There are two issues that need to be addressed here; earmarks and bipartisanship.
Healthcare, the economy, Iraq, energy policy, foreign policy - none of those matter? You've got some pretty shitty priorities right there.
Let's start with earmarks. I'm not sure what god-forsaken civics class you took in primary school, but it obviously wasn't clear about the role of the different branches of the United States government. To put it simply, we have Congress, who's job is to make laws. The judicial branch is responsible for interpreting the law, including its Constitutionality. Then we have the executive branch. The primary purpose of the executive branch is to enforce laws already in place. The president has a limited power to veto a law passed up from Congress, but that does not make him part of the legislative branch.
With all the talk about earmarks you'd think John McCain is running for president of the Senate. Guess what: the primary responsibility of the president isn't to veto bills containing earmarks (in many cases they are budget bills that have to be passed by a certain date and he really can't veto them), it isn't even the secondary responsibility. The veto is a check by the executive on the legislative to prevent the legislative branch from becoming too powerful. According to legal scholars, this is the least likely thing to happen - the executive branch has grown far beyond its original size. Earmarks should be so far down on the list of presidential priorities it shouldn't even enter into the debate.
There is one candidate in this election that has a known record of reaching across the aisle and working with the "other side".
Now we can talk about bipartisanship. Nice buzzword but what it really means is "we're going to 'compromise' with the bullshit the other party is spewing out in an effort to look helpful. Even though we know that we should stop being pussies and stick by our beliefs." When decisions and legislation come around on civil rights, evolution, and separation of church and state come around, I don't want any bipartisan "compromising" to be going on. So what if it puts a stick up the Republican's ass - if you disagree, say that you disagree and stick by your principles.
We insult politicians for pandering and taking both sides of the issue to gather voters on both sides of the isle and then we complain when they aren't "bipartisan" enough. There's a reason most of these people are running on the Democratic ticket - they agree with the Democratic principles. If I elect a Democrat I damn well expect a Democrat in office.
I did account for the weaknesses of md5. To achieve the collision, one has to have the ability to control or modify both images. The file you linked managed to do it because they could just add garbage onto the end of an executable. Even if you could enter it into the database, the first thing that I would compare to check if two files are equal is if they are the same size. It's completely obvious and simple. Your attack may work in theory, but it would never work in practice.
MD5 does not work this way. In addition, an image rendering or grayscale conversion is not a 1 to 1 mapping, meaning that similar images don't render to the same grayscale image. Resizing the image does nothing but decrease the input data while also costing CPU time to do a transformation. I'm not even sure if this is more efficient than just hashing the larger image.
More likely what they are doing is using an image matching algorithm, not a hashing function, as the second stage. Hashing is probably just a simple and quick way to weed out the idiots.
To exceed a.1% chance of finding a match with MD5 (a 128-bit hash) you would need to compare
n(p;H) ~ sqrt( 2*H*ln (1/(1-p)) )
n(.001;2^(32-1)) ~ 2^60
pictures. So to have a.1% of finding a collision of a legitimate picture and malicious picture in the FBI database one would have to compare about 830,000,000,000,000,000 pictures (8.3*10^17). You don't understand what it means to say that "MD5 is broken." Please leave the cryptography to the cryptographers.
Actually, you are wrong about the National Socialist Worker's Party. Ideologically, the Nazis and the Communists couldn't be more divided. That's one of the reasons why Nazi Germany was considered one of the greatest threats to the Soviet Union.
You would have been correct had you said that, practically the Nazi Party and the Soviet Communist Party were very similar. This is true as both governments essentially turned into authoritarian states. Ideologically though, one is far left, one is far right.
Appx is an abbreviation for approximately. Not the standard, no, but that was clearly on purpose. I don't know how you would accidentally type p, then x.
No. This is not the year of the Linux desktop. Next year is not. The next 5 years are not. Linux is still far too unfamiliar and unsupported for desktop users and the GUI is substandard. Linux will not be on the desktop until you truly never have to touch the command line. Ever. Even when something goes wrong or your hardware is unsupported (actually, it won't be on the desktop until linux is supported by all the major vendors).
On the other hand this is the year/years of the Linux server. Linux has been growing in the enterprise market for years now and it will just keep continuing to grow. Linux servers can be flexible, scalable, and stable with the right administrators and enterprise is the perfect area for Linux to mature in. There are numerous reasons why a Unix based system is good for server farms and Linux will continue to gain market share on those reasons.
