What sort of tests have you run on it? My home machine would misbehave occasionally, with random applications crashing. I tested it with Memtest86+, and it didn't find any problems. Since I run Linux, I tried repeated kernel compiles next. Doing that, I found it couldn't manage more than two or three complete compiles without the compiler failing. In my case, re-arranging my DIMMs cleared it up. But since one of the DIMM's was bought at fire sale prices at a computer surplus show, I don't think I can blame my crashes on AMD. What's my point? I don't know, other than saying that memory is a ripe place for problems and it's not unheard of for diagnostics for a specific subsystem to not pick up problems.
Do they come with a handle on the bridge to push them up with, or do you still have to find an aftermarket dealer?
Unfortunately, that's where the laser beam goes so the aftermarket may be out of luck. From the article: These will most probably use an infrared laser built into the bridge of the glasses At least they know enough to use infrared instead of visible lest the wearer go cross-eyed.
Thank you. I actually don't recall it being that far ahead of the election, so thanks for correcting me.
The question you should be asking yourself is why you have such a skewed impression of the facts to begin with?
it is possible to conclude that the media is biased without being a lock-step partisan.
If the media has a bias, it would best be described as a pro-corporate bias. The perpetual accusation of the media having a liberal bias is just something which the right perceives because they are to the right of center. People on the left perceive the media as being to the right. By and large the media is moderate and centrist if for no reason other than they don't want to offend too many people.
I also believe the media is portraying the war in a biased way by only showing bad news ("If it bleeds, it leads."),
Another perpetual right-wing whine. If fact, the media is very restrained in their coverage of the war. Picture of yesterdays bloody dead and wounded soldiers would be the headline every single day otherwise. Take my local newspaper today for example. On page 7B there is a single sentence at the bottom of the page: "The latest deaths reported by the military: Two soldiers were killed Friday in western Anbar province.". That's it. And that's pretty much how it is every day. Soldiers bleed and it does not lead.
Newsweek reported in 2004, that by their editor-in-chief's estimate, slanted media swung the polls 15% away from Bush.
Link please. I find this little quip to be quite unbelievable. I'm sure there is some nugget of truth in there, but this sounds basically like typical right-wing propaganda. The famed liberal media tells lies, and if they had only reported the truth the GOP would win with overwhelming landslide victories. Your bullshit detector should have gone off immediately on that one and you should have a link to the story because you should have checked it out as soon as you read it. I could be wrong, but somehow I doubt it. If the media was really so biased and slanted, would they come out and tell everyone? The story doesn't even make sense.
Just like your earlier characterization of the whole Rather story. The spin you have on that story doesn't make sense either. The central nugget of truth is that CBS didn't take enough time to make sure the story was solid. But the spin is that they sat on it so they could spring it right before the election? The spin you got is the opposite of what happend.
Or take for example "Dan Rather was a foaming-at-the-mouth enemy of Bush" and "nasty little hatemonger Katie Couric". I mean come on, Katie Couric a "hatemonger"? WTF? I don't know what blogs you read to get your opinions from, but they are seriously out of touch. Do you even know what you sound like when you talk like that?
Far from being a "tool" of the GOP, I want to support changes to the system to break the Duopoly of the Know-Nothing Party and the Do-Nothing Party (assign as you see fit) and get some other organizations in the mix.
Well, I certainly agree with the last part of that. That's why I usually vote Libertarian when given the chance. But if you don't want to be perceived as a tool of the GOP, you need to stop falling for their propaganda.
OK, I've decided to stop trolling and ask a serious question. You asked me:
Whether the story is true or not, if CBS News spends _5 years_ working on something and the best they can come up with is a document that doesn't even _begin_ to look real, and then springs it just days before an election, doesn't that look even a bit suspicious?
And I agree. That would look a bit suspicious. But your question contains two false premises. CBS was not working on this story for five years. They had gotten the papers in question on August 24th, 2004. Basically two weeks before they ran the story. Not even close to five years. You could argue you meant the story about Bush's preferential treatment in the ANG, but that story was making headlines in 1999 before his first election. It's quite easy to pull up old news articles about it. In no way was the overall story of Bush's preferential treatment a new story in 2004.
Second, they did not "spring" the story days before the election. They ran it September 8th, 2004. The election was November 2nd, 2004. Almost a full two months. To claim that they tried to spring the story to swing the election implies that they tried to time it such that the Bush administration wouldn't be able to adequately respond before the election. Two months was of course plenty of time for them to respond. In fact, CBS news was driven back and was apoligizing on the 20th, less than two weeks after the story aired. But with the election still over a month away.
What do you expect from the network that brought us: "OK. I admit it was forged, but it's still true." and is courting that nasty little hatemonger Katie Couric to be an anchor.
In the context of CBS reporting on the nasty things the current GOP administration is up to bascially amounts to an attempt to deflect attention from the real story (GOP malfeasance) by disparaging CBS News. Were you trying to imply that the science story is false? Or is that just an accident? Also note that your first post contains name calling "nasty little hatemonger" and illegitimate use of quotes "OK. I admit is was forged, but it's still true." Me thinks it's time for you to jump off your high horse.
