Actually, the $2 billion in commercial cloud revenue will cut out pretty much everyone except Amazon, Microsoft, and maybe IBM.
Oracle, of course, will fudge their numbers to claim that much from commercial cloud, but I wouldn't believe them. Database, yes. Commercial cloud, no.
The other big player, CSRA, makes most of their revenue off of gov't contracts, not commercial. IBM may be in the same boat. Rackspace comes close, but doesn't hit the $2 billion threshold as of 2014 numbers. (See Wikipedia)
Google is big, but is only FedRAMP Moderate and I have no idea if they have been certified by DISA.
Amazon was the *first* to pass the FedRAMP High test, and first to get approved on all 5 non-classified DISA Impact Levels back in 2014, but is by no means still the only.
Amazon, Microsoft, Oracle, and CSRA are all approved at FedRAMP High levels. For DISA Impact Level 5, the above list is also joined by IBM and possibly others.
It is implied, and the SCOTUS has ruled on it definitively in Reid v Covert (1956).
Justice Hugo Black, author of the majority opinion, sums it up by saying
At the beginning, we reject the idea that, when the United States acts against citizens abroad, it can do so free of the Bill of Rights. The United States is entirely a creature of the Constitution. Its power and authority have no other source. It can only act in accordance with all the limitations imposed by the Constitution.
You're missing one critical element -- and so is the damn story -- whether or not she is a U.S. citizen. The protections of the Constitution *do* apply to U.S. citizens even when outside the country, when applied to actions of the U.S. government. Gitmo's logic only works because the prisoners are "enemy combatants" and not U.S. citizens.
That's an argument for judges to decide, not Cohen. For everyone's sake, I hope judges don't go with the "nevermind the 6th Amendment" attitude.
Yes. The point I was trying to make was, it isn't Cohen deciding -- the judge has already appointed a 3rd party to go thru all seized documents and make a determination. Both the prosecuting and defense attorneys play a role as well. There is even the option of a "taint team" being assigned to assist the defense, if the judge thinks it is needed.
There is a detailed process and it looks like it is being followed carefully, from what few reports I've seen so far.
If the FEC rules on the payments to Stormy Daniels, Trump should abide by the ruling, just like other candidates.
The FEC isn't going to rule, because Trump's campaign didn't ask for an opinion -- they denied the payment occurred originally. The legal problem started when candidate Trump signed the form attesting to the correctness of his filings. He already excluded the payment and swore the numbers were correct. To this day he still denies *he* made a payment, that it was an independent act of a third party -- if it happened at all. Like Nixon before him, this issue will revolve around what the President knew and when he knew it.
Cohen has to proven he isn't lying, yes. HOWEVER, you don't get a deal from a prosecutor just because you say "I've got the goods". You actually have to convince them you have what you say you have before you're going to get any sort of deal. If you *can't* deliver, your deal goes out the window. Also keep in mind the judge has to approve a deal as well. His criteria is different from the prosecutor, and is focused on ensuring the deal is within the norms and there is reasonable belief the individual can deliver. The odds of Cohen lying, considering it would not only get his deal thrown out and angering both the prosecutors and the judges, is very slim.
Attorney-Client privilege doens't extend to assisting in committing or covering up a crime. Cohen's statement that he did what he did at the express direction of Trump, and that he's shown audio tapes of Trump discussing these payments, is enough to give reasonable believe privilege doesn't apply.
Go back and look at the news surrounding the raid on Cohen's hotel and office. There is a court-supervised process for determining what materials are covered by privilege and what aren't. In complex cases, like this one, the judge can bring in a third party to do the reviews and determine what can be used and what can't. They've done that, and between this and normal process, the idea that A-C privilege is going to be a big hurdle is wishful thinking on Trump's part.
Votes for Impeachment (conviction, technically). I, personally, don't care. I'm more interested in 1/21/2020 -- the day Trump leaves office -- and the day, I hope, criminal charges are filed. I'm also not convinced that a sitting President is immune from all prosecution, so I would like to see him charged as soon as the prosecutors believe they have a solid case. If, for not other reason, to see the Courts rule on the immunity of a sitting President from criminal prosecution.
