Posts by tom dial

Re: Also all,previous data

Maybe I am mistaken; I thought the related public key would do the decryption.

Possession of the private key certainly might allow forgery of messages dated before its revocation.

Quite so. A human clerk with a little knowledge might alert on some of the "purchases together" and possibly even notify someone in authority and indirectly prevent an incident. A machine, without the additional programming that, by now, is being reduced to specifications or code, not so much.

I expect the fact they are seeing these things bought together (or by the same individual at slightly different times) is evidence that the intelligence and craftiness of terrorists is on the decline.

This is a management problem. Few managements have the stones to suppress deviant programmers and refuse permission to use the "latest and greatest" frameworks and languages (and to stomp them out ruthlessly when they show their faces). Even fewer, I suspect, have a clear conception of how the IT portfolio should be defined and managed.

Re: Elephant in the room

A citation would be informative.

Re: Competing is Anti-Competative?

Google manifestly is not the only game in town. It may be the only game in town that people actually care to use, but that is a very different matter.

Re: Laws stop at the border.

I have not read the Second Circuit decision, the district court decision, or any of the related briefs, and am not a lawyer anyhow. From secondary sources, however, including the Register, it is my understanding that the US government's position is that because Microsoft, a US based corporation, owned (through an Irish subsidiary) the Irish data center where the data in question was stored, and Microsoft operated that data center from the US, it was a proper target for the search warrant. That argument carried the day with the district court, but that decision was overturned in the Second Circuit court of appeal. As the current article points out, they have had substantial success with similar arguments in other circuits, to the point where it appears Google may largely have given up on opposition, perhaps to file amicus briefs in a future Supreme Court case. However, I am not aware of any claim by the DoJ that they intended US law enforcement authority to extend, in general, to other foreign countries.

It is possible that the officials who sought the warrant in the first place were working the US court system to expedite access to the data they sought rather than use the lengthier and more involved process defined in MLA treaties. That may offend some, and it is not unreasonable to oppose it. The Supreme Court does not yet seem to have accepted the DoJ appeal, but in view of the different outcomes in other circuits it seems reasonable that they will eventually, and the resulting decision will settle the issue.

A number of the better - i. e., more capable and accomplished - systems analysts and programmers I have known over the last 4 decades or more had degrees in music, and several others were fairly accomplished amateur musicians. My understanding is that this is a relatively well known and documented correlation. I also have known a number of excellent programmers whose organizational management skills were on a par with my 4-1/2 year old granddaughter. The implicit suggestion that hiring someone with a music degree to a CSO job was out of line for that reason is unwarranted and very possibly incorrect.

Re: @Tom Dial ... ...because we are a nation of laws

The checks and balances are there, but for going on a century or more the Congress has declined increasingly to enforce them, instead passing laws that deliver a lot of what most would consider legislation to executive branch departments and agencies. They pretend to oversee them but really cannot do so effectively.

There is no question that "immigrants" have, collectively, been to the good, whether or not "legal" at their time of immigration. The question of legality is, to a large degree, a result of legislative choices made at particular times and generally carried forward for years or decades beyond any justification cited for their enactment.

Moreover, immigrants' descendants have been more important than the far less numerous immigrants, something the advocates for "dreamers" and permissive immigration for the educated and already-accomplished (or the rich who can buy green cards for a half million dollars or so) usually overlook. One key attribute of immigrants, whether or not "legal" is their initiative and willingness to accept the substantial risk of failure that goes with moving to a new place, often enough with a different primary language and different customs. Not all of them succeeded, but quite a few did, for a reasonable definition of success. Their children and later descendants have done so even more, and there is no reason to think that won't be true of the current group of immigrants - again, whether or not "legal." The primary "victims" of illegal immigration, in fact, are the applicants who played by the rules and waited in the queue for their chance.

Re: This is of course just an extra...

It is quite correct to say the job of the police is to stop terrorists. It is incorrect to say, as the post invites one to infer, that the only job of the NSA is to stop terrorists. If the NSA actually says that, it is their error, and it certainly is their error that they overstate it (or remain silent while others do) by several orders of magnitude.

The NSA and its predecessor agencies have been around for well over 75 years, during most of which the threat of terrorism as now understood was pretty much nonexistent. Intelligence and counterintelligence go far beyond "terrorism" and FISA covers far more than terrorism detection, including intelligence collection on all foreign governments that the US cares about, whether friendly or not, and counterintelligence collection such as, what caught Flynn out (but probably not Sessions, whose meetings with Russians were largely face to face).

Re: The problem is a disenchantment or disillusionment with the powers in authority

The problem is more complicated than "the government is not seen as acting morally or ethically" or "political authority has lost its moral mandate." Those are results more than causes.

