* Posts by tom dial

1546 posts • joined 16 Jan 2011

Baltimore cops: We flew high-res camera planes to film your every move

tom dial
Silver badge

Re: Michael Brown

Michael Brown was not shot "while" or "for" running away after committing a crime. He was shot after assaulting a police officer who had stopped him while he was running away. When shot, he was advancing toward the officer.

The officer involved probably made a tactical procedural error during the stop, in putting himself in a position of some disadvantage in opposition to a larger and considerably heavier opponent, but Michael Brown made larger errors in assaulting and later advancing on an armed police officer.

5
8

Larry Page snuffs out ‘too expensive’ Google Fiber project

tom dial
Silver badge

Re: Who in their right mind ...

Nearly everyone in the southeastern suburbs of Salt Lake City, for one example. My present alternatives include Comcast (high price, pretty good speed) and CenturyLink (lower price, max available speed "up to" 20 Mbits/sec). Goole have started turning on fiber in SLC proper, but never got around to stating plans for the suburbs.

As an aside, there was a multicity consortium, UTOPIA, which pretty much stalled 5 or more years ago before reaching many of its potential customers. So much for government doing the job.

1
0

French, German ministers demand new encryption backdoor law

tom dial
Silver badge

Re: Why bother?

You cannot (realistically) ban mathematics. If you are an effective national government, however, you probably have the power, and possibly the authority, to regulate the legal use of cryptographic systems, and to fine, jail, or otherwise punish those under your jurisdiction who decline to follow the laws. That goes quite a bit beyond "make difficult."

0
0
tom dial
Silver badge

1. Real evidence of actual abuse by governments is pretty thin in most countries with regimes that are generally regarded as liberal democratic (small l and small d) unless having the capability to abuse is taken to be equivalent to abuse itself. Indeed, that probably is true even under most regimes commonly thought of as oppressive, although the range of behaviors such governments ignore may be quite limited.

2. Security of such data clearly is a risk, but one that admits mitigation. Various key escrow arrangements that have been suggested included provisions intended to reduce the risk and increase the difficulty and cost of escrow database compromise. Risk never is zero, and all one reasonably can require is that it be quantifiable and small enough.

3, 4. There is no real basis to argue that key escrow would make encryption more difficult or less convenient, as collection, indexing, and storage necessarily would be automated. It could present additional points of failure (or not) depending on whether failure to escrow would cause failure of the basic communication. Communication for commercial transactions may not be an important issue, as for legal trade it often will be possible to obtain the details from at least one of the participants by a suitable court order.

5. The obvious answer would be to provide the escrowed key, as national laws may require, to the government of the originator and recipients. In many or most cases, that would be at most one, since most communications do not cross national boundaries. That obviously would present issues, but for most people and organizations they would not necessarily be overly serious. Those who wish to shield activities from any of the governments demanding escrowed keys would have the most reason for concern, followed by those with reason for concern about security of one of the repositories against criminals or competitors. Increasing the number of repositories clearly would increase risk of control loss, however.

6. The customary government approach to refusal to participate would be criminalization, with a combination of detection procedures and penalties sufficient to discourage it.

The point of the original post was not to argue for key escrow, which has very little to recommend it, but to note that it would not be less private than plain text communication and might not add a great deal of risk, for most people, most of the time, compared to encrypted communication without escrow. Other approaches to law enforcement access include enforcing backdoored encryption systems, probably a much worse choice, and judicial warrants demanding delivery of the decrypted message by the originator or a recipient, depending on details of jurisdiction and treaty arrangements, with punishment for noncompliance.

0
0
tom dial
Silver badge

Re: Fight them at every turn!

In the US, the USPS has collected metadata for all first class mail for over a decade, following the anthrax letters that killed a few. That metadata, to be sure, is not nearly as reliable as communication data, since only the destination address information is functional.

0
0
tom dial
Silver badge

I call BS on the often stated "It's maths, stupid" and "It's magical thinking" themes.

Encryption, in today's customary usage, certainly is based on mathematics, but that is largely beside the point. A completely trivial key escrow system in which a communication metadata and session and key are deposited with a government custodian is more secure than communication in the clear despite being subject to the same kinds of vulnerabilities, and clearly would meet the stated need of law enforcement authorities. Nothing about this represents magical thinking, and it does not depend on a weak encryption system. Volume is a potential problem, but there is good reason to think that national signals intelligence agencies have developed effective ways to deal with it.

