 300 and 310 percent. In other words, these three are starting to see a flashing yellow warning light, but only three developed countries in the world are in the red zone for national debt to income. The U.S. is one of those three.

This does not factor the several trillion dollars owed to Social Security, yet it includes the Social Security taxes collected. If Social Security taxes are not counted, the U.S.’s debt to income ratio rises to 688 percent (still in third place). This tells you something about the likelihood of increasing Social Security taxes in conjunction with declining Social Security benefits.

Debt / Capita

Occasionally you will see the debt listed per citizen. I actually like that method. It makes it clear just how much of YOUR credit card the politicians have loaded up with crap for their friends.

But that isn’t used much, so I’m not going to do anything more than mention it here.

It would be an interesting “Dig Here!” to compare national debt loads in terms of Debt$/person and Debt€/person and Debt-local_currency/person across national boundaries and see if there are any patterns, but this is not a personal research posting ;-)

Still, at the end of the day, that debt lands on the heads of the individual citizens.

The Death Spiral

Now a naive approach to that problem might well be to just say “Well, then raise taxes!”. The problem with that approach is in some ways part of why Japan and the USA are not (yet) in trouble, yet Greece is.

https://en.wikipedia.org/wiki/List_of_countries_by_tax_rates#Countries

    Country Corp Indvidual Payroll/SSI VAT / Sales
Greece 26-33 22-42 44 23 (16 health and services) Italy 27.5 23-43 49 22 (or 10 on some things) Japan 38 15-50 25.6 8 USA 15-39 0-56 ~16 0-11 Hong Kong 16.5 0-15 5% (pension) 0 Singapore 17 0-20 11.5-36 7

I’ve included Hong Kong and Singapore as two examples of places iconic for their incredibly fast growing and rich economies.

A simple scan of the chart shows that the places with the highest taxes are the ones “with issues” and those with the lowest taxes are those doing fine, thanks. In the middle, the USA and Japan have lower VAT/Sales taxes (so not a wet blanket on consumption spending) along with lower ‘entry point’ tax rates on income for individuals (and also for corps in the USA) and mid-level payroll taxes (so not killing employment entirely).

In essence, the higher tax rates just kill the economy, so the employment rate drops, GDP and tax revenues with it, and those Debt Ratios start to balloon even if NO more debt is added. In short, the economy can do fine with a ‘commensal’ government taking about 20% to 25% and returning it as infrastructure and all. At about the 40% to 45% level, it’s a parasite slowly sucking the host dry, but not killing it; just stagnating the economy. Then, at those insane EU rates (combined at about 30% income, on top of a 45% payroll so 75% round trip, then 22% of the 25% that got to the paycheck taken in VAT… so what’s that leave, about 20% if you are lucky to run the economy? As a rough ‘rule of thumb’.) And folks wonder why EU unemployment rates run up around 25-50% in various categories in those countries…

This, of course, is just a clear example of the impact of The Laffer Curve. Rates are higher, but tax ‘take’ is lower as the victim gets sick and eventually dies…

http://www.heritage.org/research/reports/2004/06/the-laffer-curve-past-present-and-future

