Author: Art Diamond

Hackers from China Seek to Exploit the Open Source Log4j Software Bug

In Openness to Creative Destruction, I argue that open source software has severe drawbacks, compared to a system where firms receive higher profits for selling better software. The severe Log4j bug, discussed in the quoted passages below, is an example that strongly supports my argument. A blog entry posted on Dec. 17 also discussed the Log4j bug.

(p. B1) Hackers linked to China and other governments are among a growing assortment of cyberattackers seeking to exploit a widespread and severe vulnerability in computer server software, according to cybersecurity firms and Microsoft Corp.

The involvement of hackers whom analysts have linked to nation-states underscored the increasing gravity of the flaw in Log4j software, a free bit of code that logs activity in computer networks and applications.

Cybersecurity researchers say it is one of the most dire cybersecurity threats to emerge in years and could enable devastating attacks, including ransomware, in both the immediate and distant future. Government-sponsored hackers are often among the best-resourced and most capable, analysts say.

“The effects of this vulnerability will reverberate for months to come—maybe even years—as we try to close these doors and try to hunt down all the actors who made their way in,” said John Hultquist, vice president of intelligence analysis at the U.S.-based cybersecurity firm Mandiant Inc.

. . .

(p. B6) Researchers find the Log4j flaw particularly worrying because the free Java-based software is used in a broad range of products. It can be found in everything from security software to networking tools to videogame servers. The exact number of users of Log4j is impossible to know, but the software has been downloaded millions of times, according to the organization that builds it, the Apache Software Foundation.

The attack works reliably and is trivial to exploit, security researchers say. Although downloadable patches have already been made available, experts and U.S. officials said they expected the flaw to remain a problem for the long haul because some organizations will be slow to update their systems or might neglect to do so entirely.

“It’s a surprise it’s not more widespread,” said Adam Meyers, senior vice president of intelligence with CrowdStrike, a U.S.-based cybersecurity firm, which said they had detected Iranian actors leveraging the Log4j flaw. “The question that everyone is asking is, ‘What aren’t we seeing?’”

For the full story, see:

Robert McMillan and Dustin Volz. “Hackers Leap on Flaw in Log4j Software.” The Wall Street Journal (Thursday, December 16, 2021): B1 & B6.

(Note: ellipsis added.)

(Note: the online version of the story was updated Dec. 15, 2021, and has the title “Hackers Backed by China Seen Exploiting Security Flaw in Internet Software.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

“People Come to This Country to Build Amazing Businesses”

(p. 1) WASHINGTON — ADW Capital Partners would appear to be the kind of hedge fund that Democrats on the Senate Finance Committee would like to tax more heavily: small but growing fast, with $330 million in assets, an incorporation in Delaware but doing business in Florida, and an offshore “feeder” corporation shielding some of its clients from U.S. taxation.

No wonder, then, that its owner, Adam Wyden, has come out as a vocal and vociferous critic of the tax increases being pushed by the committee’s chairman, Senator Ron Wyden of Oregon — his father.

. . .

(p. 25) “The issue is bigger than my father. I’m not interested in discussing anything personal,” he said in a brief phone call before declining to go further. He said he was “not a Trumper” and “not an Ocasio” — referring to Representative Alexandria Ocasio-Cortez of New York, an icon of the Democratic left. He is a libertarian, he said, raised in Washington, D.C., who moved to Florida “to get away from the food fight.”

But he has gone public with his grievances against his father’s proposals, in an appearance last month on CNBC that he recommended for viewing, and in a tweet responding to the elder Mr. Wyden’s assertion that Elon Musk and other billionaires should not get to decide whether to pay taxes based on a Twitter poll.

“Why does he hate us / the American dream so much?!?!?!?!” Adam Wyden said in the Twitter post last month. “Reality is: most legislators have never built anything … so I guess it’s easier to mindlessly and haphazardly try and tear stuff down.”

. . .

“Thankfully, I think I can compound” investment gains “faster than my dad and his cronies can confiscate it,” Adam Wyden wrote.

Lauded on CNBC’s “Squawk Box,” he elaborated on air. “Amazon, Netflix, Google, Tesla: I mean, we are the envy of the rest of the world,” he said. “People come to this country to build amazing businesses, and I want that to continue.”