The fundamental problem is one of lack of trust combined with arguably excessive government authority, or at least power. Many people believe that law enforcement officers and agencies spy on nearly everyone without any particular reason, and do not trust them. And in most countries there is evidence of some government misbehavior. However, such misbehavior is not new and almost certainly would not be made simpler or easier by even a trivial or badly designed key escrow system. In most countries, too, those who are law enforcement targets are likely to be surveilled, and if important enough, prosecuted, sometimes irrespective of guilt. The number of laws on the books offers plenty of options for prosecutors. Use of encryption that the authorities cannot break, if legal, might delay the outcome but would do little to prevent it; and if illegal it could be a useful substitute charge leading to an easy conviction.

5
14

Das ist empörend: Microsoft slams umlaut for email depth charge

tom dial
Silver badge

Re: You think _that's_ bad?

The maximum - and minimum - stored password size should be the fixed length output size of whatever cryptographic hash function is used on the salted concatenation of user name and password.

6
0
tom dial
Silver badge
Joke

Re: Microsoft or Americans?

Many of those in New York City and adjacent parts of Southern New England tend to forget there is a world west of the Adirondacks, or regard such parts as may possibly exist as probably uncivilized.

4
0
tom dial
Silver badge

Re: English is wonderful

There are rather a lot of people on the US West coast of Japanese or Chinese ancestry or origin, and not a few of them likely enough are employed by Microsoft.

Somehow, it does not seem this should have happened.

0
0

Four in five Android devices inherit Linux snooping flaw

tom dial
Silver badge

Re: At this point, not a 'snooping' flaw

It might also be worth observing that the flaw described in CVE-2016-5696 was introduced to correct or mitigate a previously existing, and perhaps much more serious, vulnerability.

Also worth noting is that the probability that any large piece of software contains no errors is operationally equal to zero. This vulnerability, like large numbers of earlier ones, will be mitigated or eliminated, and others will be found, and some of them will have been introduced in the correction process.

2
1

Password strength meters promote piss-poor paswords

tom dial
Silver badge

Re: Passwords need to be rethought

The requirement to change passwords periodically (every 60 days when I left government service) has less to do with crackability and much to do with limiting exposure time if either user passwords or the hashed password file is compromised.

2
0

Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell

tom dial
Silver badge

Re: Why is ssh built in?

As an additional note on the clunky A:, B: and the like, I seem to recall that an intermediate version of MS-DOS (3.2, I think) had a built-in command, join, that enabled the user to do the rough equivalent of the Unix mount command, with the same beneficial result of being able to treat all the disk resources as a single directory tree. MS lost me when they removed it, and a number of other useful items, in the standard part of the next version and made it a $60 or so additional utilities package

I switched right then to Xenix, which I picked up used at an amateur radio swap meet, and never after paid more than the minimum necessary attention to MS operating systems. I did note that Windows hid the clunkiness rather effectively, and disks grew quite rapidly, so that for many it made little difference.

4
1

Google had Obama's ear during antitrust probe

tom dial
Silver badge

Re: Meh

at&t probably is in a formally competitive market almost everywhere it does business. It is either the phone company (e. g., in most of Ohio) or a late comer trying with less than perfect success to compete with the local cable franchise for both data and telephone service. Cox, where I used to live in Ohio, had an exclusive local franchise (which at&t tried to break up) that provided faster data service at every speed they both offered (at&t was unable to compete at the highest available rates).

Comcast, for the present, is the incumbent in my area southeast of Salt Lake City, but has a competitor (CenturyLink), which definitely is less expensive, at an advertised price of $20 a month for up to 12 Mb/s; Comcast's rate starts at $30 for up to 10 megabits, and may be losing a few customers over this. But Comcast also offers other capacities up to 250 megabits at $70 a month, which I typically measure. My "up to 150 Mb/s" service often yields better than that and typically measures around 130 Mb/s at the inside of the router attached to the modem. For all the whining about Comcast's poor service, here, I can say only that the service has not been quite as reliable as Cox's was in Ohio, but the unscheduled down time over three years certainly has been under 0.05%.

So Comcast, here at least, is not quite a monopoly, but we certainly are looking forward to the benefits of competition from Google, which has started its build out not too far away.

