Soapbox

Some yahoo at Debian found what he thought was a bug in OpenSSL, and decided to comment out some code without having any clue what purpose it served. That purpose was to seed a pseudo-random number generator with entropy from memory, specifically /dev/random. This only broke the cryptographic security of OpenSSL on Debian (and thus Ubuntu) while being mostly undetectable. It’s quite likely attacks of the same ilk were deliberately planted by various spy agencies.

This is just an extreme example of why I prefer to build open-source software from source code myself rather than trust blindly in some packager whose choice of compile-time settings almost certainly doesn’t match mine. I have a framework of makefiles that specify how each package is built from source (meta-makefiles, really). This includes checking for new versions of the package, setting configure options and make environment variables. For instance, to fetch the most recent version of OpenSSL, all I do is make sync-openssl; make openssl then as root run make install-openssl. The maintenance burden is low as I have been assembling these metamakefiles over the last 12 years, targeting Solaris and OS X. The end-result is a deterministic build according to my specifications.

My process would not ward against a malicious attack like Brian Kernighan’s notorious trusting trust attack, but it has served me well over the years.

Why are Untied Airlines, American and Delta still referred to as “full-service airlines” and Southwest as “no-frills”? As far as I am concerned, it is exactly the opposite. Southwest has leather seats, provides in-flight snacks for free, does not gouge you for checking bags, and if they screw up they will make it right and offer you vouchers in compensation. The so-called premium airlines won’t.

It’s conventional wisdom that politicians are self-absorbed windbags. Another piece of evidence to contribute: the longest words in the English and French languages are antidisestablishmentarian and anticonstitutionnellement respectively, both of which pertain to the political realm.

Much virtual ink has been wasted on discussing the Microsoft ad campaign featuring Jerry Seinfeld, and how useless or ineffective it may be.

I wonder what it says about our society that we are discussing ad campaigns instead of the merits of the product they are supposed to be about, just as political news coverage often devolves on discussion of campaign tactics rather than substantive issues, as if they have any relevance to what happens after the election.

I know advertising is a major “industry”, and that without it people in the design field would find it hard to find well-paying jobs. Focusing the discussion on marketing campaigns instead of actual products ia a case of the tail wagging the dog, however.

It’s an open secret that most public corporations exhibit abysmal corporate governance. Insider management is skilled in using corporate by-laws against the shareholders that are nominally their bosses. One good example is HP’s acquisition of Compaq. Whatever the merits of the deal, the company (i.e. Carly Fiorina) spent half a billion dollars of shareholder’s money in PR expenditures opposed by a significant chunk of the said shareholders, lobbying for an outcome that would handsomely profit the same executives with retention bonuses, a flagrant case of self-dealing.

Most shares are owned by large institutional investors that are too lazy to do proper due diligence. In many case, they are pension funds or investment banks that curry management’ favor in the form of contracts. Index funds can’t even vote with their feet. The only way out would be for corporate by-laws to be standardized and made statutory, rather than one-offs rife with potential for abuse.

A simple question: if a board’s job is to hire and fire a company’s CEO, why is the CEO, who is after all a mere employee, allowed to participate in the board at all, let alone preside it? The CEO should be accountable to the board, not a member of it, or privy to the board’s deliberations. This is in part due to gross over-hyping of CEOs’ importance. What they do is neither unique or as rare a skill as is often supposed, and their prima donna demands should be resisted. Of course, most companies’ boards today are already dominated by their management, so the rot is set too deep to expunge easily.

I concluded years ago that most public corporations are run by self-dealing kleptocracies. They loot most of the companies’ profits, and leave some crumbs to the shareholders. The only way to realize the true potential of investing in a profit-making enterprise is to be an active majority shareholder, either by buying a controlling stake (an option available only to those already wealthy) or by starting one yourself. Belgian financier Albert Frère had a saying “The difference between a big minority shareholder and a small minority shareholder is the difference between a big chump and a small chump”.