Without referring to his son, the elder Mr. Wyden suggested a possible reason for his stance: “Many millionaires perhaps may consider themselves tomorrow’s billionaires.”

For the full story, see:

Jonathan Weisman. “Rift Between Senator and Son Shows Challenge of Taxing the Ultrarich.” The New York Times, First Section (Sunday, December 12, 2021): 1 & 25.

(Note: ellipses added.)

(Note: the online version of the story was updated Dec. 11, 2021, and has the title “Rift Between Senator and Son Shows the Challenge of Taxing the Ultrarich.” The online version says that the article appeared on p. 24 of the New York edition of the print version.)

Taking “Capital Allocation Away From People Who Have Demonstrated Great Skill in Capital Allocation”

(p. 1) The richest people on earth typically devote a share of their vast resources to charity. That is the bargain and the expectation, anyway.

Jeff Bezos, until very recently the world’s richest human, has been applying himself dutifully if a bit cautiously to the task, giving money to food banks and homeless families while pledging $10 billion of the fortune he earned through the online retailer Amazon to fight climate change.

The latest richest human, Elon Musk, has taken a rather different tack. There was the public spat with the director of the World Food Programme on Twitter, for instance, announcing, “If WFP can describe on this Twitter thread exactly how $6B will solve world hunger, I will sell Tesla stock right now and do it.”

. . .

And, of course, there is the ongoing insistence that his moneymaking efforts, running both the electric carmaker Tesla and the rocket company SpaceX, are already better-(p. 8)ing humankind, thank you very much.

Mr. Musk is practicing “troll philanthropy.”

That’s what Benjamin Soskis, senior research associate in the Center on Nonprofits and Philanthropy at the Urban Institute, has called it, noting that Mr. Musk seems to be having fun with this novel approach.

“He doesn’t seem to care much about using his philanthropy to curry public favor,” Mr. Soskis said. “In fact, he seems to enjoy using his identity as a philanthropist in part to antagonize the public.”

. . .

“The particular barrier for donors from a tech background is they don’t just think their genius has made them good at what they do, they also think what they do commercially also makes society better,” said Rhodri Davies, a philanthropy commentator who wrote a piece on Mr. Musk called “The Edgelord Giveth.”

Mr. Musk, for instance, has said that getting humankind to Mars through SpaceX is an important contribution and has written and spoken acerbically about what he calls “anti-billionaire BS,” including attempts to target taxes at billionaires.

“It does not make sense to take the job of capital allocation away from people who have demonstrated great skill in capital allocation and give it to an entity that has demonstrated very poor skill in capital allocation, which is the government,” Mr. Musk said on Monday at an event hosted by The Wall Street Journal.

At the same time, Mr. Kharas said a more charitable reading of Mr. Musk’s exchange with the World Food Programme is possible. He could just genuinely want to know how the money will be spent and is putting in public, on Twitter, the due diligence work that institutional giving does behind closed doors.

“I think this idea that he was willing to engage was really good,” Mr. Kharas of the Brookings Institution said of Mr. Musk. “I think his response was extremely sensible. It was basically, ‘Show me what you can do. Demonstrate it. Provide me with some evidence. I’ll do it.’”

For the full story, see:

Nicholas Kulish. “Elon Musk, Trolling Away.” The New York Times SundayBusiness Section (Sunday, December 12, 2021): 1 & 8.

(Note: ellipses added.)

(Note: the online version of the story has the date Dec. 10, 2021, and has the title “Elon Musk’s Latest Innovation: Troll Philanthropy.”)

Federal Covid-19 Stimulus Subsidies Reduced Labor Force Participation

(p. A2) . . ., home prices and stocks have soared, in part because of stimulus from the Fed. From the start of 2020 through Sept. 30 this year, U.S. households’ total assets soared 22% to nearly $163 trillion, Fed data show.

At the same time, the labor-force participation rate fell sharply and has remained stubbornly low. At 61.8% in November [2021], it was 1.5 percentage points below its pre-pandemic level. Many older workers retired early. But even among prime-age workers—those between 25 and 54—participation remains down more than a percentage point.

