Monday, December 7, 2015

“Closing the Gun Show Loophole”

“Closing the gun-show loophole” has become a cause célèbre of American progressives.

As a European liberal living in the US, people expect me to march in lock-step with American progressives, and are surprised that I think this is a crock of shit.

Above all else, I am an empiricist and a realist.

The supposed purpose of “closing the gun show loophole” is to reduce the number of firearms falling into the hands of violent criminals, so it is reasonable to ask “where do criminals get their guns?” The best evidence we have is a 2002 report by the Department of Justice's Bureau of Justice Statistics (BJS) based on two surveys of inmates in state and federal prisons.

The upshot of this BJS report is that (roughly speaking) 40% of felons got their guns from friends and family, 40% got them from street or other illegal sources, and 20% purchased them from a variety of legal sources including gun shows where 0.6% and 0.7% got their guns. We don't know how many of the inmates surveyed would, at the time they acquired their guns, have passed a background check.

So, the long and the short of it is that “closing the gun show loophole”, at best, has the potential to reduce the number of firearms falling into the hands of criminals by 0.7%. All of the other sources, the sources where 99.3% of criminals get their guns, are still open.

In other words, the evidence indicates that “closing the gun show loophole” is utterly pointless.

Monday, November 16, 2015

What Google Can Learn from Amazon

Google are getting into retailing cell-phone service with Project Fi.

If you think about it, this is the first time Google has really gotten into retailing to the general public. Up to now, all of their services have been free to the consumer and paid for by business.

But it seems that, in their hubris, Google have decided to “wing it” in retail, rather than learning from the practices of people who've perfected it. Their first lesson is that the rules are different for a mom & pop store and a megacorp. In particular, where a small operation can often get away with an apology when they mess up; a megacorp can't.

The small operation gets away with an apology when a person in a genuine position of responsibility explains the extenuating circumstances and apologises to the customer with a modicum of sincerity. Even a bodega will usually make some kind of tangible gesture — a freebie, a sample, a discount, or something — by way of apology.

Logistically, a multi-billion dollar corporation cannot apologise in the same way, or the Board would have no time for anything but apologies. Consumers are also cynical of large corporations, and understand that the only meaningful way for a large corporation to express appreciation or contrition is with something of monetary value.

So a scripted pseudo-personal apology from a powerless support drone in Nevada is hollow and disingenuous, equivalent in sincerity to silently mouthing “I'm sorry” while giving the middle finger and winking.

The trick for a corporation is to give the disgruntled customer something that they value more highly than its cost to the company. Amazon understand this very well. They will give you a $5 or $10 credit or a month's free extension to your Prime subscription at the drop of a hat. You can't spend it anywhere else, you have to remain a customer to use it, they're guaranteed to get it back, they only pay cost for what you buy with it, and you'll probably buy something that you otherwise wouldn't that's worth more than the credit. Ultimately, it probably only costs them $1 to give you $5.

Google may be the Titans of Online Searching & Advertising, but they can still learn a thing or two from the Titans of Online Retail.

Google Project Fi(asco)

If you haven't heard, Google is getting into cell service with Project Fi(asco).

If the technology works, the fee structure has the potential to put the cat amongst the pigeons of the cell service oligopoly. I love it!

Like many Google projects going all the way back to Gmail, there's an “invite” stage before it's rolled out everyone, so I applied for, and got, an invitation. Yay!

But if you're thinking of doing the same, I'd say “don't bother”, for a number of reasons:
  • the sign-up process is misleading: your phone won't, in fact, leave the warehouse in the advertised 1-2 days, but in 5-6 weeks;
  • it took filling out an online form followed by a 3-day farce of 11 emails to and from 4 different support personnel — Melissa, Dave the Would-Be Helper (marks for effort), Christina the Rude (or illiterate), and Tenisha — to arrive at the conclusion: cancelling the order;
  • none of these people have the power to actually do anything unless you count writing chirpy corporate inanities and regurgitating FAQs;
  • if my experience is representative, one in four won't even bother reading your email before “replying”; and
  • at no time did they offer any kind of meaningful gesture of goodwill.
In short, Google is getting into the cell service business by misleading you about lead-times; then, if you call them on it, you get the middle-finger from impotent Comcast-grade support. Boo!