Campaign finance laws have been successfully followed for several years, so arguing they're impossible to meet won't fly. Even it they try that, as you said elsewhere, it isn't the violation of the FEC, it is the cover-up. The law in this area is very, very clear. You follow what the FEC says. If you disagree, you PAY then take it to court/arbitration, you don't refuse to pay and wait to get charged/sued. This is how disputes with landlords and other contracts work, too.
I'm uncertain about this. IANAL, but I know there have been legal rulings and discussions about the difference between compelling a subject to present a KEY -- a physical object -- versus a COMBINATION -- something in your mind, which requires a communicative act and thus could constitute self-incrimination. That would be a violation of your 5th Amendment rights.
There was a lot more surrounding this when phones started adding fingerprint locks. The cops can compel a finger touch, but not, I believe, your passcode.
This is one of those murky areas that would require a team of lawyers and I'm sure would depend on the judge. I've refused to give my phone to cops are traffic stops before, and all I get is a glare. If someone had a warrant, I'd do exactly what my paid-for lawyer said.
I'm not a Democrat or "left", sorry. The simple fact is, the Obama and Biden cases were about incomplete or incorrect paperwork that they later corrected, hence the fine. They never denied the contributions.
Had Trump simply owned up to the payments and corrected the FEC filing, this would be a fine.
They had warrants for essentially everything in the hotel room where he was living and his office. That would cover the shredded documents, and those warrants were issued before the raid.
Nope. Those were paperwork errors that were corrected and thus the fines. Trump claimed the affairs and subsequent payments never happened. Had he owned up to them, then it would have been just like Obama and Biden -- a paperwork error to correct, and a fine. Instead, his lying about it and directing Cohen to make what constitutes an illegal payment brought felony charges.
Good luck arguing that, considering the affairs were in 2006 and he didn't pay until ten years later (2016) -- while a candidate for federal office, and denying the allegations as part of campaigning.
And the comparison to charitable donations is laughable. These things aren't even remotely related. Had he NOT LIED about them, and reported them on the campaign finance form, this would be a blip that would simply be a simple correction and civil fine (like happened with Obama -- a paperwork error). Instead, his mendacity turned it into a felony.
Considering the two relationships were in 2006, and the payoffs were done ten years later in 2016, just before the election, Trump will have an almost impossible task arguing that these payoffs weren't related to his candidacy in a federal election.
The determination of "campaign funds" depends on what it was spent on vs what account it came from.
The bottom line: People sending messages through encrypted apps should probably not hang on to copies of their messages and call logs any longer than they have to if they really want to keep those messages secret.
Apps like Signal protect the messages from in transit snooping, mostly from the telco. However, if you leave the messages on your device, in the app, then anyone with access to your phone can get the messages.
The big questions would be did he encrypt the device itself, and did he use a strong passcode? Pattern unlock and 4-digit PINs aren't difficult to figure out.
Is it? Everything I've read lately is the ISA is free, but there are plenty of blobs for the other components that make an actual processor. It has the potential to be a truly free processor, but the early players don't have the resources for that.
I think POWER9 implementations are, right now, the closest. Raptor Computing Systems is shipping what looks to be real nice, but real EXPENSIVE, stuff. There may also be some OpenSPARC stuff.
Well, I over-simplified. The *site* doesn't have to be compromised, thanks to the way the web works. Injected elements in something like ad rotation will do it. The attacker just has to have SOME way of injecting data into the stream.
It does rely on the ability of the bad guy to inject data and observe the change. Really only plain text stuff going thru a VPN, which almost always means HTTP.
Chrome is immune to this, as it splits the header and body of plain requests into separate packets. Firefox sends them in the same packet, so it is not a mitigation. Safari, IE, Opera, Edge, etc. aren't mentioned in the slides.
A fix would be to simple not compress header fields and only compress body data. A quick fix is to just toggle off compression in the OpenVPN client. This was fixed in HTTP for CRIME and it'll get fixed here. Considering how many websites have migrated to HTTPS-only, I'm not worried.
You're not understanding the attack. It isn't an attack on the encryption itself, but rather taking advantage of the fact that compression happens first and being able to inject some data. By injecting some data that is then compressed, and observing the change in resultant size, they can infer certain things about the encrypted payload.
For example, if the plain text is "AAAABCDEF" a simple compression tool would turn that into "4ABCDEF" before encrypting. The size changed from 9 bytes to 7.