0
1

Oracle campaigns for third Android Java infringement trial

tom dial
Silver badge

Re: Google are switching to OpenJDK...

Would the OpenJDK API not be essentially identical to that of Oracle's JDK? I don't do Java programming and don't know the answer, but it seems possibly relevant. If the API is the same (or near enough) could Oracle reasonably claim infringement by Google without also claiming infringement by everyone else using OpenJDK? Or would the fact that they have not (and maybe because of licensing cannot) claim infringement by OpenJDK developers and maintainers invalidate any claims they might be making?

0
0

VeraCrypt security audit: Four PGP-encoded emails VANISH

tom dial
Silver badge

Those who don't know the email metadata are in the clear are a danger to themselves and others, and should be kept under tight supervision in any security context.

5
0

Judges put FCC back in its box: No, you can't override state laws, not even for city broadband

tom dial
Silver badge

Re: So, only the constitution is valid?

Many state constitutions are rubbish. This is especially true, I suspect, in states like California where they can be amended with relative ease by ballot initiative. Compared with these, the US Constitution, with fewer than 4,400 words to describe the basic structure and functions of the government and the authority of the main parts, is an elegantly concise work of art.

As an aside, the original US Constitution made no explicit mention of slavery. The closest things to that were Article I, Section II, paragraph 3, the three fifths rule that allocated representatives based partly on "all other Persons," a category comprised of slaves; Article I, Section IX, paragraph 1, prohibiting Congressional action to end the slave trade before 1808, and Article IV, Section II, paragraph 3, requiring a "Person held to Service or Labour in one State, under the Laws thereof, escaping into another" to "be delivered up on Claim of the Party to whom such Service or Labour may be due," a clear, although implicit, reference to slaves. Looking back, one may consider these compromises contemptible, but the existence of the Union arguably depended on them.

On the other hand, the original Constitution said exactly nothing about the qualifications of electors, that being left to the states, and nothing about the qualifications for federal elective office beyond age, citizenship, time of residence in the US (president and vice-president) or state from which elected (senators and representatives). Women and black persons (who were property owners) were electors in the state of New Jersey from 1776 until 1807 and therefore eligible for election to the US House of Representatives. It would have been unconventional to elect a woman (or black) to office, perhaps to the point of being unthinkable, but the US Constitution did not prohibit it.

0
0
tom dial
Silver badge

Re: Reg said that States cannot be pushed around by a federal regulator...

"This is about direct-to-consumer Wi-Fi." That does not seem to be true. The court decision contains only one reference to Wi-Fi, that the city of Wilson, NC "provides free Wi-Fi to its entire downtown area" in addition to the fiber optic Greenlight infrastructure that neighboring areas wanted it to extend, forming the basis for the issue at hand. That issue, reduced to the minimum, was whether or not the FCC, absent a clear statement in statutory law, had the authority to override Tennessee and North Carolina state laws in the case at hand. The court said that it does not, and issued a decision that the FCC order must be reversed.

0
0
tom dial
Silver badge

Re: Reg said that States cannot be pushed around by a federal regulator...

I think the assertion that the "Feds gave the ISP's regional monopolies and huge subsidies to build the infractructure" is essentially incorrect and should be backed up with pointers to relevant sources. Most or all of the franchises, which in practice often became local monopolies or oligopolies, were granted by local governments, initially for delivery of cable TV. To the extent they now provide communication services they usually are regulated by state utility commissions. In fact, the cable companies became the superior competition for the telephone company monopoly, as those of us who started with 300 baud acoustic modems will remember, and as far as I know did it without significant public subsidies in densely populated areas.

2
4

Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc

tom dial
Silver badge

Re: This is not trivial to exploit

It is a protocol flaw, yes, but because Linux implements the protocol, it also is a Linux vulnerability. The two things are not mutually exclusive.

1
1

Power cut crashes Delta's worldwide flight update systems

tom dial
Silver badge

Re: IBM offers mainframe in the cloud today

zSeries run Linux just fine (native), and while power is available will run with substantial component failures, although with some performance degradation, and many of the failures can be corrected without a reboot.

They also will run briskly at 100% CPU utilisation as long as the paging rate is kept reasonable.