All 3 major cellphone service providers in the US are in the Customer Service Hall of Shame (positions 5, 7, & 8). Looks like Google wants to join them. What a pity.

Tuesday, November 3, 2015

Shortcomings of SFCU Online Banking

Like most people at Stanford, I bank with Stanford Federal Credit Union (SFCU).

Their lacklustre online banking system is fine for rudimentary day-to-day stuff, but it has a few dusty corners with some, frankly, ludicrous omissions and worryingly amateurish “features”.

Let's stick with tradition and talk about “Alice and Bob”, who are both SFCU customers.

I can think of three things off the top of my head...

Shortcoming #1

Suppose Alice and Bob have some shared monthly expense that happens to be paid out of Alice's checking account. Bob wants to set up a scheduled transfer of, say, $100 to Alice's checking account on the 1st of every month. It was easy for Bob to do one-time transfers to Alice, and it was easy for Bob to set up scheduled transfers between his own savings and checking accounts, so putting the two together is doable, right?


Ironically, Bob can set up scheduled transfers to any account at any other bank using the ABA routing code and account number, but the external application/service SFCU use rejects SFCU's own ABA routing number. After some back-and-forth with SFCU customer service, their solution — to Bob wanting to set up a scheduled monthly transfer to Alice's account at the same branch of the same bank — was to mail Alice a monthly check.

Just thinking about it makes me smile. Was I wrong when I said “ludicrous”? Maybe I should've said “hilarious”.

Shortcoming #2

Suppose Alice and Bob have a shared checking account. They want to open a second one. Bob clicks through to the screen for opening a new account, and there — much to his surprise and satisfaction — is a check-box that says “Share this account with Alice”. Strangely, Alice doesn't see this check-box when she tries, but Bob ticks the box and moves on.

Easy-peasy, right?


The “feature” simply doesn't work. After some back-and-forth with customer support, they tell Alice that she and Bob will just have to come in and fill out a paper form.

Here's how it should work:
  • The New Account page has a shared account option (via a tab, separate page, or whatever, the HCI/UI/UX details are unimportant to the current argument) with, inter alia, a text-box to enter the other customer's customer number
  • Alice fills in Bob's customer number and clicks OK.
  • Bob gets an email, clicks on a link, logs in, and it takes him to a page that says “Alice wants to open a shared checking account with you.”; it has 2 buttons “Accept” and “Decline”.
  • If Bob accepts, the account is opened.
  • If Bob declines, it isn't and Alice gets a message to that effect
They clearly thought of giving customers the ability to open joint accounts via the online banking system, otherwise the check-box wouldn't exist, so why didn't they actually implement it? And if they subsequently decided that they weren't going to implement it, why is the check-box still there?

Either support the feature or don't. It's not hard.

Shortcoming #3

The final shortcoming is simultaneously the most trivial and the most concerning. The previous two are oversights. Irritating, perhaps, but really just oversights or missing features.

The online banking system has an integrated messaging system for customer support. It also has a timer that logs you out automatically after a period of time. I'm sure you can guess… Yes, it can try to log you out while you're typing. Apparently resetting the JavaScript timer that's already there on every keystroke was too much.

But that doesn't really concern me. Again, it's just an oversight, and because you are prompted before being automatically logged out, it's not a critical issue.

What gives me cause for concern is that the messaging system only allows alphanumeric characters plus a list of “allowed special characters”.