Some economists believe the extra cash is one reason for this. In part, that is based on research showing declines in wealth seem to have had the opposite effect. Falling housing and stock values from 2006 and 2010 led many who otherwise would have fallen out of the labor force to stay in, according to the Federal Reserve Bank of Chicago. The study found that participation was 0.7 percentage point higher than otherwise as a result.

Families that win at least $30,000 in the lottery tend to earn less in the next five years, according to a National Bureau of Economic Research working paper released in July by four University of Chicago scholars. The more a person wins, the bigger the effect that the award has on earnings and employment, the paper found. Upper-income winners are more likely to reduce their hours, while lower-income winners are more likely to drop out of the labor market entirely, the paper found.

In Austria, workers who received severance payments worth two months of pay were far less likely to find a job within 20 weeks compared with those who received no such lump sum, according to a 2006 paper released by the NBER. The researchers also found a similar effect among workers whose unemployment benefits were extended from 20 weeks to 30 weeks.

For the full commentary, see:

Josh Mitchell. ” THE OUTLOOK; New Hope for Easing Labor Shortage.” The Wall Street Journal (Monday, Dec. 20, 2021): A2.

(Note: ellipsis, and bracketed year, added.)

(Note: the online version of the commentary has the date December 19, 2021, and has the title ” THE OUTLOOK; Vast Household Wealth Could Be a Factor Behind U.S. Labor Shortage.”)

The July 2021 NBER working paper mentioned above is:

Golosov, Mikhail, Michael Graber, Magne Mogstad, and David Novgorodsky. “How Americans Respond to Idiosyncratic and Exogenous Changes in Household Wealth and Unearned Income.” National Bureau of Economic Research Working Paper #29000, July 2021.

The published version of the 2006 NBER working paper mentioned above is:

Card, David, Raj Chetty, and Andrea Weber. “Cash-on-Hand and Competing Models of Intertemporal Behavior: New Evidence from the Labor Market.” The Quarterly Journal of Economics 122, no. 4 (Nov. 2007): 1511-60.

Ross Douthat’s Self-Doctoring Was “Intensely Empirical”

(p. 12) The early chapters of “The Deep Places” unfold like the first act of a horror movie. Feeling the pull of home and burned out by life on Capitol Hill, Ross Douthat (a New York Times columnist) and his wife buy a 1790s farmhouse on three acres of Connecticut pasture.

. . .

Something is lurking in those woods. Back in D.C., Douthat has a swollen lymph node, a stiff neck and strange vibrations in his head and mouth. The urgent care doctor he sees first diagnoses him with a harmless boil. A few weeks later, he is in an emergency room at dawn with an alarming full-body shutdown, “as if someone had twisted dials randomly in all my systems.” The E.R. doctor suggests stress as the culprit — as do, in subsequent visits, an internist, neurologist, rheumatologist and gastroenterologist. A psychiatrist, his 11th doctor in 10 weeks, disagrees.

Only after Douthat completes his move north to Connecticut, namesake of Lyme disease, does it seem obvious to local doctors that he is suffering from something tick-borne.

. . .

He makes his case that tick-borne disease needs more research and its sufferers deserve more respect.

The trouble is that Douthat also wants to present his reckless journey as a road map. His revelation: “Given a stockpile of antibiotics, the array of over-the-counter medications available on Amazon and crowdsourced data from hundreds and thousands of Lyme sufferers sharing their experiences online, I could effectively become my own doctor, mixing and matching to gauge my body’s reaction to different combinations, like a Lyme researcher working on a study with a sample size, an ‘N,’ of only 1.”

This self-doctoring, he adds, “was in its own way intensely empirical and materially grounded — the most empirical work, in fact, that I have ever attempted in my life.” (Comparing this approach to Khakpour’s introspective memoir, I kept thinking of the couples-therapy trope that women prefer to talk through their problems while men leap to solve them.)

. . .

A subsequent bout of undiagnosed Covid-19, and scientists’ stumbles as they’ve worked to understand the new virus, have only hardened Douthat’s distrust of institutions like the Centers for Disease Control and Prevention and the Food and Drug Administration. “From the beginning of the pandemic to its still unfinished end,” he writes, “there were weirdos on the internet who were more reliable guides to what was happening, what was possible, and what should actually be done than Anthony Fauci or any other official information source.”