President Kennedy proposed massive tax-rate reductions, which were passed by Congress and became law after he was assassinated. The 1964 tax cut reduced the top marginal personal income tax rate from 91 percent to 70 percent by 1965. The cut reduced lower-bracket rates as well. In the four years prior to the 1965 tax-rate cuts, federal government income tax revenue–adjusted for inflation–increased at an average annual rate of 2.1 percent, while total government income tax revenue (federal plus state and local) increased by 2.6 percent per year (See Table 4). In the four years following the tax cut, federal government income tax revenue increased by 8.6 percent annually and total government income tax revenue increased by 9.0 percent annually. Government income tax revenue not only increased in the years following the tax cut, it increased at a much faster rate.
[…]
The Reagan Tax Cuts
In August 1981, President Reagan signed into law the Economic Recovery Tax Act (ERTA, also known as the Kemp-Roth Tax Cut). The ERTA slashed marginal earned income tax rates by 25 percent across the board over a three-year period. The highest marginal tax rate on unearned income dropped to 50 percent from 70 percent (as a result of the Broadhead Amendment), and the tax rate on capital gains also fell immediately from 28 percent to 20 percent. Five percentage points of the 25 percent cut went into effect on October 1, 1981. An additional 10 percentage points of the cut then went into effect on July 1, 1982. The final 10 percentage points of the cut began on July 1, 1983.
Looking at the cumulative effects of the ERTA in terms of tax (calendar) years, the tax cut reduced tax rates by 1.25 percent through the entirety of 1981, 10 percent through 1982, 20 percent through 1983, and the full 25 percent through 1984.
[…]
Prior to the tax cut, the economy was choking on high inflation, high Interest rates, and high unemployment. All three of these economic bellwethers dropped sharply after the tax cuts. The unemployment rate, which peaked at 9.7 percent in 1982, began a steady decline, reaching 7.0 percent by 1986 and 5.3 percent when Reagan left office in January 1989.

Inflation-adjusted revenue growth dramatically improved. Over the four years prior to 1983, federal income tax revenue declined at an average rate of 2.8 percent per year, and total government income tax revenue declined at an annual rate of 2.6 percent. Between 1983 and 1986, federal income tax revenue increased by 2.7 percent annually, and total government income tax revenue increased by 3.5 percent annually.
The most controversial portion of Reagan’s tax revolution was reducing the highest marginal income tax rate from 70 percent (when he took office in 1981) to 28 percent in 1988. However, Internal Revenue Service data reveal that tax collections from the wealthy, as measured by personal income taxes paid by top percentile earners, increased between 1980 and 1988–despite significantly lower tax rates (See Table 8).

Simple and clear proof that they were on the wrong side of the Laffer Curve peak. Cut rates, revenues spike up. Lower rates, higher total tax take.

Now run the other way, raise RATES and you get less REVENUE.

So what is the proposed “fix” for the problems of Greece? Higher VAT, lower pension payments, and lower wages. So what would that do? First off, less spending in the economy as those cuts in pensions and wages hit. That, then, will reflect in lower economic activity, and lower taxable activity. Higher tax rates are the killer, though. Increasing tax rates on an already strangled economy will result in LESS tax revenue. So simultaneously less economic activity to tax, and less “take” from it. That, in a nutshell, is why “austerity” doesn’t work.

What does work? CUT tax RATES. Also let the currency drop to a naturally competitive exchange rate and lower regulatory and compliance burdens. Business booms. Employment spikes up. Overall tax take (Revenues) spikes up, and you can start to retire the debt. Now Greece can’t let the currency drop, as they are in the Euro zone… But the rest can be done. In an ideal world, they would leave the Euro, and have the Drachma inflate relative to it for a while. This would leave wages and pensions constant inside Greece in local terms, but dropping relative to other countries. It would also cause a boom of tourism and exports, until such time as wages naturally started to rise, employment neared 95%, and the exchange rate started to push the Drachma up.

Just run the Debt Death Spiral backwards. Lower tax rates, lower regulatory burden, lower cost basis of doing business (and wage rates in other currencies or via lower minimum wage rate for Puerto Rico – i.e. return to States and The Commonwealth setting their own local minimum wage rates as appropriate). Get on the right side of the Laffer Curve.

As the economy picks up, GDP grows as does Tax Revenues. Both the Debt/GDP and Debt/Taxes ratios get better even without paying off any debt.

It really is that simple. There are dozens of “existence proofs” in economic history. This is neither a new insight, nor an unknown thing.

But What About Keynes?

Keynes had a couple of very important caveats on his observation that flushing cash into the system could hold off or reverse a recession. Those caveats are typically forgotten by politicians (and many current economists too, sadly). The two most important were that the added liquidity could only work for a short period of time, as long as there was a lot of slack in the economy and before inflation got started; then the second, that during times of high growth, the excess tax revenue was NOT to be spent, but applied to retiring the debt from the recession so that it would not be a burden on the economy and strangle it going forward.