What this suggests is that the developers, quite rightly, feared:
  • a SQL injection attack; and/or
  • HTML special characters — like “<”, “>”, and “&” — being entered by the client, and later interpreted by the customer service agent's browser, such that the message entered by the client was not faithfully presented to the customer service agent.
These are legitimate fears and it is right that the developers should take measures to defend against them. What's worrying is that the only way they could see of defending against them was to have an allowed list of characters, which suggests that the developers were either lazy and sloppy or just plain incompetent, and nobody at SFCU knew enough to reject this amateurish hack.

If there's one thing I don't want to suspect was developed by dilettantes and acceptance tested by ignoramuses, it's the online banking system I use.

Friday, June 19, 2015

Using a C++ Flex Lexer with a C++ Bison Parser

I recently found myself revisiting lexing and parsing as part of my research. It's one of those cases where I would get away with ad-hoc parsing with line-splitting and regular expression matching, but the canonical alternative might ultimately turn out to be worth some extra effort for a number of reasons.

Many years ago, I wrote a SQL DDL parser as part of some object-relational mapping research into a “mutual containment” object model for transparently representing junction tables in relational databases. Even if I do say so myself, it was a neat idea. I don't know if anyone else has since thought of it independently and implemented it.

So, I decided to revisit flex and bison, the most popular versions of the venerable and classic compiler construction tools, lex and yacc. This time around, though, I anticipated a possible need for two parser/lexer subsystems, so I was interested in the C++ capabilities of both tools, since the “vanilla” C code they emit uses global variables.

The GNU Bison Manual has A Complete C++ Example that, unfortunately, rather narrowly interprets what it means to be “complete C++ example” to mean “an example where the bison bits are in C++”, and uses the vanilla flex lexer with global variables.

I found a few examples of using flex and bison with C++, but even the best of them only address one or the other, go off on irrelevant tangents, are short on explanation, contain outright misleading comments, use deprecated constructs, or all of the above.

All I wanted, was the minimal example of how to use a C++ flex lexer with a C++ bison parser. Some kind of “addendum” to the “complete” C++ example from the bison manual would be perfect!


So now, ladies and gentlemen, for your enjoyment, I have added to my Bitbucket “miscellany”, such an elucidation of Modifying the Bison “Complete C++ Example” to Use a C++ Flex Lexer as I formerly desired.

It's not as easy as it sounds.

Tuesday, October 7, 2014

I'm a Wingnut and a Moonbat: Part 2

In an earlier post, I explained why I might be considered a “wingnut”. Briefly: I don't support the California assault weapons ban because it restricts access to certain firearms based on their cosmetic appearance rather than their functionality. Now I have to explain why I'm a “moonbat”.

When I say that the difference between the murder and assault rates in the US and the analogous rates in Western European countries can be explained almost entirely by economic inequality, I get accused of being a socialist, which I am, although not in the American sense of the word (where socialism is conflated with communism, totalitarianism, and oppression).

The evidence, however, is clear: about three quarters of the variance in murder and assault rates is explained by income inequality. This means that if you want to reduce violent crime in the US, you can address at most one quarter of the problem with all other measures combined: neither harsher sentences, favored by the right, nor gun control, favored by the left, are nearly as strongly correlated with violent crime as income inequality. Neither gun control nor prison sentences are statistically correlated with violent crime rates to a significant degree.

So, if you actually want to address violent crime, the elephant in the room is that you must address poverty, and not just absolute poverty, but relative poverty. To do that, you need to ensure that the distribution of wealth between rich and poor favors the poor more than it has in the past.

What policy changes ought to be introduced to ensure that the poor get a greater slice of the pie, and the rich a smaller slice, is open to debate, but any way you cut it, this sounds far too much like redistribution of wealth for any right-winger to resist the temptation to call me a “moonbat”.

Friday, October 3, 2014

I'm a Wingnut and a Moonbat: Part 1

For those unfamiliar with American political discourse, a “wingnut”, so the stereotype goes, is a gun-totin' redneck Evangelical Christian Republican-voting moron who gets all of his/her opinions straight from Rush Limbaugh. A “moonbat”, by contrast, is a gun-grabbin' city-dwelling atheist Democrat-voting commie who gets all of his/her unconsidered opinions straight from The Daily Show.
Now, you might think that an advocate of evidence-based policy might end up somewhere in the middle and would be neither a wingnut nor a moonbat, but it turns out that such a person is actually both.