2
0
tom dial
Silver badge

Re: Single point of failure

I remember about 15 years back having my terminal screen wink out while working on a system a thousand or so miles distant at a US military data center. Not coincidentally, others nearby working on various other systems there had the same experience at the same time, and ensuing discussions with the SA revealed that all power to the main computer building had dropped because a contractor (WHO HAD BEEN TOLD) severed the cables from the oubuilding containing the substation, the redundant UPSs, and the backup generators. Power was restored around 6 hours later.

3
0

Don't want to vote for Clinton or Trump? How about this woman who says Wi-Fi melts kids' brains?

tom dial
Silver badge

Re: The one thing all the media, and this one too, won't be telling you...

Empirically, most voters are quite ignorant about both the structure and operation of the government and current or recent past political issues. Many of them, for instance, cannot name their US Representative or Senators, and even more cannot name their state legislators or elected local government officials. While political ignorance is common among those who state a party preference, it is more so among those who do not. Informed independents are uncommon.

That might be good this cycle because, lacking political party ties and much in the way of knowledge, they may be more easily persuaded by arguments for a minor party candidate. It is as likely, or more, to be bad, however, because their lack of knowledge leaves them with an inadequate basis to judge the competing claims of the several candidates, a situation in which most people are likely to make a conventional choice.

1
0
tom dial
Silver badge

Re: #FeelTheJohnson

The old notion of tidy "left" and "right" classifications never were very accurate. For instance, on a number of issues, Sanders came across as a fairly hard nationalist - quite "right", while the Libertarian party (and candidate) support for LGBTQ rights and loosening on recreational drug use ("left") is a bit at odds with their rejection of foreign adventurism ("right"). The Democratic party, with Clinton, covers a broad spectrum as well. Trump is Trump, and it is nearly pointless to try to categorize him or his beliefs and policy positions, but down-ticket, the Republicans, like the Democrats, cover a range that is modified significantly by their perceptions of voter leanings in their state or electoral district, where they must compete with other relatively local candidates to gain a plurality or, in some cases, a majority, of the vote. Within such districts, the ideological spread between the major party candidates very often is quite small, and much smaller than the spread between candidates of the same party in districts a thousand or two thousand miles apart.

0
0
tom dial
Silver badge

Re: @ AC

Gerrymandering affects single member electoral districts for the state legislatures and the US House of Representatives. Only 5 of the 538 electors are chosen from Congressional districts; gerrymandering is a non-issue.

First past the post has its good and bad points, but where there are at most two parties between them receive roughly nine votes of every ten, as has been true in most of the US for most of its history, it is relatively inconsequential except to those who aspire to replace one of them. And in some places where there is or was only one effective party, it was and is common to have runoffs between the two high vote getters.

Media bias certainly is a potential problem, but could be mitigated some by including Johnson in the debates along with Clinton and Trump (and Stein, too, if she could get enough poll notice).

5
1
tom dial
Silver badge

Re: Known risks with quantifiable outcomes

There is uncertainty, to be sure, but it seems extremely unlikely that Jill Stein will draw enough votes to matter unless she can find a vice presidential nominee of Bill Clinton's caliber. Johnson/Weld is a different matter, however, and are likely, especially if they manage to get into the debates, to draw both Democratic and Republican votes, although substantially more from Trump than from Clinton.

Utah will be an interesting state to study, as the Democrats went quite heavily for Sanders and do not much like Clinton, while the Republicans went quite solidly for Cruz and have a rather strong distaste for Trump. I do not think either VP candidate will change that much. I suspect the bordering areas of Idaho, Wyoming, Arizona and Nevada are rather similar, although they are less likely to affect the electoral college breakdown.

0
0
tom dial
Silver badge

Re: The one thing all the media, and this one too, won't be telling you...