So Keynes is fine, IFF you apply all of his requirements. Only “stimulate” for a year or two, and as soon as things start picking up, don’t spend budget surplusses.

I’d also add that “What Keynesian Stimulus giveth, excess regulatory zeal and high tax rates taketh away.” You can stimulate all you want, but if undergoing strangling rules, regulations, compliance burden, and taxes; companies just don’t thrive and often die; leaving no growth, no tax revenues, no jobs, and a Death Spiral. This is obvious in looking at Spain and Greece and comparing them to Hong Kong and the USA of the 1960s. ( Or comparing Illinois and Detroit to Texas and Orlando today.)

In Conclusion

So once that debt millstone is around the neck, it becomes ever harder to “do the right thing” and cut tax rates to grow the economy. Eventually you end up trapped in a parasitized state, with too much economic life blood (money) being sucked out for “debt service” and no longer available to either the productive growth side (investment in capital stock) or the demand pull side (wages paid and then spent to stimulate more growth).

At that time there are often government boondoggles that waste even more money on Subsidy, Crony Capitalism, Public Works, and more in an attempt to substitute even more Government Debt for the natural “demand pull” of wages paid. It doesn’t work. That money comes either from the productive sector, further sucking it dry and driving it away, or from the already too onerous Debt Monster making the blood sucking even worse.

The only “good answer” is to avoid ever getting to that state. Once in that Debt Trap, getting out is very hard to do. Politicians, especially, do NOT want to hear that the answer is to take money flows away from them and leave them in the hands of those much more capable of putting that money to work in a way that grows the economy, grows the capitol stock, grows the employed base, and generally brings prosperity. They especially do not want to hear that their rules, regulations, laws, and compliance are a large part of the problem and need a good pruning too. And they absolutely refuse to hear that they did not pay attention in their one Econ class (or worse, their 10 minutes with ‘the Econ guy’), when Keynes was brought up, and that they’ve got it all wrong: it is NOT a free ride print all you want monetary stimulus always works… Then Lord Help You if you try to get them to understand that raising tax RATES is going to result in less money for them to spend as tax REVENUES fall.

But all is not lost. It is possible to get out of the pit. Unburden businesses. Cut the red tape (and with it, the size of deadweight government employees causing that red tape and tax burden). Let wage rates set themselves near a full employment level. Let the currency float to its natural level. And for God’s sake cut employment taxes and income taxes to the right side of the Laffer Curve. Oh, and get about a 2 to 3 year “Grace Period” from your lenders to let the system cycle and provide the revenue needed to start paying the debt down. IFF they say no, well, as a Sovereign Nation you can just default and move on. Since the whole idea is to reduce debt, you won’t be taking on more debt for many years anyway. Just let them know that you will be paying the debt, with interest, as the recovery kicks in.

Subscribe to feed

Posted in Economics - Trading - and Money, Political Current Events | Tagged , , , , | 11 Comments

Rabbits, E.Cuniculi, and A Rewarding Moment From Cure

Running a blog is an interesting experience in blind hope. You hope people read. You hope the product is good and useful. You hope someone finds something of interest in it.

Every so often there’s something that says that “hope” was justified in some small way.

I just had one of those moments.

I’d posted about 4 years ago about my experience with a sick bunny, a particularly horrid little parasite, and the lack of clear effective treatment guidelines (even from my Vet who just wanted to ‘do the usual’ that was known to not work all that well); then what had worked really well for me:

https://chiefio.wordpress.com/2011/06/16/encephalitozoon-cuniculi-rabbits-cure/

Well, time passes, and I’d had one person ask about using it (in comments on that thread, I think) but never heard much positive or negative since. Then I got this rather wonderful email. I’ve redacted the poster information as I’ve not asked permission to post this. I also replied, and had a followup response from them. It is all posted as one chunk.

