At the IETF VeriSign argued for an email signature scheme which anyone could use for free.
[shrug] I'm not familiar with this, so I'll take your word for it.
its security for geeks, not real people. PGP was designed for use by people who were technically savy. Most people can't program their VCR.
I reiterate -- GPG is nothing more than an authentication scheme. The user interface in the client to a GPG-based system can be *identical* to that of an SPF-based system -- it would, however, be significantly more powerful for those who choose to take advantage of it.
Actually, Strong Bad is pretty widespread. I don't think that there are many college students that don't know about him. Penny Arcade is, I will grant, more limited, as it's gaming-culture-specific, even if it's well known within that field.
I'm not surprised you like it, if you like Badnarik.
The "This Land is Your Land" parody was clearly Libertarian. The most blatant giveaway was the otherwise inexplicable Indian land rights bit, which had nothing to do with the Bush/Kerry debates, and is one of the more ridiculous planks in the Libertarian platform. Other, more subtle Libertarian bits included:
* The huge crowd of people on each side at the closing (big government, a point that the Libertarians take major issue with)
* The negative demonstration of ICBMs and aggression in Vietnam -- that's all anti-interventionist, a pretty fundamental part of the Libertarian mindset.
I'd say so. Presenting Hitler as a simple monster propagates the meme that there are "evil people" and "good people" and that we have to fight the "evil people". And that Hitler was nothing like any leader that *we* would ever accept.
Unlike Europe, copyright protection exists in the US for 95 years after the recording was made. Australia and Brazil have 70-year terms, and India 60 years. Composers and writers also enjoy 70 years' protection.
I wish.
The US is life + 70 years. 95 years is only on works for hire.
I don't know about other people, but I have, for *months*, been posting things to Slashdot pointing out holes in SPF and misdesign in every SPF discussion. SPF proponents seem to generally skip over my lists of problems and make lengthy posts about how "SPF is better than nothing", which I disagree with. I've just about had it with the SPF people, who I'm generally now seeing as not capable of decent design.
Just because I intensely dislike Microsoft's system does not mean that SPF should instead be deployed.
I'd like to see a very specific example of a problem to end users that SPF is intended to solve, that all the deployment issues involved will be paid for with. It is not, as I've pointed out, capable of stopping spam, nor is it capable of avoiding Joe jobs. It is a very weak (and known breakable in a number of ways) authentication system that is heavily tied to the existing mail transport system and does not appear to be easily extensible. There are better existing systems.
It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.
So what? Sign the contents of the header as well, not just the body, and now if Bob lets you send email to him, you can send 10000 (well, unless he has a "rate limiting" cap on mail from you) emails -- but only to him. That's rather expected behavior, I'd say. If I don't accept any email that doesn't contain a "To:" or "Forwarded To" or "Bounced To" or whatever header containing my email address, I don't have a problem.
Sally, who still doesn't trust you, still doesn't get mail from you.
Because there is no standardized way to say "if there's no signature, the message did not come from me".
And we are proposing using DNS to distribute *exactly* that sort of information with SPF, but to have a less functional and much easier to attack system. Why not use GPG instead? There's a bit more CPU overhead, as you have to check, say, a two-signature-chain, but not much, and GPG is much more mature and better designed than SPF.
Remember that SPF has a bunch of problems that the designers just waved their hands at and said "well, you can use a trust network or something for that", like throwaway domains. And what system do we already have deployed and tested that *handles* trust networks? GPG!
Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.
(a) You can have multiple databases, if you find it necessary. I'd say that simply using the existing "level of trust" is sufficient -- have a "non-spam-authority" trust level, which is below just about anything.
(b) The use of domain-level PGP would *only* be used when calculating trust metrics for *spam*. Other stuff would not use them.
(c) "Dilute PGP by applying it at the domain level"? PGP is already used for all kinds of things at the domain level and above -- it is the de facto standard for decentralized trust management. Red Hat maintains a key for their organization that signs each of the keys used to sign packages in each of their distributions. PGP does not *have* to be used at the user level -- it just has the *ability* to be used at the user level -- which isn't really practical with DomainKeys.
(d) You can expect that not a single corporate player wants PGP used. That would mean a decentralized solution that doesn't really allow charging anyone any money.
