Of course it will be - but it depends how the attack is constructed. By the time you get to four or five words, you're still going to be in pretty good shape - even with a very short dictionary of 20k words (OS X's/usr/share/dict/words has 235k), four words picked at random has 1.6e17 possibilities (just slightly above 8 random characters from the lower ascii set, 7.2e16). That said, I've seen an offline dictionary attack resolve a hashed password comprised of three dictionary words and two numbers (all lowercase, no spaces) in about three hours.
There's a lot of variables, so there's no good answer to this question. How was it hashed? Was the salt compromised, if there was a salt (alternately: is the attack against a specific user or just trying to get access to anyone)? Were the words common? Mixed-case? Throw a number in for good measure?
I'm guessing it would take a very long time for an uneducated attack against a password of "My favorite number is 1234" to hit, despite being short, common words. But if you knew people had passwords that looked like sentences, you'd change your attack accordingly.
Not necessarily - some phones let you send a message to the device (from a web UI, etc) if you lose it. There's no need to dig through an address book if there's a "if found, please call xxxx or email xxxx" sitting on the home screen. Anyone with business data on their phone damn well better have a passcode lock on it, and I'd strongly suggest the same for personal-use-only devices too.
Economically I agree, but having a bogus conviction attached to my name (even if only a misdemeanor) is not something I'm OK with. If more people didn't think solely in the economic sense and actually fought, the whole system would grind to a halt and we'd finally need to revamp things - which is at least what the summary is describing, as I obviously haven't RTFA.
That or they just raise all fines by two orders of magnitude, maintaining plea bargains, so that it becomes economically insane to try fighting bogus charges. I'd be willing to spend five grand fighting a $1000 fine on principle (worst case, I'm out $6k+time), but that obviously falls apart (at my income/savings) if the cost of losing is a hundred grand. This is probably more likely result, though also much more likely to set off a proper revolt.
Yes, but people will have an easier time grokking DST switches than actually moving to a different timezone. But I agree - it's 7pm and still light out, and I like that very much. The prospect of possibly leaving the office when I can see is quite appealing (the morning is irrelevant to me, as I never wake up that close to sunrise)
I'll second that. Maybe not in the world, but certainly far worse than anywhere else I've driven domestically. I swear some people mistake their speedometer for an analog clock, as the particularly type of driving stupidity seems to vary by time of day.
Of course, it doesn't help that CA has some remarkably stupid driving laws that make it impossible to predict traffic. For example if you're turning onto a multi-lane road, you don't have to pull into the nearest lane (or second nearest, if there are multiple turning lanes); as such, it's incredibly unsafe to make a right turn on red coming the other direction if there would otherwise be enough lanes to support it.
Refusing the test in CA is illegal (http://apps.dmv.ca.gov/pubs/dl600.pdf p81), and I'm sure that applies to other states that don't contain the SFPD. That said, I'd still recommend getting tested at the station so you don't fail a bogus field sobriety test (by tripping over a bump in the road) or an inaccurate breathalyzer. Even as a DD, it's not worth the risk - which says more about the flaws in our system than anything else, but that's hardly going to get fixed in a comment on slashdot.
It's far too distant to deal with now. Let's re-evaluate the situation when it's a couple years out, and hope Bruce Willis hasn't retired if our odds haven't improved.
Re:That's why I like the basic Kindle
on
The eBook Backlash
·
· Score: 2
I'd like an integrated light on the Kindle (and other e-ink devices) for nighttime reading, but I do not want a backlight. It's far less straining to read something lit by a reflected light source - like you would get with any paper book - than to read off the illuminated source itself. While I'd certainly like something less clumsy than a clip-on gooseneck LED, I definitely prefer that to looking at a glowing screen at night. They could probably integrate a couple of low-profile LEDs just above the display to side-light the thing nicely while still avoiding an actual backlight and keeping the device slim and aesthetically pleasing.
Compare reading the wattage marking on a light bulb when the bulb is on (even at very low power) with when the bulb is off and there's some other light source in the room. Same general idea, even if not nearly as severe.
If cellular data wasn't billed at a minimum of two orders of magnitude higher than a standard connection, I could almost agree that there's a hint of something sensible in there. But the reality is the cell companies either have a local monopoly over service or are colluding to keep prices artificially high (remember how SMS rates climbed from 10c to 15c to 25c per message, and the change took effect on all major networks within a week or so of the initiator's announcement? also, remember how SMS costs cell companies literally nothing, since it sits in basically padded headers that would be going out regardless?)