Even more than that, let's talk about the basic laws of thermodynamics. Electrical energy is a form of energy. Work is also energy, and the transformation of electrical energy enables us to do work in many different ways. The entire basis of civilization is to locally decrease entropy by doing work that increases global entropy - essentially humanity is destined to do work.
Decreasing our energy consumption is not an answer. Increasing efficiency is fine, but there is always an ideal (Carnot) efficiency. What happens when we hit that wall? Start using less electricity and doing less useful work? Of course not. The answer to insufficient electrical capacity isn't to decrease our energy usage, its to find new, clean sources of electricity with which to increase our electrical capacity. I'm proud to be a geek and proud to use computers and I will not apologize for using electricity to do my work.
I'm all for efficiency increases, but that is a stop-gap, not a solution. Nuclear power, solar power, wind power, hydroelectric power - those are solutions (more or less).
Heh. Lemme guess, you've never contributed to the Linux kernel or done any noteworthy coding in your life?
GNU's kernel isn't finished, so GNU is used with the kernel Linux. The combination of GNU and Linux is the GNU/Linux operating system, now used by millions.
That's from http://www.gnu.org/, titled "The GNU Operating System." GNU/Linux is in no way the kernel - Linux is the kernel, which is under the GPLv3. GNU is the system of userspace utilities that are bundled with the linux kernel in order to construct the GNU/Linux Operating System.
Just because you have never used GNU/Linux without the additives like X or a package manager doesn't mean its not possible. In fact, it was the only thing that was possible in the early 90s when the Linux kernel was first developed.
You can still construct the plain vanilla GNU/Linux operating system using the Linux From Scratch guide http://www.linuxfromscratch.org/lfs/. GNU offers its userspace utilities separately and Linux also provides its kernel as a standalone download at kernel.org.
Wrong. GNU/Linux is an operating system. Linux is the kernel in that operating system. Distributions such as Fedora and Ubuntu are extensions on the GNU/Linux operating system.
It seems like these days Congress believes they're experts at everything. Legislation on the internet? We don't need to hear from engineers or computer scientists or anyone else with credentials in the field cause, goddamn, getting a juris doctor gives you a doctorate in everything.
I think this is happening more and more, especially in the sciences, as laymen try and insinuate that scientists actually don't know any more than them. Just 30 years ago a scientific opinion would have been worth much more.
I'm not sure what's responsible for this change in attitudes (perhaps the general anti-intellectual culture in the United States) but it's very discouraging that its become so prevalent in legislation. To be sure there are some Congressmen that still respect the opinions of the experts but I am disheartened at the amount of clearly poorly thought out technical legislation that has come out of both parties. Unlike many though, I'm not going to play the cynical middle ground and say both parties are equally horrible. The Republican Party has of late, especially with evolution, portrayed an absolutely disgusting portrait of some of America's brightest scientists and their work.
Still, slap a "protect the children tag" on it and I'm sure that a number of pathetic pandering Democrats will jump on it like always.
Essentially, you're talking about the Commerce Clause in Sec. 8 and its traditional legal interpretation. You have to be careful with the current Supreme Court as it is highly inclined to abandon precedent to side with an ideological viewpoints (see recent 2nd Amendment decision). However, the stare decisis in this case is very wide ranging and fairly conclusive that Network Neutrality legislation would be completely legal.
While you may argue that an intrastate TCP/IP network connection may fail to be regulated in the wording of the Constitution, it is more important to look at the precedent that US courts have set in the past. In the case of the Commerce Clause, the stare decisis basically grants Congress authority on anything that could ever possibly have a reasonable interstate commerce and has a legitimate federal interest.
There are a lot of court cases that have built up this interpretation, but if you are interested, probably the most relevant case is Swift v. US (1905), which ruled that Congress could even regulate local commercial ventures if they had any kind of indirect effect on interstate commerce. I am sure that the argument would succesfully be made that even local internet traffic has the potential to impact interstate traffic. If you want more information, some of the most important cases are Gibbons v. Ogden, National Labor Relations Board v. Jones & Laughlin Steel Corporation and, in recent years, US v. Lopez, US v. Morrison, and Gonzales v. Raich (decided just 3 years ago and supports my argument).