(e) What about PGP is "difficult"? The existing client software might be complicated, but ultimately it's nothing more than an authentication system (well, and trust management). It is not broken in a number of ways that SPF, DomainKeys, and Caller-ID are. There is excellent pre-existing software support for use of PGP keys as an authorization mechanism in an easy-to-use system -- the user need see nothing more complicated than they would with SPF or DomainKeys or Caller ID, if admins would like to set up PGP in such a manner. I use apt to install the software on my system -- while PGP is actually being used, I never have to worry about what happens -- it's simply taken care of in the background. You're thinking of using some of the existing PGP clients, which suck and are not really appropriate for what is being talked about.
Because that requires changes to end-user behaviour.
In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.
Yeah, but it'd be just as easy to piggyback GPG onto DNS (have a GPG keypair for each domain, the public key of which is distributed via DNS, that is considered "trusted" for the purposes of verifying each email -- it would sign the user's key, which would sign the email). During transition, it would be possible to do the user signing on the server.
This would allow user-level granularity and fix a vast number of problems with the existing schemes -- frankly SPF and Caller ID are nothing more than fairly bad authentication schemes, whereas GPG is mature, well tested, and strong.
Piggybacking on the insecure DNS isn't good, but admins unaware of the security issues in doing so seem hell-bent on doing so, using this scheme in all of the existing mechanisms. And after the problems inevitably surface, after spammers start spoofing DNS, if GPG is used, it'll be easy to have registrars have their *own* keys that sign domain owner pubkeys, and include the.sig along with the domain owner key in a DNS record, fixing the security problems. (The advantage of using PGP for this is that, unlike web-style certs, there's no need to screw with a limited set of roots -- people naturally extend their web of trust.)
Actually, the current version of firefox seems to just open a new window when you run "firefox" again. It is only if it cannot do so (such as your DISPLAY is different for the two instances -- apparently, firefox doesn't do multiple displays) that it gives you that dialog.
There are also some severe disadvantages to block-level encryption -- from a user standpoint, WinNT-style filesystem-level encryption is generally preferable. Among other things:
* Filesystem-level encryption can outperform block-level encryption.
* It's easy for a Windows NTFS user to "start encrypting something" -- they right-click a directory and check a box. Linux requires a new mounted filesystem running through a new loopback device. Since this isn't doable at the user level in any distro that I'm aware of, it pretty much means that each user doesn't have their private files encrypted separately.
* Choosing as-needed performance is not trivial. I currently maintain individual files encrypted with GPG. I don't want to have to have my P2P software making my kernel blow cycles constantly and unnecesarily encrypting and decrypting software.
* Unless I'm doing something really grotty, like putting a filesystem on block-level encryption on an LVM virtual volume, if I'm using block-level encryption, I'm forced to choose how much space to allocate to each encrypted area -- how much to put towards my ~/.private directory, how much to put in my ~/main/notes/passwords directory, and so forth. If I'm using filesystem-level encryption, I'm taking available space from a shared pool.
* While not strictly a block-level vs filesystem-level encryption issue, no major distro that I'm aware of provides a nice interface for setting up encrypted directories (well, mount points with block-level encryption) and home directories, with a user's login password used to decrypt keys used to access the encrypted filesystems. Windows is significantly more user-friendly (including providing the option of administrative key recovery) here.
The block-level approach is ideologically clean and modular, but has serious drawbacks. It cannot replace filesystem-level encryption.
Close. I will confess that I don't know *exactly* the precise definition of journalled -- I believe that roughly it's "write out each operation guaranteed to be atomic to the disk before that operation is committed"
Atomicity is not an alternative to journalling. Journalling is a mechanism often used to provide atomicity. Atomicity simply means that a change is either entirely committed to disk, or not committed to disk. There can be atomicity at various levels -- database transactions are also atomic, for instance, as is each operation on filesystem metadata in ext3 (which simply means that the filesystem metadata will not become corrupt on power loss).
An example of the difference between atomicity provided via journalling and atomicity provided without journalling -- if a filesystem recieved a write of 20 bytes to the end of a file, a write that fit within a block, it could simply read the contents of the existing block on the hard drive, and then write the modified block back, since block-level writes are guaranteed to be atomic on hard drives (assuming, of course, that the filesystem stores the associated length data in the block). This would not be journalled, because the change is never written to a separate location, but it *would* be atomic, since the filesystem is never in an inconsistent state -- either the change is written or it is not written.