From: Scott
Subject: Ivermectin/fenbendazole cure for cuniculi infection in wabbits
To: Me

Just wanted to say that we’re pursuing this treatment after reading your writeup on it from more than a decade ago. We have Flemish Giants, and our most senior buck just recently showed a few signs of cuniculi attack. We tend to have lots of vet-grade medication around here, so we started him with albendazole (Valbazen®) and ivermectin, as well as injected Baytril just on the very off chance pasturella was involved (it isn’t), and last night treated him also with fenbendazole (Panacur® horse dewormer paste from the tractor store). Well, he slept a lot, then, this afternoon, blew a truly monumental plug of goo out of his ass, and now has much better coordination and muscle strength in the one leg that was most affected, to where he can now sit up and get around better than he was doing this time yesterday.

Just wanted to let you know this seems to have some real merit. The vet tends to stick with Baytril and Valbazen, but that stuff gets expensive for a 20lb wabbit.


Scott

From: Me
Date: Sat, 27 Jun 2015
To: Scott
Subject: Re: Ivermectin/fenbendazole cure for cuniculi infection in wabbits

Thank you for letting me know that it has been of some benefit.

Hopefully your long eared furry friend is still doing well!

E.M.Smith

From: Scott
Subject: Re: Ivermectin/fenbendazole cure for cuniculi infection in wabbits
To: Me

The recovery has been quite spectacular. I’d lost a few big wabbits and a couple small ones to cuniculi over the years, and I always suspected there should be a better way to handle it.

Scott

I think Scott saw the 2011 as 2001 but it really was only 4 years not ‘over a decade'; and he used a wider ‘cocktail’ than I’d used; though, IMHO, the Baytril is only useful as a ‘maybe there is a bacteria too’ shot in the dark; and fenbendazole and albendazole are from the same family and really kind of redundant.

But to the point: It worked, and a large fuzzy bunny is back to having a good day. Nice to know, and if one person wrote, there likely were many others who didn’t. (Though, in fairness, I had about a 1 year mail outage / loss about 2 to 1 years back – damned AOL… so many folks might have written and I’d note know. But mail is working now…)

With that, have a pleasant day and think of happy bunnies ;-)

Subscribe to feed

Posted in Biology Biochem, Human Interest, Science Bits | Tagged , , , , , , , | 3 Comments

Unstable Electricity and Higher Costs Causes…

All over the world the Green Blob and the Global Warming Theorists are pushing for schemes that decrease the reliability of electricity and increase the costs.

What happens when that happens?

I think there are two “existence proofs” at the moment that illustrate it exactly.

Pakistan

First up, a “heat wave” in Pakistan. I’m sure the Global Warming Theorists will try to paint this as some kind of AGW Caused Horror. But what does the news report?

http://www.bbc.com/news/world-asia-33251100

From the BBC, so we can be sure that they are unbiased in favor of Natural Weather POV… Bold bits mine.

Pakistan heatwave: Death toll over 800 in Sindh

24 June 2015

The death toll from a heatwave in Pakistan’s southern Sindh province has passed 800, hospital officials say, as mortuaries reached capacity.

At least 780 people have died in Karachi, BBC Urdu reported. Another 30 deaths were reported elsewhere in the province, state owned PTV said.

The Edhi Welfare Organisation told AFP that their mortuaries had received hundreds of corpses and were now full.

[…]

On Tuesday as temperatures reached 45C (113F), Pakistan’s Prime Minister Nawaz Sharif called for emergency measures, and the army was deployed to help set up heat stroke centres.

Temperatures in Karachi have dropped to 34C (93F) thanks to wind from the sea but there is anger among local residents at the authorities because days of power cuts have restricted the use of air-conditioning units and fans.

Karachi resident Muzzafar Khan told the Associated Press: “The electricity hasn’t been working since seven this morning and even during the night there were frequent breakdowns.

“We are forced to sleep in the streets. Ours are small houses; the power supply cables get damaged frequently and nobody is dealing with this situation.”

Matters have been made worse by the widespread abstention from drinking water during daylight hours during the fasting month of Ramadan.

(For Serioso, here is a link to the NYT version of it. Even though their page load goes on forever and it still ‘spinning’ even now.)