I will not comment on my opinions on network neutrality as I do not believe it is relevant to this question. I am simply providing a legal interpretation, which is that this would be rules legal.
As a cryptographic specialist, I feel required to point out that all common encryption algorithms are "representation changes." Modern ciphers are just complicated combinations of substitution and transposition at a sufficiently abstracted level. The term S-box is an abbreviation of "Substitution box."
And my point was, and this is the point that cryptographers make all the time, if you cannot establish a secure channel for communicating information, do not communicate information. And yes, that may mean that you can't download a linux distribution.
"Use SSL" isn't necessarily the solution in all cases, but I'd be willing to bet that "use cryptography" is.
Right... so you wouldn't negotiate with the server. I'm not sure what you're saying. If you don't have a secure connection, you make do with no connection. There's no "oh well, I tried to do it securely, but it didn't work."
Well then you go ahead and find out who she is and create a website dedicated to calling her a whore and a baby eater and see what happens. I think you'll find out that there doesn't have to be a monetary loss. If that was the case a lot of cases of harassment would be thrown out.
It is and they are. Legally, there is also no case for harassment here. Not only was the page not intended for the purpose of intimidating the principal, but the principle wasn't meant to view it. Furthermore, criminal harassment is in the penal law (hint: see Title 18, Section I US criminal code) and is not a tort. The principal can not charge her with harassment - that is the job of the DA and I promise you he would laugh in the principal's face if the principal asked him to bring charges. Libel (which this case would fall under) is a subsection of the defamation tort and is what the principal would sue under.
It is clear you are not only not a lawyer, but you do not even have a cursory knowledge of the law or training in it. You can say how morally and ethically reprehensible this is, but, according to the lawyer to whom I spoke, this general type of case would be very difficult and expensive for the plaintiff to win, especially as a private citizen with limited funds. The legal system is inherently adjusted to view speech as unrestricted and therefore very specific conditions and strong evidence of intent, harm, falsity, and absolute void of criticism are required. Even the Slashdot bible, wikipedia, notes:
Later Supreme Court cases dismissed the claim for libel and forbade libel claims for statements that are so ridiculous to be clearly not true, or are involving opinionated subjects such as one's physical state of being... Defamation law in the United States is much less plaintiff-friendly than its counterparts in European and the Commonwealth countries, due to the enforcement of the First Amendment.
I think the best that he could hope for in this case is an injunction and huge amounts of money lost on legal fees.
The PROPER response to this incident is to bring the kid and the parents to his office and get them to take it down voluntarily. I doubt very much the parents would be happy with their child after hearing about it.
Actually, this was exactly the system the founding fathers intended - there is a clear separation of jurisdiction in this case and the principal, effectively acting as a representative of the state executive branch, overstepped his bounds in what should be a judicial matter.
No, there was no case for libel. No demonstrable (monetary) harm was done. This is almost necessary, de facto see my previous post. Also, your argument is completely fallacious - the principal overstepped his legal bounds, regardless of what "could have" happened.
It's not a question of "could" its a question of "did." And no court-worthy harm came from this.
Sorry to say, but unless things change in the future, this girl was totally and completely in the clear, legally. As it should be. Disrespect is a form of free speech too. And it doesn't have to be constructive, either.
Actually, libel and slander are extremely hard to prove in court. Credibility and image are very rarely enough simply because there isn't a preponderance of evidence. Libel and slander cases are so rare for this fact. Very often you need to show some kind of quantifiable monetary damages to get a judge to side with you. Of course there are exceptions, but that's the general rule.
I am not a lawyer but this was what was told to me by a constitutional lawyer. Also, the principal clearly overstepped his bounds - disrespectful or not, he has no jurisdiction outside of school.
... Yeah it is -- turn on antialiasing, high resolution, and all the other crap and get a really crappy graphics card. You'll see your CPU usage shoot up quite a lot.
Oh - I'm not speaking to the typical user. The typical user probably has a keylogger or trojan that makes this all void. I'm speaking to those who are security literate and want to choose both the simplest and most secure solution.
Personally, I use GPG and have an encrypted hard drive and I feel far more comfortable using IMAP over TLS after compromising Gmail with an XSS exploit.
Slashdot Mirror
There are two issues that need to be addressed here; earmarks and bipartisanship.