I'm OK with companies charging for a valuable service. Cellular data service is valuable to me. I'm happy to pay for it. What I'm not OK with is artificially high prices, poor service, and unavoidable* one-sided contracts where the company isn't even holding up their end of the deal. If they even made an effort to improve their infrastructure to provide better service (more bandwidth to the towers) and alleviate the problems, I'd be understanding. But that's just not happening.
And for a stupid analogy - I don't expect Kraft to pay a piece of my water bill, despite the fact that I needed to use water to boil macaroni. You can bet they sure as hell wouldn't go for it, and I wouldn't do business with them if they did since they're just helping prop up an absurd system. I'll be boycotting any developers who buy into this bullshit, should it ever get that far.
* Ok, legally I don't need a cell phone. But legally I don't need any internet connection either; going without either is impractical in this day and age
What, and move to Sprint or Verizon who are both saints? Who are you trying to fool? While I by no means like AT&T, I a) still have my grandfathered unlimited data plan and would happily go to small claims court if it becomes an issue and b) can use data while on a call, which is impossible on CDMA networks.
I hate to defend anything PayPal does - but they're absolutely telling the truth here: their partner banks are complaining (for whatever stupid, arbitrary reason), and they risk having those accounts closed (read: kill the company) if they don't stop providing merchant services for the seller in the article. One of the things that screws you over when you're only pretending to be a bank.
Don't get me wrong - I'd love to see paypal refuse to comply with their partner banks and get shut down, but we all know that's not going to happen. There's a ton of stupid things they do that are certainly their fault, but this is (based on my own experience with bitchy partner banks) not one of them.
That will not happen again - there's simply no chance of it unless there's a serious flaw in the plane's avionics that allow a remote takeover. Between armored cockpits and passenger awareness (a successful hijacking is assumed to mean death and destruction rather than an unplanned vacation in the tropics), the worst that could happen is someone sneaking a bomb on the plane and detonating it. While by no means good, it has limited impact and the same thing could be achieved in any number of ways much more easily. And let's face it - anyone could do far more human damage much more easily by acting as a suicide bomber in a security line (you know, before the checkpoint). We don't need the TSA to do that.
Condolences for your loss, but this works out to a numbers game. There are ten times the number of driving-related deaths PER YEAR than the number of people killed in domestic terror attacks*, and you can be damn sure that drunk driving could be nearly eliminated with TSA's budget. Hell, use the money to sponsor free cab rides.
In fact, the main reason I hate the IRS is because my tax dollars are going to fund operations like the TSA. I have no problem with paying taxes, provided they're used responsibly and productively. That's simply not the case here.
* Ignoring the war on terror - those deaths, while also unfortunate, are the result of an overzealous and incompetent government
Don't let a developer design the page. Don't let a designer implement the design. Good designers (i.e., aesthetically-inclined UX people) will certainly be aware of page speed and not going overboard, even if they can't code. If you're lucky, they'll flip their shit at marketing who wants to put fifty different analytics scripts on every page (and actually win the argument).
They should have advertised it as "unmetered" rather than "unlimited", since that's what they were actually selling*. Unfortunately, unmetered doesn't mean anything to most people. People would do well to think of it like their water bill - there's obviously not an unlimited supply of water, but it wouldn't be infeasible to have an "as much as we can provide without ruining it for everyone else" pricing tier. The flaw there is that it's very easy to get a sense of how much water you're using, and that's not really the case with bandwidth. Webpages that contain about 1kb of useful information often take half a meg or more to load once you factor in images, scripts, and horrendously verbose code, never mind leaky applications that have chosen pointlessly high-quality formats (like streaming lossless audio) or simply have lousy data access patterns.
Because of this, anything other than what's advertised as an unlimited plan just doesn't make sense. I can't predict my bandwidth usage for the month, even if I have a rough idea of past months. This is just as true for text messaging, especially since we're billed for incoming texts (which is obviously absurd). I'd be perfectly content to have a reasonable use-based charge (say $5/gb billed to the nearest 100mb), and be able to set up an automated warning that alerts me if I go over a specified threshold. The real problems I have with the current plans are a) too expensive and b) not granular enough. It should either be fairly-priced usage-based, or a flat fee that allows unmetered use (which may be throttled if it's degrading the network, but not simply because you downloaded a ton of shit at 2am when nobody was using the network). They're trying to have their cake and eat it too - and unfortunately for us, they're getting away with it.
* Well, that was the claim at the time. Obviously that's changed.