For the full review, see:

Sara Austin. “Darkness Invisible.” The New York Times Book Review (Sunday, November 28, 2021): 12.

(Note: ellipses, added; italics, in original.)

(Note: the online version of the review has the Updated Oct. 30, 2021, and has the title “A Transporting and Cozy Biography of a Pottery Pioneer.”)

The book under review is:

Douthat, Ross. The Deep Places: A Memoir of Illness and Discovery. New York: Convergent Books, 2021.

Bans on Natural Gas for Cooking and Heating Could Most Hurt Low-Income Citizens

(p. A13) This week, New York City moved to ban gas hookups in new buildings, joining cities in blue states like California, Massachusetts and Washington that want to shift homes away from burning natural gas because it releases carbon dioxide, which causes global warming.

Instead, developers in New York City will have to install electric heat pumps and electric kitchen ranges in newly constructed buildings.

. . .

But the gas industry is fighting back and has lobbied in statehouses across the country to slow the shift away from gas. It argues that gas appliances are widely popular and still cost less than electric versions for many consumers. Opponents have also warned that a rush to electrify homes could strain power grids, particularly in the winter when heating needs soar, at a time when states like California and Texas are already struggling to meet demand.

Karen Harbert, president and chief executive of the American Gas Association, an industry group, said efforts to disconnect homes and businesses from the extensive network of gas pipelines would make it difficult to supply those buildings with low-carbon alternatives that might be available in the future, such as hydrogen or biogas.

“Eliminating natural gas and our delivery infrastructure forecloses on current and future innovation opportunities,” she said.

The question of whether to use natural gas in homes has become part of the culture wars, pitting climate activists against industry and other interest groups. Some chefs and restaurant owners have argued that they won’t be able to cook certain dishes as well without gas.

. . .

In a statement, Bill Malcolm, a senior legislative representative at the AARP, said the group had “supported legislative and regulatory initiatives allowing customers to continue to use the fuel of their choice to heat their homes and cook their food.” He added: “Outright bans on certain fuel options would run contrary to that choice.”

. . .

For now, natural gas remains the dominant fuel in much of the country, heating nearly half of American homes. Electric heat pumps, by contrast, satisfy just 5 percent of heating demand nationwide.

. . .

Experts have warned that as more homeowners go electric, gas utilities will still have to pay to maintain their existing network of pipelines, which could mean higher costs for the smaller base of remaining customers, many of whom may be low-income.

For the full story, see:

Brad Plumer and Hiroko Tabuchi. “Gas vs. Electric Stoves Join Partisan Battlefield.” The New York Times (Friday, December 17, 2021): A13.

(Note: ellipses added.)

(Note: the online version of the story has the date Dec. 10, 2021, and has the title “How Politics Are Determining What Stove You Use.” The online version says that the New York print edition had the title “Gas vs. Electric Stoves on a Partisan Battlefield.” My National print edition had the title “Gas vs. Electric Stoves Join Partisan Battlefield.” Where there is a slight difference in wording between the versions, the passages quoted above follow the online version.)

Elon Musk Likes Government the Referee, Not Government the Subsidizer

Here are some especially important passages from the Wall Street Journal transcript of the Elon Musk interview:

Joanna Stern

Well, I want to come back to autonomous vehicles, but wanted to just stay a little bit more on the role of government. You said at this conference, actually, a year ago, that you think the government should really just be hands off when it comes to innovation. Though with this bill, there is a lot of support for EVs and it could be the biggest change that we’ve seen throughout the country in terms of the infrastructure of EVs. And it helps Tesla. What do you think the role of government should be?

Elon Musk

I think the role of government should be that of, like, a referee. But not a player on the field. So generally, government should just try to get out of the way and not impede progress. I think there’s a general problem, not just in the U.S., but in most countries, where the rules and regulations keep increasing every year.

Rules and regulations are immortal. They don’t die. Occasionally you see a law with a sunset provision, but really, otherwise, the vast majority of rules and regulations live forever. And so if more rules and regulations are applied every year and it just keeps growing and growing, eventually it just takes longer and longer and it’s harder to do things.