"The government" has been oversold as "runner of the country" (or sometimes economy) which, in the case of any country with a legal market economy, which is to say one much to the "right" of North Korea, is ludicrously false. As a result, when things go wrong, as inevitably will happen, the government is constrained to accept a portion of the responsibility and blame, maybe a large one. Because it comes to be seen as ineffectual, possibly a participant in what went wrong, the government loses authority, the right to issue commands within a defined scope and have them obeyed (relatively) unquestioningly.

"The government" also is portrayed, with enthusiastic support of both candidates for elected offices and civil service officials in some of the agencies the elected officials create; as the righter of wrongs, deliverer of benefits and favors, and transferrer of resources from those with substantial resources and few votes to those with many votes and few resources. The voters, like the officials, proclaim these actions to be based on rights to avoid condemnation for being little better than thieves and racketeers and to persuade themselves of their moral rectitude. Some, maybe an increasing number, see this differently and come to doubt its righteousness and question its authority.

Finally, as enforcer of the rules that deal, at bottom, with right and wrong, "the government" is in a scarcely tenable position in a country with as varied a population as the US (or, for that matter, the UK, Netherlands, Belgium, France or Germany) where the basis of right and wrong, and more particularly its detailed content, are disputed loudly, often, and sometimes violently Putting that together with the absurd notion that these questions can be decided for all by a majority vote has got us to a rather bad state of factionalism from which I do not see any likely deliverance.

But have an upvote anyway.

Re: The blame lies with the judge who signed the warrant.

It is possible, and arguably reasonable, for sensible people to disagree over whether the principles stated in the Constitution and Bill of Rights change over time. However even those who take the position that they do not will mostly agree that as the environment in which criminal activity occurs, and the laws that establish the bounds of what constitutes criminal activity change, the case details presented to the police, prosecutors, and judges will change.

Court decisions like the one discussed here are case law, dependent on the particular details of the case at hand. Different judges will reach different conclusions from the same set of facts, as happened here, and may happen again if there is an en banc review or a Supreme Court appeal. There is no valid reason to presume that a decision overruled on appeal was necessarily wrong based on existing law and earlier precedent.

Re: Who cares?

"Could" and "in practice would" are extremely likely to be far apart. I think that was the OPs main point.

In the US, the judiciary is expected to enforce restrictions like probable cause and particularity, and I expect the same is true of the UK and many other countries. Under fairly ordinary circumstances this probably works fairly well.

A major problem with this is that at times of moral panic like a major terrorist incident or attack from another country the judiciary may flinch from that duty as happened, for example, in WW II when the US and Canada interned those of Japanese origin as well as some others, many or most of them citizens of their respective countries. In the US at least, such judicial pushback as there was was spotty and ineffective, and ultimately the Supreme Court approved the internments.

Re: "why Blacks are such fast runners?"

Yet according to some reports, those of East and South Asian ancestry are quite heavily overrepresented in US technical employment. Should we consider this to be evidence that the companies hiring them are biased against hiring white men as well, perhaps, as women?

Re: asshe but

Upvoted solely for the reference to (the reference to) the "Conceptual penis as a social construct" article.

Re: This is getting really tiresome

The lieutenants, captains, and majors learned, and some of the contemporary politicians. By 2001, some of the lieutenants, captains, and majors were senior military staff and a few were politicians. There is not a lot of evidence that as a group they were very enthusiastic about going to war. Most politicians of the mid 1970s had retired or been replaced, all too often by others whose main contact with any war was through the draft deferment letters to their local boards and whose main concerns were tightly bound to domestic issues and their reelection. In the moral panic following the September 11, 2001 terrorist attack, launching a new war with votes from the clueless was too easy, and consideration of long term strategy effectively lacking. This was aggravated by the lesson of the 1990-1991 Iraq war, in which some of the lessons of Vietnam were employed with considerable short term success.

"The US Government" does not learn lessons. Only individuals do that, and despite the high rate of incumbent reelection, the turnover is high enough that lessons learned by a particular group at a particular time decline pretty much to the vanishing point in around a generation.

As an aside: the median age in the Senate is 64, and in the House of Representatives it is 59. Both are under 70, although rather larger than the US population median age, which is about 38.

Re: Individual warrants?

Those who read the Constitution know that warrants have to be based "upon probable cause, supported by Oath or affirmation, and particularly [describe] the place to be searched, and the persons or things to be seized."

The idea of a single warrant such as described will not fly.

On the other hand, "secret" warrants are, for practical purposes, the norm in nearly all cases, and probably in nearly all countries. Notification of the target normally arrives with the warrant and is delivered immediately before a search begins.