Just what were you trying to accomplish with that post? Actually, don't bother. I've got better things to do today than troll for GOP fan boys.
Tell you what, graduate from high school and read a few books and then come back and we'll have a talk.
Oooh. The ad-hominem. Nice. Tell you what, I graduated from high school almost 20 years ago and have read more than a few books. Wanna talk about the lies the GOP tells and the tools that believe them now?
Because Dan Rather was a foaming-at-the-mouth enemy of Bush who would willingly end his career in well-deserved disgrace after transparently trying to swing a presidential election at the last minute means _I'm_ a tool of the GOP?
Wow. I think I hit a nerve. How on Earth you could get so wound up about a journalist is amazing. Of course, no where do you deny that Bush was in fact given special treatment. Probably because it's so blatantly obvious even a tool like yourself can't deny it. But to be a GOP-boy these days, you have to swallow so much bullshit it's amazing. Believing Bush actually served his country in a more meaningful way than Kerry makes you a tool. Believing that Saddam was involved in 9/11 makes you a tool. Believing the GOP cares about the rule of law even as they institute the rule of man makes you a tool. Believing the GOP cares about fiscal responsibility as they drive the deficit into the floor makes you a tool. Believing that we invaded Iraq to bring them democracy makes you a tool. Not being up in arms over the manipulation of facts and science the administration is up to which this thread is about and taking pot shots at CBS instead makes you a tool.
an objective response to a political comment
Lead the way tool. It's not like your parent post I responded to in the first place was anything but flame bait.
And others have decided that they are not forgeries. Wikipedia article on the authenticity of the documents. Since there is no original document to authenticate, the issue will probably never be resolved unless either the true original surfaces or the forger comes forward. None of which changes the fact that the content of the memos seems to be largely correct, which really should be considered a more important fact. Or that your post is engaging in exactly the type of "smearing your enemies" that you seem to be upset about. Note the use of quotes to indicate an actual quote there, rather than a fabricated one.
See, Dan Rather never said that. And in fact, the documents were never proven to be forgeries. Moreover, the content of the documents is known to be accurate. Bush did get preferential treatment.
It's all about smearing your enemies and promoting your agenda.
Something the GOP seems very good at. They even have you manufacturing inaccurate little "quotes" and posting them on web sites. Such a little tool.
False. I re-read the paper just to make sure I didn't miss anything. They have an example of a working atttack against an Oracle database. Their attack is 127 bytes long in a system with a 128 byte data field. Where is the buffer overflow?
but blowing up airports using a buffer overflow on a malicious tag can easily be prevented.
And as I said, that's a dangerous attitude. The problem goes beyond mere bounds checking on the buffer. And if you were actually in charge of designing such a system using that attitude, you would almost certainly screw it up. Go and actually read the paper. Note that they give a list of seven recommendations to mitigate the risk. See numbers 2 and 3 especially, as they are the actual attack vectors in the example, not a buffer overflow.
Not only this, but a single check on the length of the tag would be sufficient against this attack.
Not true. The article specifically mentions potential SQL injection attacks, which are not caught by a simple length check. Also, you are assuming that the tag contains nothing more complex than a single ID number. As the complexity of the data in the tag goes up, so does the complexity of the parsing code for that data. Take for example including a picture of the owner in the RFID tag inside of a passport. Now the outside data is being fed to a some type of image decompression software with all sorts of opportunities for vulnerable bugs. Not only is image data likely to be a component of lots of RFID data, image decompression routines have historically been fertile ground to exploitable code bugs.
None of which is to say that the problem isn't manageable, but just that it's a lot more involved than a single length check. In fact, it's that kind of thinking which leads to vulnerable bugs. "Hey, this 1KB of random data is the right length, it must be OK. No need to worry about bugs anywhere else in the system." Riiiight.
The article says that "Hundreds of millions of dollars of assets have been frozen." Does anybody believe that terrorists are funded to the tune of hundreds of millions of dollars? What that tells me is that a significant number of the funds being frozen are don't have anything to do with "terrorists". And later "Some estimates put the number of filings in the US alone at 13 million a day." That's almost 5 billion filings a year. Roughly 15 for every man, woman and child in the US every year. At that point, you're not watching for terrorists, you're watching basically everything. So what's the point? Is it really to watch for "teh terrorists"?
NASA = National Aeronautics and Space Administration
Not a word in there about science.
That has got to be about the dumbest fscking argument I've ever seen. Do you actually think that counts for something? Here's something called a fact. Watch out. This might hurt.
DECLARATION OF POLICY AND PURPOSE Sec. 102.(d) The aeronautical and space activities of the United States shall be conducted so as to contribute materially to one or more of the following objectives:
(1) The expansion of human knowledge of the Earth and of phenomena in the atmosphere and space;
Sounds like science to me. Back under the bridge you little troll!
I don't think the journalists are the ones responsible for these terms. And there are others examples. Take the use of the word "teleport" for a process that the layman would describe as copying. But teleport sounds so much cooler. That's not something the journalists did on their own. The researchers have pushed that term despite the misleading connotations. I'm not the only one who thinks this, there is another post in this same article with the same complaint.