Healthcare, the economy, Iraq, energy policy, foreign policy - none of those matter? You've got some pretty shitty priorities right there.
Let's start with earmarks. I'm not sure what god-forsaken civics class you took in primary school, but it obviously wasn't clear about the role of the different branches of the United States government. To put it simply, we have Congress, who's job is to make laws. The judicial branch is responsible for interpreting the law, including its Constitutionality. Then we have the executive branch. The primary purpose of the executive branch is to enforce laws already in place. The president has a limited power to veto a law passed up from Congress, but that does not make him part of the legislative branch.
With all the talk about earmarks you'd think John McCain is running for president of the Senate. Guess what: the primary responsibility of the president isn't to veto bills containing earmarks (in many cases they are budget bills that have to be passed by a certain date and he really can't veto them), it isn't even the secondary responsibility. The veto is a check by the executive on the legislative to prevent the legislative branch from becoming too powerful. According to legal scholars, this is the least likely thing to happen - the executive branch has grown far beyond its original size. Earmarks should be so far down on the list of presidential priorities it shouldn't even enter into the debate.
There is one candidate in this election that has a known record of reaching across the aisle and working with the "other side".
Now we can talk about bipartisanship. Nice buzzword but what it really means is "we're going to 'compromise' with the bullshit the other party is spewing out in an effort to look helpful. Even though we know that we should stop being pussies and stick by our beliefs." When decisions and legislation come around on civil rights, evolution, and separation of church and state come around, I don't want any bipartisan "compromising" to be going on. So what if it puts a stick up the Republican's ass - if you disagree, say that you disagree and stick by your principles.
We insult politicians for pandering and taking both sides of the issue to gather voters on both sides of the isle and then we complain when they aren't "bipartisan" enough. There's a reason most of these people are running on the Democratic ticket - they agree with the Democratic principles. If I elect a Democrat I damn well expect a Democrat in office.
I did account for the weaknesses of md5. To achieve the collision, one has to have the ability to control or modify both images. The file you linked managed to do it because they could just add garbage onto the end of an executable. Even if you could enter it into the database, the first thing that I would compare to check if two files are equal is if they are the same size. It's completely obvious and simple. Your attack may work in theory, but it would never work in practice.
MD5 does not work this way. In addition, an image rendering or grayscale conversion is not a 1 to 1 mapping, meaning that similar images don't render to the same grayscale image. Resizing the image does nothing but decrease the input data while also costing CPU time to do a transformation. I'm not even sure if this is more efficient than just hashing the larger image.
More likely what they are doing is using an image matching algorithm, not a hashing function, as the second stage. Hashing is probably just a simple and quick way to weed out the idiots.
To exceed a .1% chance of finding a match with MD5 (a 128-bit hash) you would need to compare
n(p;H) ~ sqrt( 2*H*ln (1/(1-p)) )
n(.001;2^(32-1)) ~ 2^60
pictures. So to have a .1% of finding a collision of a legitimate picture and malicious picture in the FBI database one would have to compare about 830,000,000,000,000,000 pictures (8.3*10^17). You don't understand what it means to say that "MD5 is broken." Please leave the cryptography to the cryptographers.
Actually, you are wrong about the National Socialist Worker's Party. Ideologically, the Nazis and the Communists couldn't be more divided. That's one of the reasons why Nazi Germany was considered one of the greatest threats to the Soviet Union.
You would have been correct had you said that, practically the Nazi Party and the Soviet Communist Party were very similar. This is true as both governments essentially turned into authoritarian states. Ideologically though, one is far left, one is far right.
Appx is an abbreviation for approximately. Not the standard, no, but that was clearly on purpose. I don't know how you would accidentally type p, then x.
No. This is not the year of the Linux desktop. Next year is not. The next 5 years are not. Linux is still far too unfamiliar and unsupported for desktop users and the GUI is substandard. Linux will not be on the desktop until you truly never have to touch the command line. Ever. Even when something goes wrong or your hardware is unsupported (actually, it won't be on the desktop until linux is supported by all the major vendors).
On the other hand this is the year/years of the Linux server. Linux has been growing in the enterprise market for years now and it will just keep continuing to grow. Linux servers can be flexible, scalable, and stable with the right administrators and enterprise is the perfect area for Linux to mature in. There are numerous reasons why a Unix based system is good for server farms and Linux will continue to gain market share on those reasons.