And there’s not really an effective garbage collection system for removing rules and regulations. And so gradually this hardens the arteries of civilization, where you’re able to do less and less over time. So I think governments should be really trying hard to get rid of rules and regulations that perhaps had some merit at some point but don’t have merit currently. But there’s very little effort in this direction. This is a big problem. Continue reading “Elon Musk Likes Government the Referee, Not Government the Subsidizer”

Return of New York City Oysters Are a Hopeful “Symbol of Resilience”

(p. A10) The restoration of New York Harbor has reached a new milestone as 2021 draws to a close: 11.2 million juvenile oysters have been added in the past six months to a section of the Hudson River off the coast of Lower Manhattan, where they are helping to filter the water and creating habitats for other marine life.

. . .

. . ., in addition to the ones being introduced, wild ones are being found on the bottoms of piers off the West Side of Manhattan and in the Bronx.

. . .

. . . the oysters are a symbol of resilience, and a rare hopeful sign amid ominous news about New York waterways in the age of rapid climate change.

If they grow big enough, the oyster reefs can even play a role in dissipating wave energy, helping to protect the city’s shorelines from storm surges and flooding in extreme weather.

. . .

The researchers at the River Project will track the oysters and their effect on the water. They run a small, free aquarium at Pier 40 that is designed expressly to educate the public about the abundant marine life in the area.

One very special oyster, named Big, lives under the pier. At 8.6 inches and 1.9 pounds, it was believed to be the biggest oyster found in New York Harbor in a century when it was discovered in 2018.

For the full story, see:

Karen Zraick. “11 Million New Oysters. Want to Eat One? Maybe in 100 Years.” The New York Times (Saturday, December 11, 2021): A10.

(Note: ellipses added.)

(Note: the online version of the story has the date Dec. 10, 2021, and has the title “11 Million New Oysters in New York Harbor (but None for You to Eat).”)

Open Source Log4j Software Bug “Poses a Severe Risk”

In Openness to Creative Destruction, I argue that open source software has severe drawbacks, compared to a system where firms receive higher profits for selling better software. The severe Log4j bug, discussed in the quoted passages below, is an example that strongly supports my argument.

(p. B1) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent alert about the vulnerability and urged companies to take action. CISA Director Jen Easterly said on Saturday, “To be clear, this vulnerability poses a severe risk.”  . . .  Germany’s cybersecurity organization over the weekend issued a “red alert” about the bug. Australia called the issue “critical.”

Security experts warned that it could take weeks or more to assess the extent of the damage and that hackers exploiting the vulnerability could access sensitive data on networks and install back doors they could use to maintain access to servers even after the flawed software has been patched.

“It is one of the most significant vulnerabilities that I’ve seen in a long time,” said Aaron Portnoy, principal scientist with the security firm Randori.

. . .

(p. B2) The software flaw was reported late last month to the Log4j development team, a group of volunteer coders who distribute their software free-of-charge as part of the Apache Software Foundation, according to Ralph Goers, a volunteer with the project. The foundation, a nonprofit group that helps oversee the development of many open-source programs, alerted its user community about the vulnerability on Dec. 9 [2021].

“It’s a very critical issue,” Mr. Goers said. “People need to upgrade to get the fix,” he said. Log4j is used on servers to keep records of users’ activities so they can be reviewed later on by security or software development teams.

Because Log4j is distributed free, it is unclear how many servers are affected by the bug, but the logging software has been downloaded millions of times, Mr. Goers said.

For the full story, see:

Robert McMillan. “Software Flaw Spurs Race to Patch Bug.” The Wall Street Journal (Monday, December 13, 2021): B1-B2.

(Note: ellipses, and bracketed year, added.)

(Note: the online version of the story was updated Dec. 12, 2021, and has the title “Software Flaw Sparks Global Race to Patch Bug.”)

My book, mentioned above, is:

Diamond, Arthur M., Jr. Openness to Creative Destruction: Sustaining Innovative Dynamism. New York: Oxford University Press, 2019.

“Americans Think the Economy Is in Rough Shape Because the Economy Is in Rough Shape”

(p. A12) Offices remain eerily empty. Airlines have canceled thousands of flights. Subways and buses are running less often. Schools sometimes call off entire days of class. Consumers waste time waiting in store lines. Annual inflation has reached its highest level in three decades.

