Progressive Taxes

I used to be of the opinion that we should have flat taxes, either amount-wise or percentage-wise. That is, after all, the mathematically fair solution if you divide on total money taxed.

There are two obvious, killer problems with that, though. One, it severely hurts poor people. 50% of $1 is a lot more than 50% of $1000 if those two amounts are all two people have, but the cost of a loaf of bread is still 99 cents and so one person has to go hungry. The second problem, is that the government then doesn't have enough income to support itself unless the percentage is so high. (And as you raise the percentage, the poor suffer more and more.)

So the crafters of our tax laws realized these two problems, and they went a step further by introducing tax brackets. You pay 20% on all income under $X, but every dollar you make above $X, you might get taxed 30% until you hit $Y, and so on. Obviously someone with $1000 does not need $1 as much as someone who only has $2 and wants a gallon of milk, so the idea of the tax bracket again makes sense if you want to ease the suffering of the poor.

See Full Post and Comments

Attacking Mere Employees Doing Their Jobs

"I quarrel not with far-off foes, but with those who, near at home, co-operate with, and do the bidding of, those far away, and without whom the latter would be harmless." ~Thoreau

In the post-war Nazi trials, soldiers would justify their horrible actions as just "following orders." Employees of big corporations do less horrible but still offensive actions and justify them by saying "I'm just doing my job." (Recent case in point: TSA Agent frisking a 6 year old girl.)

Through the Milgram experiment, psychology tells us that these people may even have a point. For whatever reasons, we evolved to respond differently to authority than we might under our own direction. Can we really blame these perpetrators for their actions when they're just victims of the same human malfunction we all have?

See Full Post and Comments

A new favorite equation?

In my differential equations class, we noted the function:
[math]f(x) = e^{-x^2}[/math]

and how it looks really neat when plotted, but in a normal calculus course you'll probably be told that you can't integrate it. We then noted that:

[math]\int_{-\infty}^{\infty} e^{-x^2} dx = \sqrt{\pi}[/math]

See Full Post and Comments

What's that shiny thing over there?

Why it's High Level Language Computer Architecture and building an FFP Machine in Verilog! Here to distract me away from databases.

School's winding down, only four weeks left to go. For a final project in a verilog class I'm going to try and implement a FFP machine architecture, and if I have the time make a Scheme to FFP layer since, while FFP is basically just Scheme with <'s and >'s, Scheme is better.

I'll still be reading about the database when I can and hopefully I'll have a couple blog posts up about it by May at latest. At least I'll be able to share the results of the FFP Machine attempt, since my grade depends on it getting at least mostly working! I'll also give a link dump at some point to all the sources I've found that may be interesting to someone else.

See Full Post and Comments

Let's build a database!

As I may or may not have mentioned, I work with LucidDB in my day-job. It's pretty awesome, and I've learned a lot, though the underpinnings of the database architecture itself are still fairly mysterious to me. I would wager there are some low-hanging fruits in the C++-based Fennel core that could result in significant speedups of certain queries, but it's a complicated code base that it's confusing where to begin.

So! In order to better my own understanding of databases in general, I'm going to build a Persistent Almost-Relational Object Database sYstem. If you're intimately familiar with database literature, perhaps you recognize the PARODY acronym from the book C++ Database Development. Indeed, I recently bought the 1994 book for $4 (with free shipping) off Amazon. It even came with a floppy disk!

The book grants liberal usage of the code, so long as it's not republished somewhere. Since I'm going to use Python instead of C++, I can avoid this restriction. (Also, I like Python way more, and since this is going to be more of a toy database I don't think the performance penalties of Python really matter.) You can follow my progress on my GitHub account's project page (I'm calling it PARODPY), and I'll occasionally blog about my progress, explaining things (largely to myself, as this is foremost an educational experience) in a similar manner to the book. For particularly interesting bits of C++ code I may show a comparison to the Python, and I'll be relying on fair use laws and the fact that it's from 1994 to protect me from any evil thoughts the author may have about his work being discussed. :)

See Full Post and Comments

Google Analytics Go!

For whatever reason, my Non-Violence for a modern world post is my most popular post. Yet oddly, my AWStats shows the hit is on the ID based url of 72. Yet Google can't find any link: references to it.

So I'm adding in Google Analytics, because hey, data is useful and I'd rather have data than remain ignorant.

This does bring me one step closer to hypocrisy, however. See, I use NoScript, and I don't allow Google Analytics to track me. Oh well. I can still promise this blog will never have ads.

See Full Post and Comments

Spring Security: basic auth custom message passing

I don't like Spring Security. Nevertheless, it's what I'm using for an application, so I had to learn more about it than I cared for. Let me describe my scenario, and my wishes.

Using basic authentication means sending some sort of authentication token up to the server with each request. This has some downsides, notably sending the password in the clear (it doesn't matter if it's base-64 encoded) every request. While yes sending a session cookie or some other identifier has the same risk of being sniffed in the network, at least when someone hijacks your session they don't also know your password that you might use for other services. This is why sites should ask for the old password before letting you change to a new one.

I wanted to bypass sending the password, and instead pass a UUID. I'm also sending a hashed version of the password (just for the first login request) and its salt, by first hashing it in the same way the server hashes new passwords and letting the server hash the stored database hash with the sent salt and compare with the double-hashed password. I need the UUID because I want unique, persistent database connections for each session rather than each user. The application I'm working on allows for a user to be logged in from multiple places, indeed possibly from multiple users, and I want a separate, distinct DB connection for each of them even if they are using the same database username.

See Full Post and Comments

Older Posts Newer Posts