Changing the terms of a contract is generally grounds to have it voided if you're not happy with the new terms. That's kinda the whole point: "we have mutually agreed upon the following circumstances for the following amount of time".
Is it worth going to court over? Probably not, unless it sets a clear precedent for the rest of the cell phone owners of the world.
I too have a grandfathered unlimited plan, with a renewed 2-year contract as of the day of the iPhone4 launch. If they decided to change the terms, I certainly was not notified. IANAL, but logically that tells me either the terms have not changed or I can't be expected to abide by any changes. But FWIW, there's still the AUP that I have to abide by even with unlimited data, and the contract is probably worded in such a way that they can change the terms of the AUP without annulling the contract.
Sounds like somebody hasn't heard of secondary markets. He can most definitely sell his shares pre-IPO (FTC regulations notwithstanding, which would certainly come into play now that an S1 has been filed).
Indeed. Some stuff happens from weird ways that users try to do things that developers simply wouldn't think to test. Case in point, bug I found today: someone bought a six-month subscription by entering 0.5 as the quantity on a 1-year subscription. Our code wasn't expecting non-integer quantities, but happily did the math to get the line-item subtotal. When the data was stored, the 0.5 quantity went into an integer column, which the database cast to an integer by rounding down and suddenly qty * price != subtotal. It was caught and quickly fixed by a data integrity check, but a QA/dedicated testing person that thinks of weird user interactions like that could have prevented it from going out to production in the first place.
Now we have one more thing added into unit tests so it won't happen in the future, but there you go. The code was not untested, it was just used in an unpredictable way.
The procedure is reasonably accurate. Although to further minimize downtime, you dump your pre-move database while things are still running, keep the remote site up with replication, and don't write-lock it until you've switched your DNS (you've been dropping the TTL over the last couple days leading up to the move, right?) and put a static "site moving, refresh in a minute" page up on the old site. Obviously too simple for something of Facebook scale, but it worked quite well for a site with a handful of servers.
Of course, Ubi's setup for DRM servers will likely be wildly different than a bunch of web servers and a couple of DBs. I imagine a bunch of open connections with almost no data flowing over them
This kind of counterfeiting is a lot closer to theft than piracy. I know the guy selling $5 Oakley's out of a shoebox on the street corner isn't selling authentic goods (although I have no doubt that some people really are that ignorant), but I may have no idea that my money isn't making it back to the claimed manufacturer in the case of somewhat cheaper-than-usual NFL jerseys. Chances are I was just trying to get the best deal but engage in a legitimate transaction. Counterfeiting isn't a lost sale so much as a hijacked one. Contrast that to pirating digital goods, where no money is changing hands.
As noted in an earlier comment, I don't think this is a good of efficient use of my taxes. But if the money is going to be spent somewhere, I'd rather it go after counterfeiters (money going to the wrong party) than pirates (no transaction; could lead to one in the future). Given my choice, it would go after dangerous crime, or nowhere at all in the form of a lower tax rate.
Not that I support this kind of action, but it at least proves that bills like SOPA are unnecessary. Rights-holders already have a legal means to deal with infringers. It may be inefficient, but I think most slashdotters would agree that's preferable to the alternative.
what country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance? let them take arms. the remedy is to set them right as to facts, pardon & pacify them. what signify a few lives lost in a century or two? the tree of liberty must be refreshed from time to time with the blood of patriots & tyrants. it is it's natural manure.
There are thousands of valid arguments against the TSA and you pick travelers forgetting to collect their loose change? And as a source of funding? The TSA employs nearly 60,000 people. $400k covers about three (their budget allots on average $139k/employee; source: http://en.wikipedia.org/wiki/Transportation_Security_Administration).
Bribes go a long way, but not $8.1b long.
I'd be as happy as anyone here to see the TSA disappear forever (and, ideally, subject to criminal trials for impersonating police officers, sexual assault, and many other things) and replaced with a reasonable and actually effective set of security measures, but let's use reasonable arguments.
Actually it was already on the list and the campaign just issued the PR as yet another example of why. Odd that you read it as "just got added", as the first half of the sentence you quoted made that fairly obvious: “That is why my ‘Plan to Restore America,’ in additional to cutting $1 trillion dollars in federal spending in one year, eliminates the TSA."