One immediate “take away” is that last line. Abstaining from water for religion during a ‘heat wave’ is a bad idea…

But lets look at the temperatures. It was 113 F and dropped to 93 F when the wind started up. I grew up in that kind of heat. Typically I’d say “It’s 110 in the shade and there ain’t no shade” to describe it. The warmest I personally remember was a 117 F day in Marysville, California. Oh, and we did not have an A/C until I was about age 12 or so (maybe older…). Typically we used a swamp cooler, or just sweated it out. BTW too, we often went out running around and playing outdoors in that heat. Oh, and did I mention that I worked in the warehouse of a peach cannery where cans from the cooker went overhead (240 F exit temp) and fork lifts blew radiator heat on us and there was no A/C? Sweat runs off you like a waterfall…

August was the worst. Often up in the 110 F+ range. One August I painted our entire 2 story house. Many days were spent a bit dizzy and flushed red… eventually I learned to paint only in the mornings, not in the noon-afternoon window.

The point is that I’ve lived in exactly that kind of heat. It is relatively normal in much of The West, including California. But A/C and/or a fan helps A LOT! And when folks are used to having a fan, and are not very well hydrated, loss of electric power can be lethal.

And that is why the locals are restless about the power cuts. They know that it is the power outages that’s harming them and that the weather is “typical” even if cyclical. Clearly laying blame at the feet of those responsible for the unreliable electric supply.

Hot weather is not unusual during the summer months in Pakistan, but prolonged power cuts seem to have made matters worse, our correspondent reports.

Sporadic angry protests have taken place in parts of Karachi, with some people blaming the government and the city’s main power utility, K-Electric, for failing to avoid deaths, our correspondent adds.

The prime minister had announced that there would be no electricity cuts but outages have increased since the start of Ramadan, he reports.

The all-time highest temperature reached in Karachi is 47C, recorded in 1979.

I note that they are still 2 C lower than the record, and that is from early in the warming out of the 70s New Little Ice Age Scare. (So much for “warmest ever”…)

Note, too, that the people are having “angry protests” and they are aimed squarely at those in the government and the utility company. Anyone pushing for electricity prices to “necessarily skyrocket” and for grid instability via too much wind and solar ought to keep that in mind.

I would also point out that when California had unstable electricity thanks to the works of Democratic Gov. Gray (out) Davis; we recalled his ass and tossed him out; effectively ending his political career. The wiki tries to pretty that up with statements about him fast tracking a power plant build and trying to blame Enron. The simple fact is that Enron could only exist because of the idiotic law Democrats passed that mandated we buy all electricity on the “spot” market and could not enter long term contracts nor could the power company own generation capacity.

Davis’ second term, which lasted only ten months, was dominated by the recall election. Davis signed into law several controversial measures during the closing weeks of the recall campaign, including one granting drivers’ licenses to illegal aliens. Davis also signed legislation requiring employers to pay for medical insurance for workers and legislation granting domestic partners many of the same rights as married people. He vetoed legislation that would have given undocumented immigrants free tuition for community college. Many of Davis’ opponents were furious over the signings of these measures so late in his administration. Some political observers see these efforts as an attempt to reinforce support from Hispanics, labor union members and liberal Democrats. Ultimately, Davis did not have as much support from Hispanics and union members in the recall election as he did in his 2002 re-election.

And despite handing out political favors like chocolates, he still got a kick out the door. Politicians: Keep that firmly in mind. Mess with the A/C and TV Sports, you are “Outta There!”…

Armenia

Yes, Armenia. (No, not all Armenians live in the USA now… {A Firesign Theatre Joke…})

So there, electricity prices went up. What happened? Oh, nothing much, just riots. In the capital. Hey politicians, want riots in your front yard? Jack up electricity costs…

http://www.ndtv.com/world-news/armenia-police-disperse-protest-over-power-price-hikes-774382

Yerevan, Armenia: Riot police in the Armenian capital early today used water cannon to disperse several hundred demonstrators protesting a government hike in electricity prices, an AFP journalist reported.

