Wednesday, October 24, 2018

2018 Midterm Election

While midterms are hardly the most exciting ballots, we have a few interesting initiatives this time around.

But, the news for me this time around... the lack of news! The major news outlets, in an attempt to retain their integrity and their revenues, have taken to paywalls. Regional news organizations like the Times and the Herald are hiding their articles behind subscriptions, including their endorsements! While I appreciate the need for these organizations to stay afloat in the era of the Internet, their content is over-priced and over-bundled. By hiding their editorial endorsements behind their paywalls, they surrender any credibility as political influencers, or the privilege of acting as trusted intermediaries of voters.

Guess I'll have to rely on Ballotpedia. *sigh*. I'll decline to include any paywall links in this article, no matter the relevance.

As usual, I don't respond to advisory votes because they're pointless, nor positions lower than State Legislature because voting on bureaucrats is ridiculous.

I-1631 - the carbon tax
It's another try at a carbon tax. Unlike last time with I-731, it's not revenue neutral - it's a fee, and the money will be invested in clean energy, and offsetting cost impact in low-income communities. Unlike a tax, the money can't go into the general fund (which Washington's lesiglature would eagerly waste). We give up the sales tax reduction of I-731, but the expected increase in consumer energy costs is also predicted to be much lower (eg. an increase of $0.14/gal for gas vs. $0.25/gal).

Climate change is strongly supported by science, and the recent UN report makes it clear that change is needed urgently to prevent a catastrophic increase in planetary temperatures. A carbon tax may not be the best idea, but appears to be the only idea so far. Presumably why we keep having initiatives on them.

Bill Gates says yes. You know, the billionaire philanthropist trying to cure polio and stuff. He knows a thing or two.

Rob McKenna, our former Attorney General, says no. But he forgot to mention - he works for Chevron now. Skeeze!

I'd have preferred I-731... but I'll accept this.

** YES **

I-1634 - banning a "grocery" tax
They don't want to prevent all tax on "groceries", they just want to make sure no local jurisdiction can pass a tax that unfairly applies to just "groceries".

Oh, and "groceries" is soda. Just soda. This is about nothing more than preventing future soda taxes. They're trying to lock down any local jurisdiction that would dare to copy Seattle.

Diabetes is bad. And sin tax works, as illustrated by every cigarette tax ever. And dishonest campaigns get voted against on principle.

** NO **

I-1639 - gun control
This was a hard one for me. I'm very pro gun control. Guns are fun, and we should all go shoot paper zombies now and then. But it's entirely reasonable to jump through a few hurdles to prove I can do so safely (or at least I will be able to do it safely once I complete the proposed mandatory safety training). I would also have to be realllllllly dumb to store my gun somewhere where an intruder (or my preschooler) could get at it, and I wholeheartedly support prosecuting those that do.

But ugh, some parts of this law are dumb. Gun registries are known almost exclusively for their spectacular failures. Mandating "guns are dangerous, mmkay" language is just... weird... but I suppose harmless. I really don't like the age-based restrictions - if you have proper vetting systems in the first place, rely on them rather than blindly painting every teen as a school shooter waiting to happen.

I could go either way, but the downsides of the bill seem like mostly harmless chaff. Gun control could make us safer, and I will still be able to get assault rifles easy enough, because I'm good at paperwork.

**YES**

I-940 - police accountability
There's some training in there as a distraction (lol... first aid? really?), but the actual meat of the initiative is removing the "malice" requirement for prosecuting police use of deadly force, and requiring independent investigation into incidents of deadly force.

The new standard seems plenty strong still. There's a two part test - what a reasonable officer would have believed necessary, and a good faith belief by the officer that deadly force was warranted.

Accountability is good in general, especially when it comes to killing people. If police don't want more accountability, they should probably stop killing so many unarmed suspects.

**YES**

Snohomish County Prop 1 - 911 Tax
This makes me mad. We pay for 911. At least in our wireless bills, probably in a few other hidden places too.

But they want more money... and they want to do it with a sales tax... the most regressive possible way to tax. WHY?

... but 911 needs to work. So, I'll wave the finger of shame firmly at the County, plug my nose, and accept this.

**YES**

US Senate
Maria Cantwell (D - incumbent) vs Susan Hutchison (R)

Great article on the debate from KING5.

If you're going to warn about "junk science" in the climate change debate, that's a deal breaker.

In housing, Cantwell is advocating to build more supply. Please, do this. Hutchison is blaming government red tape and permitting fees, not nearly as credible.

**Cantwell**

US Congressional District 2
Rick Larsen (D - incumbent) vs Brian Luke

I say this every two years. Rick Larsen is brilliant and stands for all the right things, and has been doing so since 2001. Healthcare, transportation, education, STEM. Though less publicized this time around (we seem to have bigger problems), he continues to be a strong advocate for campaign finance reform.