Even more than that, let's talk about the basic laws of thermodynamics. Electrical energy is a form of energy. Work is also energy, and the transformation of electrical energy enables us to do work in many different ways. The entire basis of civilization is to locally decrease entropy by doing work that increases global entropy - essentially humanity is destined to do work.
Decreasing our energy consumption is not an answer. Increasing efficiency is fine, but there is always an ideal (Carnot) efficiency. What happens when we hit that wall? Start using less electricity and doing less useful work? Of course not. The answer to insufficient electrical capacity isn't to decrease our energy usage, its to find new, clean sources of electricity with which to increase our electrical capacity. I'm proud to be a geek and proud to use computers and I will not apologize for using electricity to do my work.
I'm all for efficiency increases, but that is a stop-gap, not a solution. Nuclear power, solar power, wind power, hydroelectric power - those are solutions (more or less).
Sorry, typo, that's GPLv2 not v3. Although the GNU utilities are GPLv3.
Heh. Lemme guess, you've never contributed to the Linux kernel or done any noteworthy coding in your life?
GNU's kernel isn't finished, so GNU is used with the kernel Linux. The combination of GNU and Linux is the GNU/Linux operating system, now used by millions.
That's from http://www.gnu.org/, titled "The GNU Operating System." GNU/Linux is in no way the kernel - Linux is the kernel, which is under the GPLv3. GNU is the system of userspace utilities that are bundled with the linux kernel in order to construct the GNU/Linux Operating System.
Just because you have never used GNU/Linux without the additives like X or a package manager doesn't mean its not possible. In fact, it was the only thing that was possible in the early 90s when the Linux kernel was first developed.
You can still construct the plain vanilla GNU/Linux operating system using the Linux From Scratch guide http://www.linuxfromscratch.org/lfs/. GNU offers its userspace utilities separately and Linux also provides its kernel as a standalone download at kernel.org.
Wrong. GNU/Linux is an operating system. Linux is the kernel in that operating system. Distributions such as Fedora and Ubuntu are extensions on the GNU/Linux operating system.
It seems like these days Congress believes they're experts at everything. Legislation on the internet? We don't need to hear from engineers or computer scientists or anyone else with credentials in the field cause, goddamn, getting a juris doctor gives you a doctorate in everything.
I think this is happening more and more, especially in the sciences, as laymen try and insinuate that scientists actually don't know any more than them. Just 30 years ago a scientific opinion would have been worth much more.
I'm not sure what's responsible for this change in attitudes (perhaps the general anti-intellectual culture in the United States) but it's very discouraging that its become so prevalent in legislation. To be sure there are some Congressmen that still respect the opinions of the experts but I am disheartened at the amount of clearly poorly thought out technical legislation that has come out of both parties. Unlike many though, I'm not going to play the cynical middle ground and say both parties are equally horrible. The Republican Party has of late, especially with evolution, portrayed an absolutely disgusting portrait of some of America's brightest scientists and their work.
Still, slap a "protect the children tag" on it and I'm sure that a number of pathetic pandering Democrats will jump on it like always.
Essentially, you're talking about the Commerce Clause in Sec. 8 and its traditional legal interpretation. You have to be careful with the current Supreme Court as it is highly inclined to abandon precedent to side with an ideological viewpoints (see recent 2nd Amendment decision). However, the stare decisis in this case is very wide ranging and fairly conclusive that Network Neutrality legislation would be completely legal.
While you may argue that an intrastate TCP/IP network connection may fail to be regulated in the wording of the Constitution, it is more important to look at the precedent that US courts have set in the past. In the case of the Commerce Clause, the stare decisis basically grants Congress authority on anything that could ever possibly have a reasonable interstate commerce and has a legitimate federal interest.
There are a lot of court cases that have built up this interpretation, but if you are interested, probably the most relevant case is Swift v. US (1905), which ruled that Congress could even regulate local commercial ventures if they had any kind of indirect effect on interstate commerce. I am sure that the argument would succesfully be made that even local internet traffic has the potential to impact interstate traffic. If you want more information, some of the most important cases are Gibbons v. Ogden, National Labor Relations Board v. Jones & Laughlin Steel Corporation and, in recent years, US v. Lopez, US v. Morrison, and Gonzales v. Raich (decided just 3 years ago and supports my argument).