Indeed, most five or six year old children in families with even the least degree of political awareness know whether they are Democrat or Republican (a few know that they are Libertarian, Socialist, or something else). The degree of change from that point is not zero, but it is quite low, almost certainly less than 20%. This is a very strange election cycle, however, and I suspect there are upwards of thirty or forty per cent. who, like me, are looking at the main alternatives, concluding that neither of them is a good match, and casting an eye in other directions. My own 6yo position was solid Republican, full of the implicitly transmitted knowledge that Harry Truman was the spawn of the devil, and although many years of education and observation convinced me that Truman ranked well among presidents (both earlier and later), I remained well within the Republican fold, with Libertarian tendencies - until now. I was prepared to vote for Bernie Sanders, had the Democrats nominated him, as a candidate of integrity and basic honesty who would be likely to engage politically with the Congress and accept the compromises necessary in a pluralistic, and political, system. I did not fear that he would, like the current president, decline to engage in political negotiation with the Congress and attempt to impose change by executive order when that non-engagement failed. As it is now, I expect to vote for Johnson and Weld who, like Sanders, are experienced political actors who seem likely to approach governing with a bit of honesty and willingness to be political.

It is true even after the excessive growth of executive power, that there are significant constraints on the president's freedom of action and power to direct things, that the policy inertia of the many government departments and agencies greatly mitigates the damage (or possibly good) even a President Trump or a President Clinton could do. But that is not to say, quite, that lack of greatness is all down to personal failings any more than great success all is a matter of individual merit and industry. Few can, by personal effort alone, lift themselves more than a notch or three, although many decades of experience confirm that government action alone is even less beneficial except to the agents who manage and deliver the benefits.

5
3

Fun fact of the day: Network routers are illegal in Japan

tom dial
Silver badge
Joke

"Violates the law, but seems not illegal" - plainly the answer to a Hillary Clinton prayer.

14
2

VC vampire: Peter Thiel wants to live forever

tom dial
Silver badge

Not "Time Enough for Love," I think, but "Methuselah's Children," the first Lazarus Long story.

4
0

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

tom dial
Silver badge

My Keepass password database is available on a usb key on the keychain that carries my house key. There is a risk associated with that, but but there are risks associated with any security system or protocol. If the keypass database is encrypted securely with secure methods, the risk is extremely low.

It costs in convenience, in that the database and the passwords within are unusable on systems that do not have the keepass program installed. I consider that reasonable because I probably do not trust those machines anyhow, as I do not trust The Cloud, crusty old codger that I am.

0
0

Illinois StingRay crackdown

tom dial
Silver badge

Re: What is happening in the USA

According to the article, the action was taken in this case by the legislature and governor of Illinois, as is proper. It had nothing to do with a US or state court. That said, a federal or state court, if presented with a case, might well find that using a stingray to track an individual requires a warrant or other court order. Similar things have happened in the past, as with Riley v California, where a judge found that searching a cell phone incident to arrest normally is to be considered a fourth amendment search requiring a warrant.

2
0

The very latest on the DNC email conspiracy. Which conspiracy? All of them, of course!

tom dial
Silver badge

Re: Just Proves Again That The Russians Are Smarter Than Clinton

Not Hillary's security (this time). Probably the same sources for SAs as hers, though.

1
0
tom dial
Silver badge

Re: Russian state actors?

While he had been a fair actor, Reagan also had long been a political speaker, and had served for two terms as governor of one of the larger states, so was better qualified than most of those eager to become candidates this year, and better qualified than any of the current bunch except possibly for Gary Johnson, who at least has served in an elected executive position, although as governor of a less complex and populous state.

8
0

Apple Watch craze over before it started: Wrist-puter drags market screaming off a cliff

tom dial
Silver badge

I have a Timex to tell me the time. It cost under $50 US and seems to be accurate to well within a second a month.

I have a smart phone to make calls. It can serve also as an alarm, a fitness tracker, an email and web browser, a calorie tracker, and a lot of other things, limited mainly by the willingness of developers to provide software for this remarkable device.

I did not, and do not, feel a need for a smart watch.

8
0

Microsoft to rip up P2P Skype, killing native Mac, Linux apps

tom dial
Silver badge

Re: Won't somebody think of my aged mother

1 Up for the CALEA mention. It should be noted, though, that CALEA was enacted to ensure that law enforcement could execute wiretap warrants. Microsoft, and most or all other carriers almost certainly would require a valid warrant, reviewed by their legal department, before implementing a tap.

0
0

How's this for irony? US Navy hit with $600m software piracy claim

tom dial
Silver badge

Re: Number of installs?

Anyone with a requirement for NIPRNET access (pretty much everyone) would have a computer for that. That would include quite a few civilian employees in addition to active duty Navy and possibly Marine Corps personnel. Reserve military personnel with a training requirement have .mil email addresses, but do not necessarily have computers, although reserve centers would have a fair number scattered about, as do ships and other installations.