On Monday some 4,000 protesters marched towards the presidential palace to protest against a 16-per cent hike in power tariffs for households, accusing President Serzh Sarkisian’s government of failing to stem poverty in the landlocked Caucasus nation.

Several hundred people remained overnight, holding a sit-in and blocking traffic.

Scores of riot police moved to disperse the demonstrators in the early morning hours today, beating some with rubber batons and shooting water cannons to force the crowd to leave.

Dozens of people were detained and plainclothes police beat journalists, destroying or confiscating their equipment.

So, all you journalists pushing the Green Blob higher electricity agenda, you might want to think about the end game of beatings and broken equipment.

Also note that it was “just” a 16% hike in prices. Here in the USA or even in the EU, that will likely not cause a riot. Then again, we’re talking more like 100% (a doubling) planned in the tariff increases already in the suggestion box.

In Conclusion

I think it’s pretty clear what the take away is here. But I’m going to spell it out for those who need it clearly stated.

When the electricity goes unstable and / or the price starts rising too much:

1) Politicians are blamed. Some of them lose their jobs. Others have a worse fate waiting.

2) Some people die. Their families are prone to anger…

3) Riots happen. Folks get angry even over just the price. Journalists can be beaten, their equipment broken. Any politician is likely to become “fair game” to the mob.

4) Angry mobs in riot are not prone to productivity and the entire economy suffers (see current events in Greece…). Not a lot of money is made off of an angry mob in riot.

5) See point #1 above. Notice that in Greece the power was shifted to someone more in line with the mob. Remember that “tar and feathers” or just “pitchforks” or their modern equivalent are always available.

With that in mind, I would strongly suggest that anyone advocating for a “necessarily skyrocket” electricity price plan; or even just one with a “double” as planned for California right now; or even just one with over 20% solar and wind where the grid goes unstable (like in Germany right now with Polish reaction.); really really needs to think again.

The consequences are likely to be far worse than expected. And not just for the folks on the buying end of electricity.

Posted in AGW and GIStemp Issues, News Related | Tagged , , , | 16 Comments

VeraCrypt – A TrueCrypt replacement / follow-on

Some time back, I’d been using TrueCrypt for many not-too-important file saving uses. (i.e. nothing that a TLA Three Letter Agency would care about and nothing that would cause legal issues- just junk I’d rather not be stumbled on by ‘randoms’ without my consent). Then TrueCrypt tossed in the towel with vague mumbles about not enough people paying enough money and there being some kind of security exposure.

IMHO, that exposure mostly extended to the “full disk encryption” with blockage from the OS seeing it without the key entered. With the advent of UEFI there was an attempt to prevent anything other than the approved licensed OS being “runable” on any given hardware.

Plausibly a valid security tightening as it prevents people like me from booting hardware with a Linux CD and looking at the disk. But decent real disk encryption would make that pointless anyway. Preventing the use of “Rescue CDs” is far more damaging than the gain, IMHO. Then again, I’ve had to rescue systems for a living before so it’s kind of important to me.

So time has passed and folks have found ways to make UEFI a bit more livable (like enabling “legacy boot” and using other BIOS systems). But still, IMHO, it needs a bit more proof of security. Having a very fat black box sitting between me and the hardware makes for a bit of worry as to what has been snuck into it.

That aside, the general security of TrueCrypt was “good enough” for most things, and I’ve continued using the old code. The download site had gone to a broken version that would only decrypt, so new users were SOL unless they found an old version somewhere.

Time Moves On

As is the way of things in Open Source, someone picked up the old TrueCrypt sources and took on the work of moving it forward. Things of modest use become dead hulks, lurking on archives once abandoned. Things with a real following have someone “step up to the plate”.

So a new follow-on product is out there. VeraCrypt. Based on the TrueCrypt sources, but with a bit of improvements. From what they say abou the ‘vulnerability’ of the older TrueCrypt, it was still secure against most medium scale attacks.

I’ve downloaded VeraCrypt (including source code) but not unpacked or used it yet. In time I will. Right now I’m in the ‘pack-rat and ponder’ stage. ;-) But for anyone feeling abandoned on TrueCrypt, it looks like a desirable upgrade.