I've come to the conclusion that quantum scientists go out of there way to describe everything in confusing and fantastic terms. Obviously this "computer" is running. It's not like they turned it off and came back in the morning and the "answer" had magically appeared. They may think that all the photons are being captured and so none of them ever enter the "computer" itself. But the work is getting done, so something must be traveling through the "computer". If they don't know what that something is, it doesn't mean that it's nothing. It means that they don't know what it is. What they should say is, "we don't have a frickin' clue how it really works" but that doesn't sound as cool.
There are digital signature schemes where the signature can be small and still secure. (obviouslz if you want the likelyhood of guessing no higher than 2**80, you obviously need a 80 bit signature, but it doesn't need to be 512 bit. (yes RSA works like that, the world is bigger than RSA)
It would still be a pain to use. Can you imagine standing behind folks at the grocery store as they try to enter even 80 bits of information into a keypad?
That being said, you may be rigth that it'd be more practical for the device to be connected to the computer somehow, for example USB. That does however bring a whole host of new security-problems. First of all you need to ENSURE that the device CANNOT sign-off on something without the user actively asking it to, and that it CANNOT sign-off on something other than what the user thinks he is signing.
If you make it a dedicated piece of hardware, it's pretty easy to ensure no malicious code is installed on it. When you start moving into the realm of "let's use the cell phone, because everybody carries one" or "we'll just do the signing on the PC itself" of course it becomes much harder.
My main point is that VISA, Verisign and the other major players does not WANT to do this. *THAT* is the reason it won't happen aslong as payments are handled by them, aslong as they're not forced to do it.
Yes, that's the frustrating part. Knowing that there is a better way, and we'll probably never see it deployed. A dedicated signing device would be useful in tons of situations, and I doubt the hardware would cost more than USD$50 at most in bulk. While the initial deployment might be costly, the long terms savings in reduced fraud, time saved from dealing with forgotten passwords, etc would pay for it in no time I would think.
I don't know enough about other asymmetric algorithms to be able to say that this is always the case though. Elliptic Curve for example makes my head spin. But according to Wikipedia it is believe to require a key size only twice the "security parameter". So if you were happy with 64-bit level security you would only need 128-bit elliptic key. If you encode into 64 valid characters [a-zA-Z0-9()] for example, you get 6 bits per typed character. So you are down to 21 characters to type, and I would say you are pushing the upper limit of what users can be expected to type for a login and at the same time barely meeting a minimum level of security.
You enter this pin into your token, and get a result back that is actually something like: Sign(time+pin+random, your_key)
I don't think this actually works in practice. Who wants to type a digital signature into a web form? No, really. It would be such a collosal pain in the ass nobody would do it. Think about it. You could go with a 512 bit RSA key (quite weak by todays standards.) With RSA, the signatures are the same size as the key. So to type the signature into a web form you need to enter 512 bits of information. If you could actually enter all 255 ASCII codes in directly, it would be 64 key presses. A more realistic example would be entering a 1024 bit signature in hex. That's 256 characters to enter!
Even standard tokens, which use symmetric ciphers, don't have the users enter the entire output of the encryption. Just enough to make guessing unlikely (7 or 8 digits usually.) This works because both sides know the correct "answer" and can calculate the subset which is actually being transferred. But with a public key signature, only one side can calculate the answer. The other side can only verify it. And to verify it, they have to know the entire result. You can't take half of an RSA signature and verify it.
Which isn't to say your idea is totally off base. It would work great IF your token connected to the computer via USB or something. But doing that requires software on the PC, and some sort of more sophisticated web authentication. Entering something into a field in a form won't work. It's a great idea, but has much higher hurdles to adoption.
You seem like a reasonably intelligent person otherwise I wouldn't bother with this. But I'm a little amazed that facts don't seem to have an impact on your position.
1) I don't see it as "spying on Americans". We've both stated our positions, we're going to have to agree to disagree on this one.
I backed up my position with direct quotes from the relevant law. Your position is backed by what exactly? It makes you feel better?
2) Water boarding and sleep deprivation are not "torture". If they brought out the branding iron or something like that, I'd be just as up in arms as you.
It was widely reported that Cheney lobbied against the McCain bill which would explicitly ban the use of torture. So whether your definition includes water boarding or not, Cheney lobbied for it. Where you up in arms then?
3) Enemy combatants should be detained until the end of hostilities. Even if they're citizens of your country. So no sympathy from me for traitors who help Al Qaeda and their ilk. They're no different from the Americans who went to Germany to fight for the Fatherland in WWII.
The crime you are describing is Treason. And it is one of the few crimes which is covered explicitly in the Constituion. In fact, it's covered in Article III "The Judicial Branch". I'd say that's a pretty clear argument that it's a criminal matter that is covered by the courts. Do you have any facts which back up your interpretation?
4) Since when does the judiciary have any authority on the President's war making powers?
See above. I suspect it's been a while since you actually read any of the Consitution. Now might be a good time for you to take a little time, before you piss away all it gives you.
5) The war does have a definied opponent, international terrorist groups and the rogue states who support them. Just because the enemy is amorphous doesn't mean it's not defined. And the victory conditions are clear: destroy them all. Just like in all ways run properly.