There is also a mechanism similar to journalling (though different) called logging -- there are "log-structured filesystems". I am not familiar with the difference between journalling and logging. Just guessing from distributed systems knowledge, it's likely that logging means that every operation is written to a log in order, and that a filesystem's state can be reproduced by playing back the log.
I've always used ext3 for exactly that reason -- I had a friend who watched his reiser3 filesystem eat itself, started printing screenfuls of garbage at boot. Ext3's pretty mature, and it's mostly ext2 code (which is *really* mature).
Dunno about speed, but I just run lightweight server and desktop stuff on the machine, and as long as my disk doesn't go to hell, I'm pretty happy.
Besides, most people are used to stuff like NTFS or even FAT, and any modern filesystem comes off as pretty nice anyway.
I'll give reiser4 a year or so and then try it out, unless folks are talking about problems. Filesystems are the one area where bugginess is really nasty and testing is no fun.
All I care about is whether or not I get end-to-end encryption.
The reason Jabber is so great is because of its encryption support. I can load up gabber and use SSL (and end-to-end GPG encryption within *that*).
If Google gives me end-to-end encryption, Google will win me and everyone I can convince over. Everything else is irrelevant. The current state of IM security is abysmal.
That means that there will be a single party that can monitor who communicates with who (not ideal, but not that far from the existing cell phone situation), but not the *content*.
In the modern US that activity would be considered pedophilia so what is gay or acceptable gay activity (just as what is hetereosexual or acceptable hetereosexual activity) depends to a large part on the society doing the judging.
In Romeo and Juliet, which I guess can be considered reasonably high culture, Juliet was thirteen years old. I'd say our current taboos are also a function of post-Victorian social influence.
Point taken, but its [homosexuality is] not a trait that lends itself well to being passed on. In terms of successive generations, it is a hinderance to reproduction so it will eventually be eliminated from the gene pool.
If, as a man, you look at another man's hairy ass and say to yourself "Damn! I just gotta get me some of that!!" then you are most certainly gay.
Or bisexual.
If, on the other hand, you look at another man's hair ass and think to yourself "What the hell is that?! Put some dammed pants on you freak!" then you are most certainly not gay.
Yes. It means that you are homophobic.
And if you just think "Huh, an ass. I wonder why he isn't wearing any pants?" and cruise on your way, you are neither homosexual or homophobic.
Most Americans are irrationally homophobic to some degree.
Very funny, but untrue, and Bush's stupidity is a common myth supported by his occasional inability to be coherent.
And his lack of knowledge about, say, geography or foreign nations. And the fact that he fucked up at college. And the fact that he totally screwed up the oil company position that he was given. As a matter of fact, I've yet to see one thing presented that Bush has been competent at.
Smoking and car crashes kill more citizens of the United States each week and month, respectively, than terrorism *ever* has, all deaths combined. Why are we spending far more "fighting the War on Terror" than we are on automobile safety research?
Like hell. I've seen more knee-jerk reactions to the current Administration than I ever did back when Clinton was president (and I was a Democrat back then!)
The man was impeached for not saying that he got a blowjob!
The current administration invaded another nation on very dubious pretenses (and in a manner that greatly financially benefitted people that they had close ties to), and there was nary a word of impeachment.
No, believe me, there were *plenty* of conservative knee-jerkers under Clinton (and Clinton was even centrist, not an extreme right-winger like Bush).
Think twice when you are sold something by a fear mongering right winger (of either party).
Or by someone who wants to eliminate your liberal vote, by claiming that you should waste your vote by giving it to someone that can't beat Bush.
The only political thing that does is hand the election to Bush, and give us another four years of him (and this time, with no worries about re-election).
If you really want to effect change, agitate for voting reform, to a system that doesn't essentially guarantee a two-party system. *Fix* the system. Throwing a tantrum and just making stupid voting decisions within the existing system doesn't help you, and *does* help those that are politically opposed to you.
Slashdot Mirror
At the IETF VeriSign argued for an email signature scheme which anyone could use for free.
[shrug] I'm not familiar with this, so I'll take your word for it.
its security for geeks, not real people. PGP was designed for use by people who were technically savy. Most people can't program their VCR.