Slashdot Mirror
Of course it will be - but it depends how the attack is constructed. By the time you get to four or five words, you're still going to be in pretty good shape - even with a very short dictionary of 20k words (OS X's /usr/share/dict/words has 235k), four words picked at random has 1.6e17 possibilities (just slightly above 8 random characters from the lower ascii set, 7.2e16). That said, I've seen an offline dictionary attack resolve a hashed password comprised of three dictionary words and two numbers (all lowercase, no spaces) in about three hours.
There's a lot of variables, so there's no good answer to this question. How was it hashed? Was the salt compromised, if there was a salt (alternately: is the attack against a specific user or just trying to get access to anyone)? Were the words common? Mixed-case? Throw a number in for good measure?
I'm guessing it would take a very long time for an uneducated attack against a password of "My favorite number is 1234" to hit, despite being short, common words. But if you knew people had passwords that looked like sentences, you'd change your attack accordingly.
Not necessarily - some phones let you send a message to the device (from a web UI, etc) if you lose it. There's no need to dig through an address book if there's a "if found, please call xxxx or email xxxx" sitting on the home screen. Anyone with business data on their phone damn well better have a passcode lock on it, and I'd strongly suggest the same for personal-use-only devices too.
Economically I agree, but having a bogus conviction attached to my name (even if only a misdemeanor) is not something I'm OK with. If more people didn't think solely in the economic sense and actually fought, the whole system would grind to a halt and we'd finally need to revamp things - which is at least what the summary is describing, as I obviously haven't RTFA.
That or they just raise all fines by two orders of magnitude, maintaining plea bargains, so that it becomes economically insane to try fighting bogus charges. I'd be willing to spend five grand fighting a $1000 fine on principle (worst case, I'm out $6k+time), but that obviously falls apart (at my income/savings) if the cost of losing is a hundred grand. This is probably more likely result, though also much more likely to set off a proper revolt.
Yes, but people will have an easier time grokking DST switches than actually moving to a different timezone. But I agree - it's 7pm and still light out, and I like that very much. The prospect of possibly leaving the office when I can see is quite appealing (the morning is irrelevant to me, as I never wake up that close to sunrise)
I'll second that. Maybe not in the world, but certainly far worse than anywhere else I've driven domestically. I swear some people mistake their speedometer for an analog clock, as the particularly type of driving stupidity seems to vary by time of day.
Of course, it doesn't help that CA has some remarkably stupid driving laws that make it impossible to predict traffic. For example if you're turning onto a multi-lane road, you don't have to pull into the nearest lane (or second nearest, if there are multiple turning lanes); as such, it's incredibly unsafe to make a right turn on red coming the other direction if there would otherwise be enough lanes to support it.
Which is why it's starting at 50%.
Refusing the test in CA is illegal (http://apps.dmv.ca.gov/pubs/dl600.pdf p81), and I'm sure that applies to other states that don't contain the SFPD. That said, I'd still recommend getting tested at the station so you don't fail a bogus field sobriety test (by tripping over a bump in the road) or an inaccurate breathalyzer. Even as a DD, it's not worth the risk - which says more about the flaws in our system than anything else, but that's hardly going to get fixed in a comment on slashdot.
It's far too distant to deal with now. Let's re-evaluate the situation when it's a couple years out, and hope Bruce Willis hasn't retired if our odds haven't improved.
I'd like an integrated light on the Kindle (and other e-ink devices) for nighttime reading, but I do not want a backlight. It's far less straining to read something lit by a reflected light source - like you would get with any paper book - than to read off the illuminated source itself. While I'd certainly like something less clumsy than a clip-on gooseneck LED, I definitely prefer that to looking at a glowing screen at night. They could probably integrate a couple of low-profile LEDs just above the display to side-light the thing nicely while still avoiding an actual backlight and keeping the device slim and aesthetically pleasing.
Compare reading the wattage marking on a light bulb when the bulb is on (even at very low power) with when the bulb is off and there's some other light source in the room. Same general idea, even if not nearly as severe.
If cellular data wasn't billed at a minimum of two orders of magnitude higher than a standard connection, I could almost agree that there's a hint of something sensible in there. But the reality is the cell companies either have a local monopoly over service or are colluding to keep prices artificially high (remember how SMS rates climbed from 10c to 15c to 25c per message, and the change took effect on all major networks within a week or so of the initiator's announcement? also, remember how SMS costs cell companies literally nothing, since it sits in basically padded headers that would be going out regardless?)
I'm OK with companies charging for a valuable service. Cellular data service is valuable to me. I'm happy to pay for it. What I'm not OK with is artificially high prices, poor service, and unavoidable* one-sided contracts where the company isn't even holding up their end of the deal. If they even made an effort to improve their infrastructure to provide better service (more bandwidth to the towers) and alleviate the problems, I'd be understanding. But that's just not happening.