There have always been groups which could be labeled "terrorists". And there always will be. And the definition is pretty subjective. The fact is, you can't list the groups and countries which we have to defeat to "win" this war. You can't actually list the victory conditions. Try it. You can't do it. I'll bet you can't even list the "rogue states" which we have to "destroy". And you may want to rephrase that last sentence. It doesn't parse.
Not quite. I'm claiming that the law you're citing doesn't apply to this case.
Why wouldn't it apply? Pretty much the entire purpose of FISA is to define the requirements that need to be met when gathering foreign intelligence. It spells out exactly when the President can perform surveillance without a warrent. And one condition is that "there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party". And the rest of the act goes on to spell out how the judicial oversight works in the cases where that condition (and others) cannot be met. I mean really, this is exactly why FISA was passed. It's an entire law whose only purpose is to cover exactly this situation. And yet somehow it doesn't apply?
I never said, nor implied, that the President is above the law.
Well, one thing you said was It's not uncommon in history for Presidents to site executive privilege on a number of items, this is probably another case of that. But as I maintain, this is a case where there is an explicit law on the books which governs the behavior of the Executive in exactly this situation. So to claim "executive privledge" when there is an explicit law that says otherwise is pretty much claiming to be above the law.
I mean really, where is the limit? Look at what this administration is claiming as it's "rights". It wants to be able to spy on Americans without a warrant. It wants to be able to torture people. And it wants to be able to detain people, even American citizens on American soil, indefinitly. All without any judicial oversight. In the name of a war without a defined opponent or victory conditions. That's a dictatorship. Perhaps the spying doesn't bother you. Does the torture? Does the indefinite detention? Will you finally draw the line when they implement summary execution? Because after all, the AUMF says "all necessary... force". And I'm serious about this, where do you draw the line?
No, I'm repeating what's been reported. You're assuming facts not in evidence, and according to Sam Waterson, that's a no-no. The Federation of American Scientists has a good write-up on it here: http://www.fas.org/sgp/crs/intel/m010506.pdf. Page 2 lists some quotes on what the wiretapping encompasses.
Page two contains nothing about the direction of the calls. You specifically stated "It's a similar circumstance here, except that the originator of the call is outside the country". What page of the CRS report indicates that only inbound call were tapped? That's why I accused you of making shit up. And I stand by that until you can point to a reliable source on the direction of the calls being tapped.
IMO, they probably don't want to jump through any more hoops than is absolutely required, especially hoops they saw as irrelevant.
So you aren't going to try and claim that they actually obeyed the law, but rather that it's OK for them to break the law? Because judicial oversight is required if you want to spy on US citizens. Just so you are clear. You appear to be supporting the position that the President is above the law? That this country is under the rule of men, not the rule of law? If the president decides that killing you and raping your mother is in the country's best interest, it's OK as long as he puts his cowboy hat on first? I know that sounds extreme, but you are claiming that there is no law that limits the behavior of the President and that his power is limitless. If you think there is a limit, where is it?
Hypothetically, I'm suspected of committing some crime. The local police get a warrant and tap my phone. After they do that, I call you and talk to you about seeing a movie or something. Have your rights been violated because the police listened in on your conversation?
It's a similar circumstance here, except that the originator of the call is outside the country and is a suspected enemy of the country, therefore is not entitled to the same rights you and I are.
First, you're just plain making shit up. You don't know that they were only hitting inbound calls. That level of detail about the program hasn't been revealed. If you can point to a reliable source, I'd love to see it.
What we do know is that FISA covers domestic surveillance of foreign targets and the administration did not follow the rules found in FISA. The question I want answered is: Why is the administration evading the legally mandated judicial oversight FISA requires? FISA was passed to make what the administration is doing legal, as long as they allow judicial oversight. Why don't they want that oversight?
Yes, that's very interesting. But we are talking about Microsoft Vista, not Rick's Vision. If a DRM scheme provides easy access to the raw bitstream, even if after entering a key as in your scheme, it's worthless from the point of view of media companies. It's basically the honor system. The media companies would be trusting the users to not just pull the raw bitstream out and save it in a non-DRM format. If the media companies actually trusted their customers, none of this stuff would be happening. So if you find people give you a hard time, it's because you are redefining DRM to mean something else. DRM means exactly what Microsoft is doing. Your vision of 'soft DRM' or whatever, while it might be nice, isn't DRM. It's something else. Make up a new name for it because DRM is taken, and it means "totalitarian tools for enforcing the law".
The problem is if I create an app that tells the driver to spit out music from a DRM'd audio file as a bit stream. Can my app take that stream, apply a new codec and write to disk? doubtful.
Doubtful is not the right phrase. "Not a chance in hell" is more like it. DRM only works if you eliminate access to the raw audio. Apply your own codec to a DRM'd audio file? Ah ha ha ha ha! That's rich. Not if Microsoft has any say about it.
Slashdot Mirror
What sort of tests have you run on it? My home machine would misbehave occasionally, with random applications crashing. I tested it with Memtest86+, and it didn't find any problems. Since I run Linux, I tried repeated kernel compiles next. Doing that, I found it couldn't manage more than two or three complete compiles without the compiler failing. In my case, re-arranging my DIMMs cleared it up. But since one of the DIMM's was bought at fire sale prices at a computer surplus show, I don't think I can blame my crashes on AMD. What's my point? I don't know, other than saying that memory is a ripe place for problems and it's not unheard of for diagnostics for a specific subsystem to not pick up problems.