I reiterate -- GPG is nothing more than an authentication scheme. The user interface in the client to a GPG-based system can be *identical* to that of an SPF-based system -- it would, however, be significantly more powerful for those who choose to take advantage of it.
They were all out of the ones that said "Idiot."
Surely "Objectivist" would have gotten the point across as well, and been more specific?
Actually, Strong Bad is pretty widespread. I don't think that there are many college students that don't know about him. Penny Arcade is, I will grant, more limited, as it's gaming-culture-specific, even if it's well known within that field.
WTF- this land (the original song) is not a patriotic song. It was a proto-communist anthem.
Because, as we all know, if you aren't a Republican Bush-supporter, you aren't patriotic. As a matter of fact, you probably hate America.
I'm not surprised you like it, if you like Badnarik.
The "This Land is Your Land" parody was clearly Libertarian. The most blatant giveaway was the otherwise inexplicable Indian land rights bit, which had nothing to do with the Bush/Kerry debates, and is one of the more ridiculous planks in the Libertarian platform. Other, more subtle Libertarian bits included:
* The huge crowd of people on each side at the closing (big government, a point that the Libertarians take major issue with)
* The negative demonstration of ICBMs and aggression in Vietnam -- that's all anti-interventionist, a pretty fundamental part of the Libertarian mindset.
I'd say so. Presenting Hitler as a simple monster propagates the meme that there are "evil people" and "good people" and that we have to fight the "evil people". And that Hitler was nothing like any leader that *we* would ever accept.
Unlike Europe, copyright protection exists in the US for 95 years after the recording was made. Australia and Brazil have 70-year terms, and India 60 years. Composers and writers also enjoy 70 years' protection.
I wish.
The US is life + 70 years. 95 years is only on works for hire.
I don't know about other people, but I have, for *months*, been posting things to Slashdot pointing out holes in SPF and misdesign in every SPF discussion. SPF proponents seem to generally skip over my lists of problems and make lengthy posts about how "SPF is better than nothing", which I disagree with. I've just about had it with the SPF people, who I'm generally now seeing as not capable of decent design.
Just because I intensely dislike Microsoft's system does not mean that SPF should instead be deployed.
I'd like to see a very specific example of a problem to end users that SPF is intended to solve, that all the deployment issues involved will be paid for with. It is not, as I've pointed out, capable of stopping spam, nor is it capable of avoiding Joe jobs. It is a very weak (and known breakable in a number of ways) authentication system that is heavily tied to the existing mail transport system and does not appear to be easily extensible. There are better existing systems.
It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.
So what? Sign the contents of the header as well, not just the body, and now if Bob lets you send email to him, you can send 10000 (well, unless he has a "rate limiting" cap on mail from you) emails -- but only to him. That's rather expected behavior, I'd say. If I don't accept any email that doesn't contain a "To:" or "Forwarded To" or "Bounced To" or whatever header containing my email address, I don't have a problem.
Sally, who still doesn't trust you, still doesn't get mail from you.
Because there is no standardized way to say "if there's no signature, the message did not come from me".
And we are proposing using DNS to distribute *exactly* that sort of information with SPF, but to have a less functional and much easier to attack system. Why not use GPG instead? There's a bit more CPU overhead, as you have to check, say, a two-signature-chain, but not much, and GPG is much more mature and better designed than SPF.
Remember that SPF has a bunch of problems that the designers just waved their hands at and said "well, you can use a trust network or something for that", like throwaway domains. And what system do we already have deployed and tested that *handles* trust networks? GPG!
Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.
(a) You can have multiple databases, if you find it necessary. I'd say that simply using the existing "level of trust" is sufficient -- have a "non-spam-authority" trust level, which is below just about anything.
(b) The use of domain-level PGP would *only* be used when calculating trust metrics for *spam*. Other stuff would not use them.
(c) "Dilute PGP by applying it at the domain level"? PGP is already used for all kinds of things at the domain level and above -- it is the de facto standard for decentralized trust management. Red Hat maintains a key for their organization that signs each of the keys used to sign packages in each of their distributions. PGP does not *have* to be used at the user level -- it just has the *ability* to be used at the user level -- which isn't really practical with DomainKeys.