Here's one example (I'll address the other side in Part 2)...

California has, arguably, the strictest gun control of any state. I come from a place where firearm licensing is immeasurably stricter, basically the strictest in the world. There is no legal provision for a license for a handgun or a center-fire rifle. You can get a license for a shotgun, double-barreled or pump with a 3 round magazine, or a .22 rim-fire rifle, but that's it and it's not easy. Broadly speaking, as a people, we have no tradition of firearms ownership and we neither need nor want firearms. Our police are mostly unarmed, and we like it that way.

As a person living in the US on a visa, I can't legally own buy (see edit note, below) a firearm. I find them interesting, of course, as any kid who played cops & robbers patterned after American TV shows might, but basically, I have no dog in this fight. I'm undecided whether, if I were allowed, I would end up having a ridiculous arsenal of firearms just because they're cool and fun and I'm a big kid, or I just wouldn't bother because they're dangerous, expensive, and the likelihood of ever actually needing to use one in the wealthy suburban part of California where I live is essentially zero.

But here's the thing. I read California's so-called “assault weapons” ban, and it is, by any objective standard, absurd. It is absurd, not because of its abuse of terminology (it actually bans some facsimiles of assault rifles), but because it regulates the appearance of the firearm, not any feature of its operation. In short, it regulates only the cosmetic appearance of the firearm. Don't believe me?


This is illegal to buy, sell, import, etc. in California (legal to own if grandfathered in). You will probably be charged with a felony (technically, it's a “wobbler”) if you are caught with one of these and can't prove that you bought it before the ban:
Illegal “Assault Weapon” in California
This functionally identical rifle — firing identical rounds with an identical mechanism from an identical magazine down an identical barrel at an identical rate of one per trigger pull — is legal to buy and own in California (assuming in both cases that the magazine holds no more than 10 rounds, despite looking like 20 or 30 round magazines):
Legal “Sporting Rifle” in California
What makes the legal difference?

The pistol-style grip above is illegal; the one below, fused to the stock, is legal. That's the difference. And don't think that federal laws are much better. If you add a handle-like grip to the barrel of either of the above without permission from the ATF and a $200 tax, that's a felony.

This, we are supposed to believe, is what is going to protect children from a Newtown-style shooting: making guns have the right kind of handle and making it a felony to have the wrong kind of handle or, perish the thought, an extra handle.


So now you know why I agree with the gun rights activists and say “the California Assault Weapons Ban is one of the most astonishingly stupid things I have ever heard of”, but only wingnuts say things like that, so I must be a wingnut, right?

Edit: in the original version of this post, I said that (as someone here on a visa) I couldn't legally own a firearm. That's probably not exactly true. 18 USC 922 (d)(5)(B) criminalizes the sale, or other transfer, of a firearm or ammunition to a person “who, being an alien— [...] has been admitted to the United States under a nonimmigrant visa [...]” (that's me). Not that I'd realistically consider doing it, but it might be perfectly legal, at least under federal law, for me to make a firearm (e.g. from an 80% complete lower) and ammunition (e.g. by reloading), since the power that the federal government uses for 18 USC 922 derives from the Commerce Clause and so, strictly speaking, regulates only interstate or international trade. There's even an argument that I could legally purchase ammunition manufactured in California (since it would not involve interstate or international commerce and, therefore, cannot fall under the authority granted by the Commerce Clause). In any case, it's a minor technicality, there's probably some other law that prohibits it at the federal or state level, and I'm not so enamoured with the idea of firearms ownership that I'd bother risking it. Nevertheless, I've changed “own” to “buy” since, as far as I know, that's more accurate.