Do they come with a handle on the bridge to push them up with, or do you still have to find an aftermarket dealer?
Unfortunately, that's where the laser beam goes so the aftermarket may be out of luck. From the article: These will most probably use an infrared laser built into the bridge of the glasses At least they know enough to use infrared instead of visible lest the wearer go cross-eyed.
Thank you. I actually don't recall it being that far ahead of the election, so thanks for correcting me.
The question you should be asking yourself is why you have such a skewed impression of the facts to begin with?
it is possible to conclude that the media is biased without being a lock-step partisan.
If the media has a bias, it would best be described as a pro-corporate bias. The perpetual accusation of the media having a liberal bias is just something which the right perceives because they are to the right of center. People on the left perceive the media as being to the right. By and large the media is moderate and centrist if for no reason other than they don't want to offend too many people.
I also believe the media is portraying the war in a biased way by only showing bad news ("If it bleeds, it leads."),
Another perpetual right-wing whine. If fact, the media is very restrained in their coverage of the war. Picture of yesterdays bloody dead and wounded soldiers would be the headline every single day otherwise. Take my local newspaper today for example. On page 7B there is a single sentence at the bottom of the page: "The latest deaths reported by the military: Two soldiers were killed Friday in western Anbar province.". That's it. And that's pretty much how it is every day. Soldiers bleed and it does not lead.
Newsweek reported in 2004, that by their editor-in-chief's estimate, slanted media swung the polls 15% away from Bush.
Link please. I find this little quip to be quite unbelievable. I'm sure there is some nugget of truth in there, but this sounds basically like typical right-wing propaganda. The famed liberal media tells lies, and if they had only reported the truth the GOP would win with overwhelming landslide victories. Your bullshit detector should have gone off immediately on that one and you should have a link to the story because you should have checked it out as soon as you read it. I could be wrong, but somehow I doubt it. If the media was really so biased and slanted, would they come out and tell everyone? The story doesn't even make sense.
Just like your earlier characterization of the whole Rather story. The spin you have on that story doesn't make sense either. The central nugget of truth is that CBS didn't take enough time to make sure the story was solid. But the spin is that they sat on it so they could spring it right before the election? The spin you got is the opposite of what happend.
Or take for example "Dan Rather was a foaming-at-the-mouth enemy of Bush" and "nasty little hatemonger Katie Couric". I mean come on, Katie Couric a "hatemonger"? WTF? I don't know what blogs you read to get your opinions from, but they are seriously out of touch. Do you even know what you sound like when you talk like that?
Far from being a "tool" of the GOP, I want to support changes to the system to break the Duopoly of the Know-Nothing Party and the Do-Nothing Party (assign as you see fit) and get some other organizations in the mix.
Well, I certainly agree with the last part of that. That's why I usually vote Libertarian when given the chance. But if you don't want to be perceived as a tool of the GOP, you need to stop falling for their propaganda.
OK, I've decided to stop trolling and ask a serious question. You asked me:
Whether the story is true or not, if CBS News spends _5 years_ working on something and the best they can come up with is a document that doesn't even _begin_ to look real, and then springs it just days before an election, doesn't that look even a bit suspicious?
And I agree. That would look a bit suspicious. But your question contains two false premises. CBS was not working on this story for five years. They had gotten the papers in question on August 24th, 2004. Basically two weeks before they ran the story. Not even close to five years. You could argue you meant the story about Bush's preferential treatment in the ANG, but that story was making headlines in 1999 before his first election. It's quite easy to pull up old news articles about it. In no way was the overall story of Bush's preferential treatment a new story in 2004.
Second, they did not "spring" the story days before the election. They ran it September 8th, 2004. The election was November 2nd, 2004. Almost a full two months. To claim that they tried to spring the story to swing the election implies that they tried to time it such that the Bush administration wouldn't be able to adequately respond before the election. Two months was of course plenty of time for them to respond. In fact, CBS news was driven back and was apoligizing on the 20th, less than two weeks after the story aired. But with the election still over a month away.
I'm not defending the GOP. I never was.
What you posted, which started this was:
What do you expect from the network that brought us: "OK. I admit it was forged, but it's still true." and is courting that nasty little hatemonger Katie Couric to be an anchor.
In the context of CBS reporting on the nasty things the current GOP administration is up to bascially amounts to an attempt to deflect attention from the real story (GOP malfeasance) by disparaging CBS News. Were you trying to imply that the science story is false? Or is that just an accident? Also note that your first post contains name calling "nasty little hatemonger" and illegitimate use of quotes "OK. I admit is was forged, but it's still true." Me thinks it's time for you to jump off your high horse.
Just what were you trying to accomplish with that post? Actually, don't bother. I've got better things to do today than troll for GOP fan boys.
Tell you what, graduate from high school and read a few books and then come back and we'll have a talk.
Oooh. The ad-hominem. Nice. Tell you what, I graduated from high school almost 20 years ago and have read more than a few books. Wanna talk about the lies the GOP tells and the tools that believe them now?