Anyone with SIPRNET access would have a second computer for that.

The nearly 560K computers probably is less that the total Navy inventory, maybe by quite a lot.

2
0
tom dial
Silver badge

This should be interesting. Back before I retired and left all the BS behind, we had an IBM audit that, as I recall it, uncovered a moderate number of violations. The agency where I worked was fairly careful, but hadn't locked down all the desktops and install disks to ensure against license misbehavior. On the other hand, the Navy had engaged in a many year, many billion dollar network security initiative with EDS to secure their network, an exercise that I vaguely recall went years and billions over, and drove those who needed to interface with their systems a bit nuts. It was close to impossible to get arrangements in place to transfer data in or out of their network; in the light of this suit, it's tempting to think that might have been intended to keep others from knowing what went on inside.

18
0

Governments Googling Google about you more than ever says Google

tom dial
Silver badge

Re: Come on El Reg !

"UK MOST RISKY COUNTRY IN WORLD NEW STATISTICS SHOW"

Not so: Germany (14.12) and France (11.85) had significantly higher rates.

0
0
tom dial
Silver badge

I found it interesting that, e. g., corresponding information about France and Germany were not reported, although they were quite high for the last half of 2015:

France: 4174 requests, for 5126 accounts, with data produced 59% of the time.

Germany: 7491 requests, 11,562 accounts, data produced for 57%.

Population adjusted rates for the full year are 11.85/100K (France) and 14.12/100K (Germany); so 16% higher in France and 38% higher in Germany compared to the UK. The standout in this category is Singapore, with a rate of 82.5/100K

0
0

McCain: Come to my encryption hearing. Tim Cook: No, I'm good. McCain: I hate you, I hate you, I hate you

tom dial
Silver badge

Re: There is no age limit on Senators

No Trump, then, and no Clinton (over 70 next October), as well as no Sanders. Except for the last, I'm OK with that.

1
0
tom dial
Silver badge

Re: Technology and US Constitution Illiterate

Prohibiting use of encryption entirely would have no fourth amendment impact whatever. Doing so might infringe the first amendment, but that would be an entirely different issue.

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Clearly, a smart phone or computer can be thought of as an "effect" en this context, but the real content of this is that the government is prohibited from a range of activity -"unreasonable searches and seizures" - unless it follows procedures that were fairly well defined in the English common law long before it was adopted nearly entire by the US and have been refined and updated with some frequency in the succeeding 2+ centuries. Those protections exist as much for unencrypted or otherwise unsecured phones and computers as they do for those that are well secured.

A secured device will offer better protection against inadvertent or intentional government violation of civil rights, or undesired, unauthorized, and often illegal access by non-government entities. However, US governments have been able to gain authorization, with proper justification, obtained in the correct way, to search and seize as described in properly issued warrants. Under the US Constitution they have been able to do so for the last 225 years. Encryption does not change that except potentially to render the results of the search or seizure unusable, and that is properly a matter of concern for officials charged with enforcing the laws and prosecuting those who violate them.

See https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

I guess that Senator McCain and the others on the Armed Services Committee understand the Constitution reasonably well, although their understanding may be more in line with the actual provisions and jurisprudence than that of some others.

2
0
tom dial
Silver badge

Re: Clinton who should be in jail.

The State Department, like numerous other agencies, has, and had, a secure network. These networks have no connection to the public internet or to the non-classified state.gov network. They may be located in secure areas (some classified material requires it). Due to their nature, these systems cannot be used for ordinary email, although it is possible they have email amongst themselves and to/from the governments Secure IP Routing Network. Hillary Clinton declined to use these facilities, and instead elected to have, and use for all her official State Department email, a personal off-premise server with RDP and VNC exposed on the public internet.

The compromise of the State Department non-secure network appears to have occurred well after Secretary Clinton's tenure, although that certainly does not eliminate the possibility it was compromised earlier as well. The State Department's Information Resource Management division may have been somewhat broken, but probably did not allow remote administration via the public internet, as Ms. Clinton's servers did.

3
0

It's not our fault we don't hire black people, says Facebook

tom dial
Silver badge

Re: A key problem

Affirmative action and quotas are very much about hiring based on characteristics that nearly everyone considers not relevant to job duties or competence to perform them, in order to be able to tick boxes or supply numbers on government required forms. If they were about hiring the best individuals for the available jobs they would look at the actual applicant pool rather than the population as a whole in making comparisons.