(d) You can expect that not a single corporate player wants PGP used. That would mean a decentralized solution that doesn't really allow charging anyone any money.
(e) What about PGP is "difficult"? The existing client software might be complicated, but ultimately it's nothing more than an authentication system (well, and trust management). It is not broken in a number of ways that SPF, DomainKeys, and Caller-ID are. There is excellent pre-existing software support for use of PGP keys as an authorization mechanism in an easy-to-use system -- the user need see nothing more complicated than they would with SPF or DomainKeys or Caller ID, if admins would like to set up PGP in such a manner. I use apt to install the software on my system -- while PGP is actually being used, I never have to worry about what happens -- it's simply taken care of in the background. You're thinking of using some of the existing PGP clients, which suck and are not really appropriate for what is being talked about.
Because that requires changes to end-user behaviour.
.sig along with the domain owner key in a DNS record, fixing the security problems. (The advantage of using PGP for this is that, unlike web-style certs, there's no need to screw with a limited set of roots -- people naturally extend their web of trust.)
In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.
Yeah, but it'd be just as easy to piggyback GPG onto DNS (have a GPG keypair for each domain, the public key of which is distributed via DNS, that is considered "trusted" for the purposes of verifying each email -- it would sign the user's key, which would sign the email). During transition, it would be possible to do the user signing on the server.
This would allow user-level granularity and fix a vast number of problems with the existing schemes -- frankly SPF and Caller ID are nothing more than fairly bad authentication schemes, whereas GPG is mature, well tested, and strong.
Piggybacking on the insecure DNS isn't good, but admins unaware of the security issues in doing so seem hell-bent on doing so, using this scheme in all of the existing mechanisms. And after the problems inevitably surface, after spammers start spoofing DNS, if GPG is used, it'll be easy to have registrars have their *own* keys that sign domain owner pubkeys, and include the
Actually, the current version of firefox seems to just open a new window when you run "firefox" again. It is only if it cannot do so (such as your DISPLAY is different for the two instances -- apparently, firefox doesn't do multiple displays) that it gives you that dialog.
There are also some severe disadvantages to block-level encryption -- from a user standpoint, WinNT-style filesystem-level encryption is generally preferable. Among other things:
* Filesystem-level encryption can outperform block-level encryption.
* It's easy for a Windows NTFS user to "start encrypting something" -- they right-click a directory and check a box. Linux requires a new mounted filesystem running through a new loopback device. Since this isn't doable at the user level in any distro that I'm aware of, it pretty much means that each user doesn't have their private files encrypted separately.
* Choosing as-needed performance is not trivial. I currently maintain individual files encrypted with GPG. I don't want to have to have my P2P software making my kernel blow cycles constantly and unnecesarily encrypting and decrypting software.
* Unless I'm doing something really grotty, like putting a filesystem on block-level encryption on an LVM virtual volume, if I'm using block-level encryption, I'm forced to choose how much space to allocate to each encrypted area -- how much to put towards my ~/.private directory, how much to put in my ~/main/notes/passwords directory, and so forth. If I'm using filesystem-level encryption, I'm taking available space from a shared pool.
* While not strictly a block-level vs filesystem-level encryption issue, no major distro that I'm aware of provides a nice interface for setting up encrypted directories (well, mount points with block-level encryption) and home directories, with a user's login password used to decrypt keys used to access the encrypted filesystems. Windows is significantly more user-friendly (including providing the option of administrative key recovery) here.
The block-level approach is ideologically clean and modular, but has serious drawbacks. It cannot replace filesystem-level encryption.
Close. I will confess that I don't know *exactly* the precise definition of journalled -- I believe that roughly it's "write out each operation guaranteed to be atomic to the disk before that operation is committed"
Atomicity is not an alternative to journalling. Journalling is a mechanism often used to provide atomicity. Atomicity simply means that a change is either entirely committed to disk, or not committed to disk. There can be atomicity at various levels -- database transactions are also atomic, for instance, as is each operation on filesystem metadata in ext3 (which simply means that the filesystem metadata will not become corrupt on power loss).