The home page is here:

https://veracrypt.codeplex.com/

It is amusing as the product is from France, but the text is English while one of the donate buttons is French. I like Franglish, but rarely run into it. ;-) Noted, too, is that the French have in some ways stimulated the motivation lately

Project Description

VeraCrypt is a free disk encryption software brought to you by IDRIX (https://www.idrix.fr) and that is based on TrueCrypt 7.1a.

Donate to VeraCrypt Faire un don à VeraCrypt Spenden für VeraCrypt

Donate with Bitcoin

VeraCrypt on Facebook VeraCrypt on Twitter

Coverity Status

Windows / MacOSX / Linux / Source Downloads

Online Documentation (click here for latest User Guide PDF)

Release Notes

Frequently Asked Question

Android & iOS Support

Contributed Resources & Downloads (PPA, RPM, ARM, Raspberry Pi…)

There is also a wiki:

https://en.wikipedia.org/wiki/VeraCrypt

VeraCrypt is a source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 8 with UEFI or GPT) the entire storage device with pre-boot authentication.

VeraCrypt is a fork of the discontinued TrueCrypt project. It was initially released on June 22, 2013 and has produced its seventh release (version 1.0f-2) as of April 2015. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.

I note that they recognize the Windoze 8 / UEFI problem / PITA. Windoze 8 – Just Say No. What are the security things changed?

Security improvements

According to its developers, VeraCrypt has made several security improvements over TrueCrypt.

While TrueCrypt uses 1000 iterations of the PBKDF2-RIPEMD160 algorithm for system partitions, VeraCrypt uses 327,661 iterations. For standard containers and other partitions, VeraCrypt uses 655,331 iterations of RIPEMD160 and 500,000 iterations of SHA-2 and Whirlpool. While this makes VeraCrypt slightly slower at opening encrypted partitions, it makes the software a minimum of 10 and a maximum of about 300 times harder to brute force. “Effectively, something that might take a month to crack with TrueCrypt might take a year with VeraCrypt”.

A vulnerability in the bootloader was fixed on Windows and various optimizations were made as well. The developers added support for SHA-256 to the system boot encryption option and also fixed a ShellExecute security issue. Linux and Mac OS X users benefit from support for hard drives with sector sizes larger than 512. Linux also received support for the NTFS formatting of volumes.

Due to the security improvements, the VeraCrypt storage format is incompatible with that of TrueCrypt. The VeraCrypt development team believes that the old TrueCrypt format is too vulnerable to an NSA attack and thus it must be abandoned. This is one of the main differences between VeraCrypt and its competitor, CipherShed, as CipherShed continues to use the TrueCrypt format. However, beginning with version 1.0f, VeraCrypt is capable of opening and converting volumes in the TrueCrypt format,

OK, old TrueCrypt was not NSA proof. If they are on your butt, using TrueCrypt is the least of your worries. It will still be local ‘enforcement’ proof and certainly “anybody without a ton of money and skilz” proof. But VeraCrypt has gone ahead and moved things down the field with ever more “rounds” to make unscrambling harder and with some fixes for full encryption boot time operations. (that I wasn’t using anyway).

Now that it has added support for converting TrueCrypt volumes, I’m likely to move over to it. (Not that it is hard to open both at the same time and drag / drop… but converting a few Gig of old crap is not high on my life goals for the day…)

If using a Mac, you need FUSE to use it:

https://osxfuse.github.io/

Concerns

The list of security concerns are pretty few and mostly involve the fact that if the machine can be compromised, software can’t do much.

Security concerns

VeraCrypt is vulnerable to various known attacks that also affect other software-based disk encryption software such as BitLocker. To mitigate these attacks, the documentation distributed with VeraCrypt requires users to follow various security precautions. Some of these attacks are detailed below.