Re: The facts

Thanks for this, especially the relevant references within it.

I have to say I lost all respect for Yonatan Zunger almost before knowing he existed.

Incorrect in part. NSA hires contractors whose employees sometimes are untrustworthy, careless, and possibly clueless. In addition to Reality Leigh Winner, there also is the example of Harold Martin III, who is charged with taking home a half terabyte or so of classified program code. Neither provides a basis to disparage the code of what Martin took or that released through Shadow Brokers.

The WannaCry code, by various reports, was not well thought out including, but not limited to, the "kill switch."

Re: Seems fine to me

The analogy between a private contract issue and state action is badly flawed.

GRSecurity's contract does not restrict their customers' right under GPLv2 to redistribute the patches. Nothing in GPLv2 appears to require GRSecurity to distribute any patch to anyone unless they put such a requirement into their support contract. They do not, instead including a provision that terminates distribution of future patches to someone who redistributes current or prior ones. This does not limit their customers' right to do the distribution no matter how much it may influence them; it is their choice to distribute or not and to whom, just as it is GRSecuritiy's.

I also am not a lawyer, but a look at Bruce Perens' post, the Open Source Security filing, and summaries of the cases the filing cites suggests the suit may not go very far.

I also have read the bill, and it is incomprehensible without also reading the much more voluminous law that it amends. If its effect is reported here with the decent accuracy usual with The Register, it is a bit like shooting the bearer of bad news. The targeted web sites may be facilitating commerce in activities we don't like and that are harmful, but as other posters have noted are a boon to law enforcement officials in finding and shutting them down. Shutting down the web sites will not make the activities go away, or likely even interfere with them much, but will make them harder to detect and disrupt.

It is "known" that vote fraud is (nearly) nonexistent primarily because there seems not to have been a diligent search for it. Suggested use cases include college students registering and voting where they attend school and also where they live when not attending school; and those who recently moved from one state to another, who might remain eligible in both states for several election cycles due to widespread sloppiness in registration list maintenance, combined with extreme resistance to efforts to compare registration lists between states. I thought about doing this the first time when I attended graduate school in Michigan while my legal residence remained in Ohio, and again when I moved from Ohio to Utah a few years ago.

Hand marked paper ballots, whether counted by hand or machine, are obviously superior to any voting machine.

QQ

The NSA is on both sides of the issue here, in that they are responsible for creating and validating cryptographic systems on one hand and for analyzing and breaking them on the other. They seem to have insisted on improvements to DES, for reasons they did not state and did not become apparent for some years. They did less well in the case of the Clipper and Capstone chips that provided for key escrow, although the embedded Skipjack encryption apparently was relatively good.

They may have constructed the NIST recommended values with intent to weaken the Dual_EC_DRBG, or they may not; and available evidence seems not to have been produced. Their delivery of the P and Q values as "magic" numbers does not encourage optimism, but it is not proof. In any case, Dual_EC_DRBG's poor performance and observed bias discouraged its use in practice, or should have. Moreover, anyone who felt a need to use elliptic curves for pseudorandom bit generation had a usable recipe in freely available NIST publications for generating their own (different) parameters, which would not be vulnerable to any knowledge NSA might have acquired by prodcing their values dishonestly. However, the resulting DRBG probably would not have been marketable to the US government due to non-conformance with NIST SP-800-90 and its successors as well as rational doubt about the alternate parameters.

Public parks are public, generally for use by members of the public for such legal activities as they see fit. It is not obvious that AR games are intrinsically harmful to the point that they need baning or restriction, or that the horrors that the Milwaukee Board of Supervisors listed in its various WHEREASes justify the badly thought out ordinance they passed. It also is not obvious that the Supervisors, as a group, are very well suited to decide the park's intended purpose.

It also may be noted that neither the Texas Rope 'Em game and, as near as I can tell, Pokemon Go is a group activity, although it is plain that either may be played by many people concurrently and in the same general location.

Re: The power of suggestion

I am reminded of an acquaintance's experience on the IT support staff of a major regional US law firm.

Unless they were terminally bored, unlikely in a firm with over 400 lawyers, their standard instructions to callers were to defrag and reboot. Occasionally it fixed a problem, but in all cases it put the caller off for half an hour or so.

Re: about 12 per cent of servers run non-Windows OSs!?

It is a reasonably good bet that the Five Eyes and similar signals intelligence agencies elsewhere have done the research and have a good idea of real usage, as well as the usage among their respective target populations, which might be significantly different. For a number of reasons, however, they won't be publishing anything about it.

I expect that Google and other search portal operators also would be able to report such information pretty accurately.