If you can inject AAA and make it "AAAAAAABCDEF" which then compresses to "7ABCDEF", the size of the resulting encrypted string goes from 12 to 7.
Both the 7 byte streams are perfectly encrypted, but I could now infer that multiple As are part of the plaintext.
Yes, this takes the ability to inject data, hence luring to a compromised site. Yes, it takes a LOT of packets to do this, and it really only works on things like web cookies, which are 4K maximum and much smaller in practice.
But is has nothing to do with the quality of the encryption algorithm.
This isn't exactly true. The average person uses "video game" to describe flight simulator software all the time. The FAA permits the use of flight sims for pilot training. That means X-Plane, where you can get the non-FAA certified version, fully tricked out, for under $2,000 -- including the beefed up PC But, you can START for just $60 -- and there isn't much real difference.
In a final rule published on April 11 (2016), the agency increases the aviation training device (ATD) hours pilots can credit toward an instrument rating. The FAA now allows up to 10 hours credit in a basic aviation training device and up to 20 hours in an advanced aviation training device, not to exceed a maximum of 20 total hours under part 61. The previous maximum allowance was 10 hours in an FAA-approved aviation training device.
The FAA Certified version is mostly a USB dongle that enforces frame rate control and a bunch of settings. You can do all that manually on the $60 version.
Common in the United States. Or, at least, it was before Obamacare helped fix it. For years the number one trigger of personal bankruptcy was medical debt.
Your attitude is a big part of the problem. Because YOU PERSONALLY don't see something, it isn't a problem? Please don't do that. The world is bigger than what you personally experience.
Add to that it is lighter than glass, which means it needs less energy/fuel to transport it.
I really do like the aluminum bottles, and they make sense when made from 100% recycled aluminum. They're even cheaper than plastic bottles in terms of energy needed to produce them.
Slashdot Mirror
Including war is dishonest, and that's putting it kindly. Try limiting it to not including wars.
You can filter to just show "approved" and at the High level. That's where I got my initial list from.
https://marketplace.fedramp.gov/#/products?status=Compliant&sort=productName&impactLevel=High
Actually, the $2 billion in commercial cloud revenue will cut out pretty much everyone except Amazon, Microsoft, and maybe IBM.
Oracle, of course, will fudge their numbers to claim that much from commercial cloud, but I wouldn't believe them. Database, yes. Commercial cloud, no.
The other big player, CSRA, makes most of their revenue off of gov't contracts, not commercial. IBM may be in the same boat. Rackspace comes close, but doesn't hit the $2 billion threshold as of 2014 numbers. (See Wikipedia)
Google is big, but is only FedRAMP Moderate and I have no idea if they have been certified by DISA.
Amazon was the *first* to pass the FedRAMP High test, and first to get approved on all 5 non-classified DISA Impact Levels back in 2014, but is by no means still the only.
Amazon, Microsoft, Oracle, and CSRA are all approved at FedRAMP High levels. For DISA Impact Level 5, the above list is also joined by IBM and possibly others.
It is implied, and the SCOTUS has ruled on it definitively in Reid v Covert (1956).
Justice Hugo Black, author of the majority opinion, sums it up by saying
At the beginning, we reject the idea that, when the United States acts against citizens abroad, it can do so free of the Bill of Rights. The United States is entirely a creature of the Constitution. Its power and authority have no other source. It can only act in accordance with all the limitations imposed by the Constitution.
https://www.law.cornell.edu/supremecourt/text/354/1
You're missing one critical element -- and so is the damn story -- whether or not she is a U.S. citizen. The protections of the Constitution *do* apply to U.S. citizens even when outside the country, when applied to actions of the U.S. government. Gitmo's logic only works because the prisoners are "enemy combatants" and not U.S. citizens.
Yes. The point I was trying to make was, it isn't Cohen deciding -- the judge has already appointed a 3rd party to go thru all seized documents and make a determination. Both the prosecuting and defense attorneys play a role as well. There is even the option of a "taint team" being assigned to assist the defense, if the judge thinks it is needed.