They also might look at an organization's targeted efforts to recruit from favored minorities, or they might not. In the end and for nearly all profit oriented companies, it is not a primary goal to remedy the effects of past discrimination, and for significant "of color" groups like those of East or South Asian origin or ancestry, the problem, if there is one, seems to be to control over-representation despite the fact of extensive past discrimination, particularly against East Asians..

0
1
tom dial
Silver badge

Re: @Jimmy2Cows

First, my impression from occasional scanning of ordinary "white" newspapers is that very few IT related vacancies are posted there, and those generally have been for low level and insignificant positions for quite a few years.

Second, the implication that "black" potential applicants somehow lack the ability or wit to read the "white" press seems a bit condescending if not, indeed, quite bigoted.

6
1

FBI won't jail future US president over private email server

tom dial
Silver badge

Re: Interesting downplaying there

@MachDiamond: I was referring to the agency that employed me. While it was a DoD agency, for practical purposes it handled no information more sensitive than Privacy Act PII that it would have been a serious "no-no" to put in an email message that transited an exchange point between the NIPRNET and the public internet. I do not know whether such traffic would necessarily have been caught, but it would have resulted in at least "counseling" if it were.

0
0
tom dial
Silver badge

Re: Interesting downplaying there

PAW: Based on the quoted Wiki, which I did not look at but do not dispute, the security status of the RNC private server would be primarily a private RNC matter, as clintonemail.com certainly was not, despite the claimed instruction to retain the email as possibly covered by the Presidential Records Act. Much of what happens in the White House is in the gray area between official business and political party business. That is not the case (or is not supposed to be) for communications by the Secretary of State acting in her official capacity.

Based on reports in The Register and probably elsewhere, it is likely that the RNC's servers, like gmail, yahoo, and most other commercial services, were considerably more secure than clintonemail.com.

0
0
tom dial
Silver badge

Re: Interesting downplaying there

Executive orders covering some millions of people not legally resident in the US, for instance. The point is not that this is not something that should be done, but that it is something that, under the Constitution, requires action by the Congress, not the President alone. He didn't like the law of which he took an oath to ensure faithful execution, so he issued an executive order that executive agencies under his responsibility would not enforce it.

Comparing numbers of executive orders per president is pretty much meaningless.

0
0
tom dial
Silver badge

Re: Interesting downplaying there

"Even still the Hidabeast should be disqualified from being POTUS."

No. She meets the qualifications (Over 35, US citizen by birth). It is up to the Democratic Party convention to determine whether to put her forward, and to the US electorate to decide about her fitness to hold the office.

1
0
tom dial
Silver badge

Re: this whole thing could have been avoided

Career State Department security and IT staff who raised questions about Ms. Clinton's server were instructed "never to speak of the Secretary’s personal email system again." The State Department Inspector General's report on the matter is interesting, maybe especially for those inclined to make light of it.

0
0
tom dial
Silver badge

Re: US' sad story continues

Jeb Bush, Scott Walker, Chris Christie, and Bobby Jindal were state governers and not subject to federal laws that govern storage and processing of federal government data. They may or may not have been compliant with applicable state laws; I do not recall seeing complaints about that. Marco Rubio's alleged problem occurred when he was a state legislator, so also not subject to the federal laws that Hillary Clinton violated during her tenure as Secretary of State.

Condolezza Rice and Colin Powell (as well as Marco Rubio and most of the named governers) used commercial services that almost certainly were better maintained and more secure than Secretary Clinton's personal server setup (see, for example,

http://www.theregister.co.uk/2015/10/14/hillarys_sysadmin_next_to_the_pillory/).

Both Rice and Powell also used email far less than Clinton, whose 30,000+ emails establish a rate of over 20 a day, including weekends and holidays.

0
0

fMRI bugs could upend years of research

tom dial
Silver badge

Re: raw data ... what is raw, and what is data?

Open source software not only has nothing to do with whether raw data was/was not retained, but also cannot be assumed to be more correct or free from error than closed source. I also use, and recommend it, but do not delude myself that it is free from error, and I have plenty of examples to show it is not.

0
0

Forums