An example of the difference between atomicity provided via journalling and atomicity provided without journalling -- if a filesystem recieved a write of 20 bytes to the end of a file, a write that fit within a block, it could simply read the contents of the existing block on the hard drive, and then write the modified block back, since block-level writes are guaranteed to be atomic on hard drives (assuming, of course, that the filesystem stores the associated length data in the block). This would not be journalled, because the change is never written to a separate location, but it *would* be atomic, since the filesystem is never in an inconsistent state -- either the change is written or it is not written.
There is also a mechanism similar to journalling (though different) called logging -- there are "log-structured filesystems". I am not familiar with the difference between journalling and logging. Just guessing from distributed systems knowledge, it's likely that logging means that every operation is written to a log in order, and that a filesystem's state can be reproduced by playing back the log.
I've always used ext3 for exactly that reason -- I had a friend who watched his reiser3 filesystem eat itself, started printing screenfuls of garbage at boot. Ext3's pretty mature, and it's mostly ext2 code (which is *really* mature).
Dunno about speed, but I just run lightweight server and desktop stuff on the machine, and as long as my disk doesn't go to hell, I'm pretty happy.
Besides, most people are used to stuff like NTFS or even FAT, and any modern filesystem comes off as pretty nice anyway.
I'll give reiser4 a year or so and then try it out, unless folks are talking about problems. Filesystems are the one area where bugginess is really nasty and testing is no fun.
All I care about is whether or not I get end-to-end encryption.
The reason Jabber is so great is because of its encryption support. I can load up gabber and use SSL (and end-to-end GPG encryption within *that*).
If Google gives me end-to-end encryption, Google will win me and everyone I can convince over. Everything else is irrelevant. The current state of IM security is abysmal.
That means that there will be a single party that can monitor who communicates with who (not ideal, but not that far from the existing cell phone situation), but not the *content*.
In the modern US that activity would be considered pedophilia so what is gay or acceptable gay activity (just as what is hetereosexual or acceptable hetereosexual activity) depends to a large part on the society doing the judging.
In Romeo and Juliet, which I guess can be considered reasonably high culture, Juliet was thirteen years old. I'd say our current taboos are also a function of post-Victorian social influence.
Point taken, but its [homosexuality is] not a trait that lends itself well to being passed on. In terms of successive generations, it is a hinderance to reproduction so it will eventually be eliminated from the gene pool.
Kind of like posting to Slashdot?
If, as a man, you look at another man's hairy ass and say to yourself "Damn! I just gotta get me some of that!!" then you are most certainly gay.
Or bisexual.
If, on the other hand, you look at another man's hair ass and think to yourself "What the hell is that?! Put some dammed pants on you freak!" then you are most certainly not gay.
Yes. It means that you are homophobic.
And if you just think "Huh, an ass. I wonder why he isn't wearing any pants?" and cruise on your way, you are neither homosexual or homophobic.
Most Americans are irrationally homophobic to some degree.
Very funny, but untrue, and Bush's stupidity is a common myth supported by his occasional inability to be coherent.
And his lack of knowledge about, say, geography or foreign nations. And the fact that he fucked up at college. And the fact that he totally screwed up the oil company position that he was given. As a matter of fact, I've yet to see one thing presented that Bush has been competent at.
Smoking and car crashes kill more citizens of the United States each week and month, respectively, than terrorism *ever* has, all deaths combined. Why are we spending far more "fighting the War on Terror" than we are on automobile safety research?
Hard to tell. He hasn't screwed up a four-year trial period as President, though.
Like hell. I've seen more knee-jerk reactions to the current Administration than I ever did back when Clinton was president (and I was a Democrat back then!)
The man was impeached for not saying that he got a blowjob!
The current administration invaded another nation on very dubious pretenses (and in a manner that greatly financially benefitted people that they had close ties to), and there was nary a word of impeachment.
No, believe me, there were *plenty* of conservative knee-jerkers under Clinton (and Clinton was even centrist, not an extreme right-winger like Bush).
Think twice when you are sold something by a fear mongering right winger (of either party).
Or by someone who wants to eliminate your liberal vote, by claiming that you should waste your vote by giving it to someone that can't beat Bush.
The only political thing that does is hand the election to Bush, and give us another four years of him (and this time, with no worries about re-election).
If you really want to effect change, agitate for voting reform, to a system that doesn't essentially guarantee a two-party system. *Fix* the system. Throwing a tantrum and just making stupid voting decisions within the existing system doesn't help you, and *does* help those that are politically opposed to you.