Brian Luke seems like a classic Libertarian. Anti-debt, anti-foreign-military-deployment, anti-regulation. Honestly, these are not bad things if executed honestly; but that is unlikely if he has to work with the Republican party.

**Larsen**

Washington Senate LD21
Marko Liias (D - incumbent) vs Mario Lotmore (R)

At first, I was actually interested in Lotmore, notably for his statement's support for STEM and multi-family housing.

.. his website fixed that. Anti-transit (he's probably right, but we can't just give up and drive SOVs forever). Support for I-1634 (banning soda tax). General fiscal hawk. A bit too 2nd amendment happy.

**Liias**

Washington House LD21.1
Strom Peterson (D - incumbent) vs Amy Schaper (R)

Social conservatives are generally a hard pass for me, and this is the hardest of the hard passes. Schaper is anti-LGBTQ in as many words, anti Planned Parenthood, anti-contraception. Add standard Republican fiscal conservatism just in case this wasn't already clear boat full of fail tacos.

**Peterson**

Washington House LD21.2
Lillian Ortiz-Self (D - incumbent) vs Petra Bigea (R)

Whenever I make notes on Ortiz-Self, the word "boring" ends up being associated with her platform. As far as I can tell, she mostly makes her name supporting teachers' unions.

But Bigea has the classic "taxes are the source of all our woes" so popular with the Republican candidates.

Sometimes I wish Legislative District 21 would actually have something interesting to say...

**Ortiz-Self**

Thursday, July 26, 2018

What are "Titan keys" and why would I want one?

Google recently announced their "Titan Security Key", that's grabbed some headlines [CNET]. But what is it, and why is it a big deal?

To talk about security keys, one must first understand multi-factor authentication. Each "factor" is a way to prove who I am to somebody who wants to provide me a service.

What I know! I prove who I am because I know a secret that only I should know. Passwords are the common example of this, as well as their cousin, PIN numbers. The weakness is that secrets are hard to keep, and easy to duplicate. Anyone who discovers my password can pretend to be me.

What I have! I prove who I am because I possess something that should belong to me. Credit cards work this way - if I have the card, I can swipe it and make a purchase - sorry, nobody ever looks at the signature. It's usually harder (but not impossible) to copy something I possess, and requires the evil impersonator to be physically close to my possession.

Who I am! I prove who I am because I can be physically identified. This is how a driver's license works - the photo should match how I look. Fingerprints are a popular way to validate people as well. The problem being that physical properties can be hard to verify - is that fingerprint a real finger, or just a piece of tape copying a fingerprint off a door handle?

Two factor authentication systems require TWO of the above factors to prove who I am. These are far more secure, since an impersonator would have to circumvent two different security systems, usually in very different ways. A common example of a two-factor authentication system is a debit card - to use the card I have to have the card in my hand (what I have) and enter a PIN number (what I know). To steal my money, you would have to get both at the same time without my knowledge (or else I'll just change my PIN or replace the card).

Security keys are designed to be a second factor in such a system. Systems that support them require both your password and the presence of the key before they let you log in. This makes my account more secure - if my password is discovered, nobody can use my account because I have the key. If my key is stolen, the thief can't use it for anything without knowing my password.

This does NOT mean you don't need a password anymore. A security key is actually not very secure on its own, because people overall are shockingly good at losing things. A security key's power is specifically in it's use as a second factor.

The Google Titan Security Key is just Google's take on security keys - and are conceptually similar to offerings from other companies (eg. YubiCo).

But why do I need a security key?
Because your password is bad. You used the same password for your bank account as you did on Snapchat, and you told your friend that password so they could continue your streak. But you can't change that password now, because it's the same password you've used since you were 16 years old. It's the password you shared with that Nigerian Prince who needed it to send you your lottery winnings, and entered it accidentally in that response from that email from bankofamedica.com. But really, your password was just your middle name with a 1 on the end, so it was not hard to guess in the first place.

Your password is probably already hacked. If you don't think so, Have I Been Pwned is a fun reality check.

Where can I use it?
There's two variants being offered by Google - one for phones (bluetooth and tap), and one for computers (USB).

The downside is that not many online services support security keys yet, but a few big players do: notably Google, Facebook, and Twitter.

Questions you never asked?
Q: Do I need to use the key every time I use a website?
A: No, most sites will remember you on a particular computer or phone after you use your key once (for 30 days or so).

Q: How does it work with phones?
A: Phone support is still not the greatest, but if you have the right phone and the right security key, you can tap it to the back of the phone.

Q: What if I lose the key?
A: They're made to be cheap enough that you could have more than one. As long as you have one working key left, you can use it to deactivate old keys and add new keys. Generally you can also reset your account through a phone call or other hoops.