There is a detailed process and it looks like it is being followed carefully, from what few reports I've seen so far.
https://www.nytimes.com/2018/06/04/nyregion/cohen-special-master-review.html/
The FEC isn't going to rule, because Trump's campaign didn't ask for an opinion -- they denied the payment occurred originally. The legal problem started when candidate Trump signed the form attesting to the correctness of his filings. He already excluded the payment and swore the numbers were correct. To this day he still denies *he* made a payment, that it was an independent act of a third party -- if it happened at all. Like Nixon before him, this issue will revolve around what the President knew and when he knew it.
Cohen has to proven he isn't lying, yes. HOWEVER, you don't get a deal from a prosecutor just because you say "I've got the goods". You actually have to convince them you have what you say you have before you're going to get any sort of deal. If you *can't* deliver, your deal goes out the window. Also keep in mind the judge has to approve a deal as well. His criteria is different from the prosecutor, and is focused on ensuring the deal is within the norms and there is reasonable belief the individual can deliver. The odds of Cohen lying, considering it would not only get his deal thrown out and angering both the prosecutors and the judges, is very slim.
Attorney-Client privilege doens't extend to assisting in committing or covering up a crime. Cohen's statement that he did what he did at the express direction of Trump, and that he's shown audio tapes of Trump discussing these payments, is enough to give reasonable believe privilege doesn't apply.
Go back and look at the news surrounding the raid on Cohen's hotel and office. There is a court-supervised process for determining what materials are covered by privilege and what aren't. In complex cases, like this one, the judge can bring in a third party to do the reviews and determine what can be used and what can't. They've done that, and between this and normal process, the idea that A-C privilege is going to be a big hurdle is wishful thinking on Trump's part.
Votes for Impeachment (conviction, technically). I, personally, don't care. I'm more interested in 1/21/2020 -- the day Trump leaves office -- and the day, I hope, criminal charges are filed. I'm also not convinced that a sitting President is immune from all prosecution, so I would like to see him charged as soon as the prosecutors believe they have a solid case. If, for not other reason, to see the Courts rule on the immunity of a sitting President from criminal prosecution.
Campaign finance laws have been successfully followed for several years, so arguing they're impossible to meet won't fly. Even it they try that, as you said elsewhere, it isn't the violation of the FEC, it is the cover-up. The law in this area is very, very clear. You follow what the FEC says. If you disagree, you PAY then take it to court/arbitration, you don't refuse to pay and wait to get charged/sued. This is how disputes with landlords and other contracts work, too.
I'm uncertain about this. IANAL, but I know there have been legal rulings and discussions about the difference between compelling a subject to present a KEY -- a physical object -- versus a COMBINATION -- something in your mind, which requires a communicative act and thus could constitute self-incrimination. That would be a violation of your 5th Amendment rights.
There was a lot more surrounding this when phones started adding fingerprint locks. The cops can compel a finger touch, but not, I believe, your passcode.
This is one of those murky areas that would require a team of lawyers and I'm sure would depend on the judge. I've refused to give my phone to cops are traffic stops before, and all I get is a glare. If someone had a warrant, I'd do exactly what my paid-for lawyer said.
https://www.uclalawreview.org/the-fifth-amendment-encryption-and-the-forgotten-state-interest/
I'm not a Democrat or "left", sorry. The simple fact is, the Obama and Biden cases were about incomplete or incorrect paperwork that they later corrected, hence the fine. They never denied the contributions.
Had Trump simply owned up to the payments and corrected the FEC filing, this would be a fine.
They had warrants for essentially everything in the hotel room where he was living and his office. That would cover the shredded documents, and those warrants were issued before the raid.
Nope. Those were paperwork errors that were corrected and thus the fines. Trump claimed the affairs and subsequent payments never happened. Had he owned up to them, then it would have been just like Obama and Biden -- a paperwork error to correct, and a fine. Instead, his lying about it and directing Cohen to make what constitutes an illegal payment brought felony charges.
Good luck arguing that, considering the affairs were in 2006 and he didn't pay until ten years later (2016) -- while a candidate for federal office, and denying the allegations as part of campaigning.
And the comparison to charitable donations is laughable. These things aren't even remotely related. Had he NOT LIED about them, and reported them on the campaign finance form, this would be a blip that would simply be a simple correction and civil fine (like happened with Obama -- a paperwork error). Instead, his mendacity turned it into a felony.