I will not comment on my opinions on network neutrality as I do not believe it is relevant to this question. I am simply providing a legal interpretation, which is that this would be rules legal.
As a cryptographic specialist, I feel required to point out that all common encryption algorithms are "representation changes." Modern ciphers are just complicated combinations of substitution and transposition at a sufficiently abstracted level. The term S-box is an abbreviation of "Substitution box."
And my point was, and this is the point that cryptographers make all the time, if you cannot establish a secure channel for communicating information, do not communicate information. And yes, that may mean that you can't download a linux distribution.
"Use SSL" isn't necessarily the solution in all cases, but I'd be willing to bet that "use cryptography" is.
Right... so you wouldn't negotiate with the server. I'm not sure what you're saying. If you don't have a secure connection, you make do with no connection. There's no "oh well, I tried to do it securely, but it didn't work."
Well then you go ahead and find out who she is and create a website dedicated to calling her a whore and a baby eater and see what happens. I think you'll find out that there doesn't have to be a monetary loss. If that was the case a lot of cases of harassment would be thrown out.
It is and they are. Legally, there is also no case for harassment here. Not only was the page not intended for the purpose of intimidating the principal, but the principle wasn't meant to view it. Furthermore, criminal harassment is in the penal law (hint: see Title 18, Section I US criminal code) and is not a tort. The principal can not charge her with harassment - that is the job of the DA and I promise you he would laugh in the principal's face if the principal asked him to bring charges. Libel (which this case would fall under) is a subsection of the defamation tort and is what the principal would sue under.
It is clear you are not only not a lawyer, but you do not even have a cursory knowledge of the law or training in it. You can say how morally and ethically reprehensible this is, but, according to the lawyer to whom I spoke, this general type of case would be very difficult and expensive for the plaintiff to win, especially as a private citizen with limited funds. The legal system is inherently adjusted to view speech as unrestricted and therefore very specific conditions and strong evidence of intent, harm, falsity, and absolute void of criticism are required. Even the Slashdot bible, wikipedia, notes:
Later Supreme Court cases dismissed the claim for libel and forbade libel claims for statements that are so ridiculous to be clearly not true, or are involving opinionated subjects such as one's physical state of being... Defamation law in the United States is much less plaintiff-friendly than its counterparts in European and the Commonwealth countries, due to the enforcement of the First Amendment.
I think the best that he could hope for in this case is an injunction and huge amounts of money lost on legal fees.
The PROPER response to this incident is to bring the kid and the parents to his office and get them to take it down voluntarily. I doubt very much the parents would be happy with their child after hearing about it.
Or go to court. She'd probably win. No libel case here.
Actually, this was exactly the system the founding fathers intended - there is a clear separation of jurisdiction in this case and the principal, effectively acting as a representative of the state executive branch, overstepped his bounds in what should be a judicial matter.
No, there was no case for libel. No demonstrable (monetary) harm was done. This is almost necessary, de facto see my previous post. Also, your argument is completely fallacious - the principal overstepped his legal bounds, regardless of what "could have" happened.
It's not a question of "could" its a question of "did." And no court-worthy harm came from this.
Sorry to say, but unless things change in the future, this girl was totally and completely in the clear, legally. As it should be. Disrespect is a form of free speech too. And it doesn't have to be constructive, either.
Actually, libel and slander are extremely hard to prove in court. Credibility and image are very rarely enough simply because there isn't a preponderance of evidence. Libel and slander cases are so rare for this fact. Very often you need to show some kind of quantifiable monetary damages to get a judge to side with you. Of course there are exceptions, but that's the general rule.
I am not a lawyer but this was what was told to me by a constitutional lawyer. Also, the principal clearly overstepped his bounds - disrespectful or not, he has no jurisdiction outside of school.
... Yeah it is -- turn on antialiasing, high resolution, and all the other crap and get a really crappy graphics card. You'll see your CPU usage shoot up quite a lot.
Hitler
Oh - I'm not speaking to the typical user. The typical user probably has a keylogger or trojan that makes this all void. I'm speaking to those who are security literate and want to choose both the simplest and most secure solution.
Personally, I use GPG and have an encrypted hard drive and I feel far more comfortable using IMAP over TLS after compromising Gmail with an XSS exploit.