Because Dan Rather was a foaming-at-the-mouth enemy of Bush who would willingly end his career in well-deserved disgrace after transparently trying to swing a presidential election at the last minute means _I'm_ a tool of the GOP?
Wow. I think I hit a nerve. How on Earth you could get so wound up about a journalist is amazing. Of course, no where do you deny that Bush was in fact given special treatment. Probably because it's so blatantly obvious even a tool like yourself can't deny it. But to be a GOP-boy these days, you have to swallow so much bullshit it's amazing. Believing Bush actually served his country in a more meaningful way than Kerry makes you a tool. Believing that Saddam was involved in 9/11 makes you a tool. Believing the GOP cares about the rule of law even as they institute the rule of man makes you a tool. Believing the GOP cares about fiscal responsibility as they drive the deficit into the floor makes you a tool. Believing that we invaded Iraq to bring them democracy makes you a tool. Not being up in arms over the manipulation of facts and science the administration is up to which this thread is about and taking pot shots at CBS instead makes you a tool.
an objective response to a political comment
Lead the way tool. It's not like your parent post I responded to in the first place was anything but flame bait.
And others have decided that they are not forgeries. Wikipedia article on the authenticity of the documents. Since there is no original document to authenticate, the issue will probably never be resolved unless either the true original surfaces or the forger comes forward. None of which changes the fact that the content of the memos seems to be largely correct, which really should be considered a more important fact. Or that your post is engaging in exactly the type of "smearing your enemies" that you seem to be upset about. Note the use of quotes to indicate an actual quote there, rather than a fabricated one.
"OK. I admit it was forged, but it's still true."
See, Dan Rather never said that. And in fact, the documents were never proven to be forgeries. Moreover, the content of the documents is known to be accurate. Bush did get preferential treatment.
It's all about smearing your enemies and promoting your agenda.
Something the GOP seems very good at. They even have you manufacturing inaccurate little "quotes" and posting them on web sites. Such a little tool.
It does the injection via buffer overflow.
False. I re-read the paper just to make sure I didn't miss anything. They have an example of a working atttack against an Oracle database. Their attack is 127 bytes long in a system with a 128 byte data field. Where is the buffer overflow?
but blowing up airports using a buffer overflow on a malicious tag can easily be prevented.
And as I said, that's a dangerous attitude. The problem goes beyond mere bounds checking on the buffer. And if you were actually in charge of designing such a system using that attitude, you would almost certainly screw it up. Go and actually read the paper. Note that they give a list of seven recommendations to mitigate the risk. See numbers 2 and 3 especially, as they are the actual attack vectors in the example, not a buffer overflow.
Not only this, but a single check on the length of the tag would be sufficient against this attack.
Not true. The article specifically mentions potential SQL injection attacks, which are not caught by a simple length check. Also, you are assuming that the tag contains nothing more complex than a single ID number. As the complexity of the data in the tag goes up, so does the complexity of the parsing code for that data. Take for example including a picture of the owner in the RFID tag inside of a passport. Now the outside data is being fed to a some type of image decompression software with all sorts of opportunities for vulnerable bugs. Not only is image data likely to be a component of lots of RFID data, image decompression routines have historically been fertile ground to exploitable code bugs.
None of which is to say that the problem isn't manageable, but just that it's a lot more involved than a single length check. In fact, it's that kind of thinking which leads to vulnerable bugs. "Hey, this 1KB of random data is the right length, it must be OK. No need to worry about bugs anywhere else in the system." Riiiight.
The article says that "Hundreds of millions of dollars of assets have been frozen." Does anybody believe that terrorists are funded to the tune of hundreds of millions of dollars? What that tells me is that a significant number of the funds being frozen are don't have anything to do with "terrorists". And later "Some estimates put the number of filings in the US alone at 13 million a day." That's almost 5 billion filings a year. Roughly 15 for every man, woman and child in the US every year. At that point, you're not watching for terrorists, you're watching basically everything. So what's the point? Is it really to watch for "teh terrorists"?
NASA = National Aeronautics and Space Administration
h tml#POLICY
Not a word in there about science.
That has got to be about the dumbest fscking argument I've ever seen. Do you actually think that counts for something? Here's something called a fact. Watch out. This might hurt.
Quoted from the law which created NASA and guides it's purpose. http://www.nasa.gov/offices/ogc/about/space_act1.
DECLARATION OF POLICY AND PURPOSE
Sec. 102.(d) The aeronautical and space activities of the United States shall be conducted so as to contribute materially to one or more of the following objectives:
(1) The expansion of human knowledge of the Earth and of phenomena in the atmosphere and space;
Sounds like science to me. Back under the bridge you little troll!
I don't think the journalists are the ones responsible for these terms. And there are others examples. Take the use of the word "teleport" for a process that the layman would describe as copying. But teleport sounds so much cooler. That's not something the journalists did on their own. The researchers have pushed that term despite the misleading connotations. I'm not the only one who thinks this, there is another post in this same article with the same complaint.