And for a stupid analogy - I don't expect Kraft to pay a piece of my water bill, despite the fact that I needed to use water to boil macaroni. You can bet they sure as hell wouldn't go for it, and I wouldn't do business with them if they did since they're just helping prop up an absurd system. I'll be boycotting any developers who buy into this bullshit, should it ever get that far.
* Ok, legally I don't need a cell phone. But legally I don't need any internet connection either; going without either is impractical in this day and age
What, and move to Sprint or Verizon who are both saints? Who are you trying to fool? While I by no means like AT&T, I a) still have my grandfathered unlimited data plan and would happily go to small claims court if it becomes an issue and b) can use data while on a call, which is impossible on CDMA networks.
I hate to defend anything PayPal does - but they're absolutely telling the truth here: their partner banks are complaining (for whatever stupid, arbitrary reason), and they risk having those accounts closed (read: kill the company) if they don't stop providing merchant services for the seller in the article. One of the things that screws you over when you're only pretending to be a bank.
Don't get me wrong - I'd love to see paypal refuse to comply with their partner banks and get shut down, but we all know that's not going to happen. There's a ton of stupid things they do that are certainly their fault, but this is (based on my own experience with bitchy partner banks) not one of them.
That will not happen again - there's simply no chance of it unless there's a serious flaw in the plane's avionics that allow a remote takeover. Between armored cockpits and passenger awareness (a successful hijacking is assumed to mean death and destruction rather than an unplanned vacation in the tropics), the worst that could happen is someone sneaking a bomb on the plane and detonating it. While by no means good, it has limited impact and the same thing could be achieved in any number of ways much more easily. And let's face it - anyone could do far more human damage much more easily by acting as a suicide bomber in a security line (you know, before the checkpoint). We don't need the TSA to do that.
Condolences for your loss, but this works out to a numbers game. There are ten times the number of driving-related deaths PER YEAR than the number of people killed in domestic terror attacks*, and you can be damn sure that drunk driving could be nearly eliminated with TSA's budget. Hell, use the money to sponsor free cab rides.
In fact, the main reason I hate the IRS is because my tax dollars are going to fund operations like the TSA. I have no problem with paying taxes, provided they're used responsibly and productively. That's simply not the case here.
* Ignoring the war on terror - those deaths, while also unfortunate, are the result of an overzealous and incompetent government
Don't let a developer design the page. Don't let a designer implement the design. Good designers (i.e., aesthetically-inclined UX people) will certainly be aware of page speed and not going overboard, even if they can't code. If you're lucky, they'll flip their shit at marketing who wants to put fifty different analytics scripts on every page (and actually win the argument).
They should have advertised it as "unmetered" rather than "unlimited", since that's what they were actually selling*. Unfortunately, unmetered doesn't mean anything to most people. People would do well to think of it like their water bill - there's obviously not an unlimited supply of water, but it wouldn't be infeasible to have an "as much as we can provide without ruining it for everyone else" pricing tier. The flaw there is that it's very easy to get a sense of how much water you're using, and that's not really the case with bandwidth. Webpages that contain about 1kb of useful information often take half a meg or more to load once you factor in images, scripts, and horrendously verbose code, never mind leaky applications that have chosen pointlessly high-quality formats (like streaming lossless audio) or simply have lousy data access patterns.
Because of this, anything other than what's advertised as an unlimited plan just doesn't make sense. I can't predict my bandwidth usage for the month, even if I have a rough idea of past months. This is just as true for text messaging, especially since we're billed for incoming texts (which is obviously absurd). I'd be perfectly content to have a reasonable use-based charge (say $5/gb billed to the nearest 100mb), and be able to set up an automated warning that alerts me if I go over a specified threshold. The real problems I have with the current plans are a) too expensive and b) not granular enough. It should either be fairly-priced usage-based, or a flat fee that allows unmetered use (which may be throttled if it's degrading the network, but not simply because you downloaded a ton of shit at 2am when nobody was using the network). They're trying to have their cake and eat it too - and unfortunately for us, they're getting away with it.
* Well, that was the claim at the time. Obviously that's changed.
Changing the terms of a contract is generally grounds to have it voided if you're not happy with the new terms. That's kinda the whole point: "we have mutually agreed upon the following circumstances for the following amount of time".