If done with the purpose of influencing a federal election, it is ALL considered campaign funds. https://www.fec.gov/help-candidates-and-committees/candidate-taking-receipts/types-contributions/
Considering the two relationships were in 2006, and the payoffs were done ten years later in 2016, just before the election, Trump will have an almost impossible task arguing that these payoffs weren't related to his candidacy in a federal election.
The determination of "campaign funds" depends on what it was spent on vs what account it came from.
Apps like Signal protect the messages from in transit snooping, mostly from the telco. However, if you leave the messages on your device, in the app, then anyone with access to your phone can get the messages.
The big questions would be did he encrypt the device itself, and did he use a strong passcode? Pattern unlock and 4-digit PINs aren't difficult to figure out.
Is it? Everything I've read lately is the ISA is free, but there are plenty of blobs for the other components that make an actual processor. It has the potential to be a truly free processor, but the early players don't have the resources for that.
I think POWER9 implementations are, right now, the closest. Raptor Computing Systems is shipping what looks to be real nice, but real EXPENSIVE, stuff. There may also be some OpenSPARC stuff.
Let the formal race to the bottom begin!
This should drive prices to consumers down, but might also start shaking out the competition and reduce the number of vendors.
Well, I over-simplified. The *site* doesn't have to be compromised, thanks to the way the web works. Injected elements in something like ad rotation will do it. The attacker just has to have SOME way of injecting data into the stream.
But, yes, it is a pretty unlikely scenario.
Yeah, that guy's an even BIGGER problem. :-)
https://www.xkcd.com/154/
It does rely on the ability of the bad guy to inject data and observe the change. Really only plain text stuff going thru a VPN, which almost always means HTTP.
Chrome is immune to this, as it splits the header and body of plain requests into separate packets. Firefox sends them in the same packet, so it is not a mitigation. Safari, IE, Opera, Edge, etc. aren't mentioned in the slides.
A fix would be to simple not compress header fields and only compress body data. A quick fix is to just toggle off compression in the OpenVPN client. This was fixed in HTTP for CRIME and it'll get fixed here. Considering how many websites have migrated to HTTPS-only, I'm not worried.
You're not understanding the attack. It isn't an attack on the encryption itself, but rather taking advantage of the fact that compression happens first and being able to inject some data. By injecting some data that is then compressed, and observing the change in resultant size, they can infer certain things about the encrypted payload.
For example, if the plain text is "AAAABCDEF" a simple compression tool would turn that into "4ABCDEF" before encrypting. The size changed from 9 bytes to 7.
If you can inject AAA and make it "AAAAAAABCDEF" which then compresses to "7ABCDEF", the size of the resulting encrypted string goes from 12 to 7.
Both the 7 byte streams are perfectly encrypted, but I could now infer that multiple As are part of the plaintext.
Yes, this takes the ability to inject data, hence luring to a compromised site. Yes, it takes a LOT of packets to do this, and it really only works on things like web cookies, which are 4K maximum and much smaller in practice.
But is has nothing to do with the quality of the encryption algorithm.
This isn't exactly true. The average person uses "video game" to describe flight simulator software all the time. The FAA permits the use of flight sims for pilot training. That means X-Plane, where you can get the non-FAA certified version, fully tricked out, for under $2,000 -- including the beefed up PC But, you can START for just $60 -- and there isn't much real difference.
The FAA Certified version is mostly a USB dongle that enforces frame rate control and a bunch of settings. You can do all that manually on the $60 version.
https://www.x-plane.com/pro/
They're WAY ahead of you on this one.
https://www.express.co.uk/news/weird/1001356/alien-spaceship-bermuda-triangle-discovery-channel
Common in the United States. Or, at least, it was before Obamacare helped fix it. For years the number one trigger of personal bankruptcy was medical debt.
Your attitude is a big part of the problem. Because YOU PERSONALLY don't see something, it isn't a problem? Please don't do that. The world is bigger than what you personally experience.
Time has a good article on the subject right here: http://time.com/money/4765443/obamacare-bankruptcy-decline/
Add to that it is lighter than glass, which means it needs less energy/fuel to transport it.
I really do like the aluminum bottles, and they make sense when made from 100% recycled aluminum. They're even cheaper than plastic bottles in terms of energy needed to produce them.