I've come to the conclusion that quantum scientists go out of there way to describe everything in confusing and fantastic terms. Obviously this "computer" is running. It's not like they turned it off and came back in the morning and the "answer" had magically appeared. They may think that all the photons are being captured and so none of them ever enter the "computer" itself. But the work is getting done, so something must be traveling through the "computer". If they don't know what that something is, it doesn't mean that it's nothing. It means that they don't know what it is. What they should say is, "we don't have a frickin' clue how it really works" but that doesn't sound as cool.
There are digital signature schemes where the signature can be small and still secure. (obviouslz if you want the likelyhood of guessing no higher than 2**80, you obviously need a 80 bit signature, but it doesn't need to be 512 bit. (yes RSA works like that, the world is bigger than RSA)
It would still be a pain to use. Can you imagine standing behind folks at the grocery store as they try to enter even 80 bits of information into a keypad?
That being said, you may be rigth that it'd be more practical for the device to be connected to the computer somehow, for example USB. That does however bring a whole host of new security-problems. First of all you need to ENSURE that the device CANNOT sign-off on something without the user actively asking it to, and that it CANNOT sign-off on something other than what the user thinks he is signing.
If you make it a dedicated piece of hardware, it's pretty easy to ensure no malicious code is installed on it. When you start moving into the realm of "let's use the cell phone, because everybody carries one" or "we'll just do the signing on the PC itself" of course it becomes much harder.
My main point is that VISA, Verisign and the other major players does not WANT to do this. *THAT* is the reason it won't happen aslong as payments are handled by them, aslong as they're not forced to do it.
Yes, that's the frustrating part. Knowing that there is a better way, and we'll probably never see it deployed. A dedicated signing device would be useful in tons of situations, and I doubt the hardware would cost more than USD$50 at most in bulk. While the initial deployment might be costly, the long terms savings in reduced fraud, time saved from dealing with forgotten passwords, etc would pay for it in no time I would think.
With RSA, the signatures are the same size as the key.
Is that really the case? I thought that the ciphertext was just as long as the plaintext (and isn't a signature really just ciphertext?)
I won't go into detail here. The Wikipedia entry for rsa explains it better than I can.
I don't know enough about other asymmetric algorithms to be able to say that this is always the case though. Elliptic Curve for example makes my head spin. But according to Wikipedia it is believe to require a key size only twice the "security parameter". So if you were happy with 64-bit level security you would only need 128-bit elliptic key. If you encode into 64 valid characters [a-zA-Z0-9()] for example, you get 6 bits per typed character. So you are down to 21 characters to type, and I would say you are pushing the upper limit of what users can be expected to type for a login and at the same time barely meeting a minimum level of security.
You enter this pin into your token, and get a result back that is actually something like: Sign(time+pin+random, your_key)
I don't think this actually works in practice. Who wants to type a digital signature into a web form? No, really. It would be such a collosal pain in the ass nobody would do it. Think about it. You could go with a 512 bit RSA key (quite weak by todays standards.) With RSA, the signatures are the same size as the key. So to type the signature into a web form you need to enter 512 bits of information. If you could actually enter all 255 ASCII codes in directly, it would be 64 key presses. A more realistic example would be entering a 1024 bit signature in hex. That's 256 characters to enter!
Even standard tokens, which use symmetric ciphers, don't have the users enter the entire output of the encryption. Just enough to make guessing unlikely (7 or 8 digits usually.) This works because both sides know the correct "answer" and can calculate the subset which is actually being transferred. But with a public key signature, only one side can calculate the answer. The other side can only verify it. And to verify it, they have to know the entire result. You can't take half of an RSA signature and verify it.
Which isn't to say your idea is totally off base. It would work great IF your token connected to the computer via USB or something. But doing that requires software on the PC, and some sort of more sophisticated web authentication. Entering something into a field in a form won't work. It's a great idea, but has much higher hurdles to adoption.
How is not being able to do something an "upshot" of owning hardware?
less is more?
Perhaps this will help. Note the distinct lack of value judgements in the definition.
You seem like a reasonably intelligent person otherwise I wouldn't bother with this. But I'm a little amazed that facts don't seem to have an impact on your position.
1) I don't see it as "spying on Americans". We've both stated our positions, we're going to have to agree to disagree on this one.
I backed up my position with direct quotes from the relevant law. Your position is backed by what exactly? It makes you feel better?
2) Water boarding and sleep deprivation are not "torture". If they brought out the branding iron or something like that, I'd be just as up in arms as you.
It was widely reported that Cheney lobbied against the McCain bill which would explicitly ban the use of torture. So whether your definition includes water boarding or not, Cheney lobbied for it. Where you up in arms then?
3) Enemy combatants should be detained until the end of hostilities. Even if they're citizens of your country. So no sympathy from me for traitors who help Al Qaeda and their ilk. They're no different from the Americans who went to Germany to fight for the Fatherland in WWII.
The crime you are describing is Treason. And it is one of the few crimes which is covered explicitly in the Constituion. In fact, it's covered in Article III "The Judicial Branch". I'd say that's a pretty clear argument that it's a criminal matter that is covered by the courts. Do you have any facts which back up your interpretation?
4) Since when does the judiciary have any authority on the President's war making powers?
See above. I suspect it's been a while since you actually read any of the Consitution. Now might be a good time for you to take a little time, before you piss away all it gives you.