Is it worth going to court over? Probably not, unless it sets a clear precedent for the rest of the cell phone owners of the world.
I too have a grandfathered unlimited plan, with a renewed 2-year contract as of the day of the iPhone4 launch. If they decided to change the terms, I certainly was not notified. IANAL, but logically that tells me either the terms have not changed or I can't be expected to abide by any changes. But FWIW, there's still the AUP that I have to abide by even with unlimited data, and the contract is probably worded in such a way that they can change the terms of the AUP without annulling the contract.
Sounds like somebody hasn't heard of secondary markets. He can most definitely sell his shares pre-IPO (FTC regulations notwithstanding, which would certainly come into play now that an S1 has been filed).
Indeed. Some stuff happens from weird ways that users try to do things that developers simply wouldn't think to test. Case in point, bug I found today: someone bought a six-month subscription by entering 0.5 as the quantity on a 1-year subscription. Our code wasn't expecting non-integer quantities, but happily did the math to get the line-item subtotal. When the data was stored, the 0.5 quantity went into an integer column, which the database cast to an integer by rounding down and suddenly qty * price != subtotal. It was caught and quickly fixed by a data integrity check, but a QA/dedicated testing person that thinks of weird user interactions like that could have prevented it from going out to production in the first place.
Now we have one more thing added into unit tests so it won't happen in the future, but there you go. The code was not untested, it was just used in an unpredictable way.
Did you read the details? You can get it unlocked, but it still only works on AT&T (unless you're satisfied with T-Mobile's EDGE network)
The procedure is reasonably accurate. Although to further minimize downtime, you dump your pre-move database while things are still running, keep the remote site up with replication, and don't write-lock it until you've switched your DNS (you've been dropping the TTL over the last couple days leading up to the move, right?) and put a static "site moving, refresh in a minute" page up on the old site. Obviously too simple for something of Facebook scale, but it worked quite well for a site with a handful of servers.
Of course, Ubi's setup for DRM servers will likely be wildly different than a bunch of web servers and a couple of DBs. I imagine a bunch of open connections with almost no data flowing over them
This kind of counterfeiting is a lot closer to theft than piracy. I know the guy selling $5 Oakley's out of a shoebox on the street corner isn't selling authentic goods (although I have no doubt that some people really are that ignorant), but I may have no idea that my money isn't making it back to the claimed manufacturer in the case of somewhat cheaper-than-usual NFL jerseys. Chances are I was just trying to get the best deal but engage in a legitimate transaction. Counterfeiting isn't a lost sale so much as a hijacked one. Contrast that to pirating digital goods, where no money is changing hands.
As noted in an earlier comment, I don't think this is a good of efficient use of my taxes. But if the money is going to be spent somewhere, I'd rather it go after counterfeiters (money going to the wrong party) than pirates (no transaction; could lead to one in the future). Given my choice, it would go after dangerous crime, or nowhere at all in the form of a lower tax rate.
Not that I support this kind of action, but it at least proves that bills like SOPA are unnecessary. Rights-holders already have a legal means to deal with infringers. It may be inefficient, but I think most slashdotters would agree that's preferable to the alternative.
It's what Thomas Jefferson said to do.
what country can preserve it's liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance? let them take arms. the remedy is to set them right as to facts, pardon & pacify them. what signify a few lives lost in a century or two? the tree of liberty must be refreshed from time to time with the blood of patriots & tyrants. it is it's natural manure.
http://www.loc.gov/exhibits/jefferson/105.html
There are thousands of valid arguments against the TSA and you pick travelers forgetting to collect their loose change? And as a source of funding? The TSA employs nearly 60,000 people. $400k covers about three (their budget allots on average $139k/employee; source: http://en.wikipedia.org/wiki/Transportation_Security_Administration).
Bribes go a long way, but not $8.1b long.
I'd be as happy as anyone here to see the TSA disappear forever (and, ideally, subject to criminal trials for impersonating police officers, sexual assault, and many other things) and replaced with a reasonable and actually effective set of security measures, but let's use reasonable arguments.
Actually it was already on the list and the campaign just issued the PR as yet another example of why. Odd that you read it as "just got added", as the first half of the sentence you quoted made that fairly obvious: “That is why my ‘Plan to Restore America,’ in additional to cutting $1 trillion dollars in federal spending in one year, eliminates the TSA."
http://www.ronpaul2012.com/the-issues/ron-paul-plan-to-restore-america/ plans for a DHS spending freeze, including "Transportation Safety Administration Privatized".