Does this sound like a healthy economy to you?

In recent weeks, economists and pundits have been asking why Americans feel grouchy about the economy when many indicators — like G.D.P. growth, stock prices and the unemployment rate — look strong.

But I think the answer to this supposed paradox is that it’s not really a paradox: Americans think the economy is in rough shape because the economy is in rough shape.

Sure, some major statistics look good, and they reflect true economic strengths, including the state of families’ finances. But the economy is more than a household balance sheet; it is the combined experience of working, shopping and interacting in society. Americans evidently understand the distinction: In an Associated Press poll, 64 percent describe their personal finances as good — and only 35 percent describe the national economy as good.

There are plenty of reasons. Many services don’t function as well as they used to, largely because of supply-chain problems and labor shortages. Rising prices are cutting into paychecks, especially for working-class households. People spend less time socializing. The unending nature of the pandemic — the masks, Covid tests, Zoom meetings and anxiety-producing runny noses — is wearying.

For the full commentary, see:

David Leonhardt. “The Economy Looks Healthy, but Americans Know It’s Rough Out There.” The New York Times (Saturday, December 11, 2021): A12.

(Note: the online version of the commentary has the date Dec. 10, 2021, and has the title “Covid Malaise.”)

When Sri Lanka Government Banned Chemical Fertilizers, Yields Tanked and Prices “Shot Up”

(p. A4) RATNAPURA, Sri Lanka — This year’s crop worries M.D. Somadasa. For four decades, he has sold carrots, beans and tomatoes grown by local farmers using foreign-made chemical fertilizers and pesticides, which helped them reap bigger and richer crops from the verdant hills that ring his hometown.

Then came Sri Lanka’s sudden, and disastrous, turn toward organic farming. The government campaign, ostensibly driven by health concerns, lasted only seven months. But farmers and agriculture experts blame the policy for a sharp drop in crop yields and spiraling prices that are worsening the country’s growing economic woes and leading to fears of food shortages.

Prices for some foodstuffs, like rice, have risen by nearly one-third compared with a year ago, according to Sri Lanka’s central bank. The prices of vegetables like tomatoes and carrots have risen to five times their year-ago levels.

“I haven’t seen times that were as bad as these,” said Mr. Somadasa, a 63-year-old father of two who sells vegetables in the small town of Horana, just outside the island nation’s capital, Colombo. “We can’t find enough vegetables. And with the price hikes, people find it hard to buy the vegetables.”

. . .

President Gotabaya Rajapaksa cited health concerns when his government banned the importation of chemical fertilizers in April [2021], a pledge he had initially made during his 2019 election campaign.

. . .

The push for organic farming didn’t start with Mr. Rajapaksa’s current government, nor when another brother, Mahinda Rajapaksa, currently the prime minister, was president from 2005 to 2015. Some farmers and agriculture industry officials say they are warming to the idea of reducing dependence on chemicals in farming. But the shift was too sudden for farmers who didn’t know how to work organically, said Nishan de Mel, director of Verité Research, a Colombo-based analysis firm.

Verité found in a July [2021] survey that three-quarters of Sri Lanka’s farmers relied heavily on chemical fertilizers, while just about 10 percent cultivated without them. Almost all major crops grown in the country depend on the chemicals. For crops crucial to the economy like rice, rubber and tea, the dependence reaches 90 percent or more.

The April ban went into effect just before what is known as the Yala planting season, which lasts from May to August, and was felt almost immediately. The Verité survey showed that 85 percent of farmers expected a reduction in their harvest because of the fertilizer ban. Half of them feared that their crop yield could fall by as much as 40 percent.

Food prices shot up in September [2021], . . .

For the full story, see:

Aanya Wipulasena and Mujib Mashal. “A Plunge Into Organic Farming Brings Disaster to Sri Lanka.” The New York Times (Wednesday, December 8, 2021): A4.

(Note: ellipses, and bracketed years, added.)

(Note: the online version of the story has the date Dec. 7, 2021, and has the title “Sri Lanka’s Plunge Into Organic Farming Brings Disaster.”)