5) The war does have a definied opponent, international terrorist groups and the rogue states who support them. Just because the enemy is amorphous doesn't mean it's not defined. And the victory conditions are clear: destroy them all. Just like in all ways run properly.
There have always been groups which could be labeled "terrorists". And there always will be. And the definition is pretty subjective. The fact is, you can't list the groups and countries which we have to defeat to "win" this war. You can't actually list the victory conditions. Try it. You can't do it. I'll bet you can't even list the "rogue states" which we have to "destroy". And you may want to rephrase that last sentence. It doesn't parse.
Not quite. I'm claiming that the law you're citing doesn't apply to this case.
... force". And I'm serious about this, where do you draw the line?
Why wouldn't it apply? Pretty much the entire purpose of FISA is to define the requirements that need to be met when gathering foreign intelligence. It spells out exactly when the President can perform surveillance without a warrent. And one condition is that "there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party". And the rest of the act goes on to spell out how the judicial oversight works in the cases where that condition (and others) cannot be met. I mean really, this is exactly why FISA was passed. It's an entire law whose only purpose is to cover exactly this situation. And yet somehow it doesn't apply?
I never said, nor implied, that the President is above the law.
Well, one thing you said was It's not uncommon in history for Presidents to site executive privilege on a number of items, this is probably another case of that. But as I maintain, this is a case where there is an explicit law on the books which governs the behavior of the Executive in exactly this situation. So to claim "executive privledge" when there is an explicit law that says otherwise is pretty much claiming to be above the law.
I mean really, where is the limit? Look at what this administration is claiming as it's "rights". It wants to be able to spy on Americans without a warrant. It wants to be able to torture people. And it wants to be able to detain people, even American citizens on American soil, indefinitly. All without any judicial oversight. In the name of a war without a defined opponent or victory conditions. That's a dictatorship. Perhaps the spying doesn't bother you. Does the torture? Does the indefinite detention? Will you finally draw the line when they implement summary execution? Because after all, the AUMF says "all necessary
No, I'm repeating what's been reported. You're assuming facts not in evidence, and according to Sam Waterson, that's a no-no. The Federation of American Scientists has a good write-up on it here: http://www.fas.org/sgp/crs/intel/m010506.pdf. Page 2 lists some quotes on what the wiretapping encompasses.
Page two contains nothing about the direction of the calls. You specifically stated "It's a similar circumstance here, except that the originator of the call is outside the country". What page of the CRS report indicates that only inbound call were tapped? That's why I accused you of making shit up. And I stand by that until you can point to a reliable source on the direction of the calls being tapped.
IMO, they probably don't want to jump through any more hoops than is absolutely required, especially hoops they saw as irrelevant.
So you aren't going to try and claim that they actually obeyed the law, but rather that it's OK for them to break the law? Because judicial oversight is required if you want to spy on US citizens. Just so you are clear. You appear to be supporting the position that the President is above the law? That this country is under the rule of men, not the rule of law? If the president decides that killing you and raping your mother is in the country's best interest, it's OK as long as he puts his cowboy hat on first? I know that sounds extreme, but you are claiming that there is no law that limits the behavior of the President and that his power is limitless. If you think there is a limit, where is it?
You're not getting it, so let me put it this way:
Hypothetically, I'm suspected of committing some crime. The local police get a warrant and tap my phone. After they do that, I call you and talk to you about seeing a movie or something. Have your rights been violated because the police listened in on your conversation?
It's a similar circumstance here, except that the originator of the call is outside the country and is a suspected enemy of the country, therefore is not entitled to the same rights you and I are.
First, you're just plain making shit up. You don't know that they were only hitting inbound calls. That level of detail about the program hasn't been revealed. If you can point to a reliable source, I'd love to see it.
What we do know is that FISA covers domestic surveillance of foreign targets and the administration did not follow the rules found in FISA. The question I want answered is: Why is the administration evading the legally mandated judicial oversight FISA requires? FISA was passed to make what the administration is doing legal, as long as they allow judicial oversight. Why don't they want that oversight?
Yes, that's very interesting. But we are talking about Microsoft Vista, not Rick's Vision. If a DRM scheme provides easy access to the raw bitstream, even if after entering a key as in your scheme, it's worthless from the point of view of media companies. It's basically the honor system. The media companies would be trusting the users to not just pull the raw bitstream out and save it in a non-DRM format. If the media companies actually trusted their customers, none of this stuff would be happening. So if you find people give you a hard time, it's because you are redefining DRM to mean something else. DRM means exactly what Microsoft is doing. Your vision of 'soft DRM' or whatever, while it might be nice, isn't DRM. It's something else. Make up a new name for it because DRM is taken, and it means "totalitarian tools for enforcing the law".
The problem is if I create an app that tells the driver to spit out music from a DRM'd audio file as a bit stream. Can my app take that stream, apply a new codec and write to disk? doubtful.
Doubtful is not the right phrase. "Not a chance in hell" is more like it. DRM only works if you eliminate access to the raw audio. Apply your own codec to a DRM'd audio file? Ah ha ha ha ha! That's rich. Not if Microsoft has any say about it.