September 2008 Archives

The bailout is in the news. We get new info daily, and it's still in flux. If you believe in small government, or even responsible government, or even some semblance of a non-corrupt government, these are the key points to make when this subject comes up in conversation. Note that I wrote this on Saturday, 20 Sept, and things may have already changed (I don't have a staff to figuring things out for me, I just read the news like you do).

• We don't know what the final number is going to be, but it's looking like $700 Billion. That's $2000 for every man, woman and child in the country.


• Yes, it's true that these are loan guarantees, not straight handouts, but the fact that no profit-driven investors stepped up to the plate means they aren't going to pay out. The banks are not going to be handing off good loans to the bailout fund, they will be handing off the loans that are being defaulted on. We would be lucky to see even half this money returned.


• These handouts punish the prudent and reward the foolish. Why should Americans be cautious with their money, make sure they don't get in over their head, when those who do will be forced to pay for the "bad luck" of those who bought houses they couldn't afford and those who made the loans?


• If a bank collapses, the only ones who lose money are investors. If the bank that holds your mortgage collapses, it isn't as if they can come and kick you out of your house. The worst case scenario is that you'll get a letter advising you that your lender is defunct, your loan has been purchased by another bank, and would you please send your future loan payments to a new address?


• We see that the true meaning of bipartisan action is helping out huge corporations that donate to both parties. It's no virtue to be generous with taxpayer money.


• Once the banks that have made bad loans have been taken over by more responsibly managed banks, the problem will be solved -- if investors lose money, they aren't likely to invest in bad loans again.


• As a Libertarian, my preference would be that that $2000 per man, woman and child went toward reducing the debt and cutting taxes, but whatever your politics, I'm sure we can all agree that there are many more important things to spend the money on than making sure the rich
  get richer.


• This is the kind of opportunity that can actually get a Libertarian elected. Hammer this issue hard. This is the wedge that will make voters look to Washington and say "you're out of your minds".


• Don't talk about the gold standard. It's not a related issue and talking about the gold standard makes 90% of the voters think you are a kook.


• Don't talk about inflation. The relationship of this bailout to inflation are too complicated to explain in anything less than a feature length article, so just stay away from the issue. If you actually get asked, say it is increasing the money supply so we can expect inflation. Keep in mind that inflation probably directly benefits debtors more than the negative effects on the economy harm them.

Wells Fargo wants to make it easy for you to do your banking online. They don't want you to deal with little inconveniences like having to enter your password correctly. I'm sure that sometime in the past, you've been told it's good to have both uppercase and lowercase letters in your password. I heard a rumor that Wells Fargo ignores this, tested it, and have confirmed that Wells Fargo will accept a password with any combination of upper and lowercase letters. That is, if you enter "tHis Is mY paSsWoRd" as your password, they will accept "this is my password".

Wells Fargo's current password policy is "Your password must be 6 to 14 characters and contain at least one letter and one number." I have to ask, why no more than 14? Hard drives are pretty cheap these days, I'm sure you could handle storing as many characters as someone reasonably wanted to store. There is no excuse for bad password security these days. Here's how to do good password security:

• No maximum length (or so high it isn't needed)
• No disallowed characters, if I want spaces, let me have spaces.
• If you want to have "fuzzy" passwords like smashing case or ignoring spaces, make these optional, or at least inform the user at the time of setting the password.
• If you want to require a certain strength, make the calculations holistic -- if I have a 35 character password, it's secure even without a special character.
• If your programmer tells you that any of the above are impossible, fire him and find someone competent.

If anyone knows of a bank that does online security properly, won't send me junk mail, and won't throw up an offer to get online statements before letting me get to my account when I already get only online statements, please let me know what bank that is.

Edit: Christopher makes a good point about telephone access being a possible driver for this in his comment. He also mentions the "security questions" problem that Bruce Schneier recently covered.