Encryption keys stored in memory

VeraCrypt stores its keys in the RAM; on an ordinary personal computer the DRAM will maintain its contents for several seconds after power is cut (or longer if the temperature is lowered). Even if there is some degradation in the memory contents, various algorithms can intelligently recover the keys. This method, known as a cold boot attack (which would apply in particular to a notebook computer obtained while in power-on, suspended, or screen-locked mode), has been successfully used to attack a file system protected by TrueCrypt.

Physical security

VeraCrypt documentation states that VeraCrypt is unable to secure data on a computer if an attacker physically accessed it and VeraCrypt is then used on the compromised computer by the user again. This does not affect the common case of a stolen, lost, or confiscated computer. The attacker having physical access to a computer can, for example, install a hardware/software keylogger, a bus-mastering device capturing memory, or install any other malicious hardware or software, allowing the attacker to capture unencrypted data (including encryption keys and passwords), or to decrypt encrypted data using captured passwords or encryption keys. Therefore, physical security is a basic premise of a secure system. Attacks such as this are often called “evil maid attacks”.

Malware

VeraCrypt documentation states that VeraCrypt cannot secure data on a computer if it has any kind of malware installed. Some kinds of malware are designed to log keystrokes, including typed passwords, that may then be sent to the attacker over the Internet or saved to an unencrypted local drive from which the attacker might be able to read it later, when he or she gains physical access to the computer.

Trusted Platform Module

The FAQ section of the VeraCrypt website states that the Trusted Platform Module (TPM) cannot be relied upon for security, because if the attacker has physical or administrative access to the computer and you use it afterwards, the computer could have been modified by the attacker e.g. a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying the computer, VeraCrypt will not support TPM.

Security audits

An independent code audit of VeraCrypt is currently in the initial planning stage.

VeraCrypt is based on the source code of TrueCrypt, which passed an independent security audit. Phase I of the audit was successfully completed on 14 April 2014, finding “no evidence of backdoors or malicious code.” Phase II of the audit was successfully completed on 2 April 2015, finding “no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.”

OK, so when you shutdown, SHUT IT DOWN. Don’t go to sleep mode. Similarly, don’t always decrypt everything. Leave encrypted file systems encrypted and only decrypt at the time of need. Heck, for things I care about, the disk isn’t even plugged into the box until needed, then the container only decrypted when the network is shut off. Anyone remote can see a generic computer. “The Air Gap Is Your Friend” rules.

Finally, if you are worried about someone dunking your laptop into liquid nitrogen inside a minute or two, you have bigger issues to deal with. A “dynamic no-knock entry” with flash-bangs for example. If that level of “issue” is involved, you need a physically secure fortress in which to operate to give you the couple of minutes needed for a wipe / shutdown. ( I suggest a thermite box to toss it into and light off. Have an oxygen bottle labeled “Fire Extinguisher” and painted red hanging next to it… )

For my purposes, that level of “exposure” is way overkill and out of my league / needs.

Oh, and if you are worried about a buggered OS, you ought to make a CD / DVD / USB drive of Linux and only use that to open the encrypted containers. At that point a hardware key logger is still an exposure, but unless you are a drug dealer or worse it is highly unlikely someone is “in your house” and only installing a replacement keyboard cable with key logger built in. (OTOH, now you have a bit of clue why I have a dozen different computers I work from and rotate the stock regularly ;-) Someone want’s to try finding a specific off brand of pre-PS-2 AT connector keyboard with just the right coffee stains on it; well, go right ahead ;-)

So I find this level of “exposure” fine for anything short of being an international spy. But those folks have their own Q to support them.

Realize that an email can be kept fairly private just by encrypting it in a file and sending that as an attachment. If the outer email is then further encrypted with something like PGP, well, it’s going to frustrate the hell out of most folks trying to get into your stuff. The advantage of the file attachment approach is that it does not require the recipient to have a matching email / encryptor set. Just the skill to download and install public software aps. (Someday PGP email will become ubiquitous. But I’m still trying to pick one for me. Until then, the encrypted attachment is useful.)

With that, enjoy the enhanced privacy.

Posted in Tech Bits | Tagged , , , , | 1 Comment