* Posts by tom dial

1806 posts • joined 16 Jan 2011

Democracy-minded DEF CON hackers promise punishing probe on US election computers

tom dial
Silver badge

Re: Hacking or Deliberate

Many, if not most, US electronic voting machines do have a paper trail in the form of a printed paper tape. During the final part of the voter interaction the tape was printed and displayed under a locked transparent panel as the voter's choices were shown on the screen. A diligent voter would have no trouble verifying that (a) the selections shown on the screen were those he or she made during the vote collection phase, and (b) were the same as those shone on the paper tape.

That was true of the Diebold machines in Ohio that I used and, as an election official, managed during the period from about 2002 to 2005, and also of the identical appearing machine with a different label that I used last election in Utah.

That said, it probably is true that corrupt software in the machines could show one thing on the screen, the same thing on the tape, and something a bit different on the memory card used for the data collection. To make that stick, it also would be necessary for the same corrupt software to show identical sums on the screen, the end of the tape, and internal to the memory card, but the same corrupt software should have no trouble with that.

Probably the best compromise overall is the manually prepared optically scanned ballot, which gives decently rapid results, is easy for the voter, and also easy to recount if there is a question. I understand Ohio transitioned to that as the earlier machines got to EOL, and I was a bit surprised to see the older variety in Utah.

5
0

Google leak-hunting team put under unwelcome spotlight

tom dial
Silver badge

Re: More to this than meets the eye.

The Brian Katz who is subject of this article appears not to be the same Brian Katz who is Next Generation National Security Fellow, 2017 at the Center for New American Security and Country Director for Syria in the Office of the Secretary of defense. The CNAS biographical information does not mention previous employment at Google, but indicates a B.S. in Economics from Duke University and an M.A. in International Relations from Johns Hopkins. The Brian Katz of Google claims a B.A. in Criminology from the University of Miami (FL).

"Brian Katz" is not an uncommon name and care in distinguishing among its various bearers is worthwhile - a Google search easily finds at least two attorneys named Brian Katz, one of whom appears to have the same middle initial as Google's security guy.

9
0

Ransomware scum have already unleashed kill-switch-free WannaCry‬pt‪ variant

tom dial
Silver badge

Re: Inevitable

Microsoft became aware of the particular vulnerability soon enough to develop and issue a remedial patch for the vulnerability more than five weeks before its first reported use in malware. The notion that ShadowBrokers reported the vulnerabilty to them is much less plausible than the more common presumption that the NSA did so. The patch was marked "critical" and that should have informed anyone paying attention of the need for prompt action. US DoD rules require deployment of these items within 10 days of availability, and while they do not always meet that, those who do not have to report often and in detail on the deployment until it is complete.

The firmware the FBI wanted from apple, contrary to repeated claims, was not installable on "an iphone" in the general sense. The order required it to be specific to the iPhone described in detail in the court order and required that it not be usable for other iPhones. That is something that Apple certainly could have ensured since the code would need to be signed by them. Apple certainly would have been ordered to provide similar firmware in other cases. However, if the cryptographic implementation was secure and Apple continued to control the signing process, release of any or all copies of such firmware would not have been able to compromise untargeted iPhones.

0
0
tom dial
Silver badge

Re: Inevitable

The present"back door" would be through compromise of Apple's (or Microsoft's) code signing key(s) or use of the keys to sign bogus software. Is there really reason to suppose that their security protections are fundamentally superior to those at the NSA? Would they not be subject in a similar way to vulnerability from disloyal or planted employees or accidents that expose them in environments less protected than planned.

0
0

Wannacry: Everything you still need to know because there were so many unanswered Qs

tom dial
Silver badge

Re: Oh, the irony!

"... you can pick/choose which updates to install."

Those who turn off automatic security patch application do need to actually choose and apply the important patches. A patch for a remotely exploitable vulnerability that allows execution of arbitrary code (e. g., MS17-010), NVD severity 8.7 if I recall correctly, is an Important Patch by any standard. Anyone clued in and attentive enough to have taken over patch management should have applied it within a couple of weeks from issue.

1
0

What is dead may never die: a new version of OS/2 just arrived

tom dial
Silver badge

Re: To quote a popular song ... 'Let it go !!!'

"running it on anything [but IBM machines] was pretty much Russian Roulette because it looked up specific things only found in IBM BIOSs" ...

I am quite skeptical of this. I ran it for a time on self assembled '486 and dual Pentium Pro systems. Neither one had an IBM BIOS, and neither one had noticeable problems with OS/2. Unlike Windows of the time, it was rock solid. It did give problems with VMs on qemu/kvm when tried a few years ago.

2
0

Do we need Windows patch legislation?

tom dial
Silver badge

Product lifetime. Therefore a meaningless statement, as probably ought to have been obvious.

0
0

WannaCrypt outbreak contained as hunt for masterminds kicks in

tom dial
Silver badge

Re: 5% of 1000 000 is 50 000 desktops.

"You don't replace equipment worth hundreds of thousands of dollars (or pounds) on the same frequency that you replace PC or operating systems." Quite correct.

You also do not put them on an intranet that touches the public Internet. Certainly not with an unsupported OS, and best never, as the cost if compromised may be a machine physically dangerous to users and others, and may be proportionate to the machine cost.

3
0

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

tom dial
Silver badge

Re: Killswitch

(1) It is not clear that there is reason to think the originators of the code would have been able to install a kill switch after it was public. In fact, there is good reason to think they could not; it's code, after all, as someone else mentioned, and highly malleable. It also is not clear that a kill domain like that apparently found was established by the original coders or would have been left in if it had.

(2) I saw nothing in the writeup to indicate blind reuse and nothing to indicate otherwise. To assume that is to assume something not in evidence.

3
0

WannaCrypt ransomware snatches NSA exploit, fscks over Telefónica, other orgs in Spain

tom dial
Silver badge

Re: WTF ..., WT actual F ?????

US DoD, for years, has allowed ten days to deploy patches to Category I vulnerabilities, which the vulnerability in question surely is given that it involves remote code execution. It now is 58 days since the patch was made available and 47 days since The Register reported leak of the EternalBlue tool. We were allowed 60 days, if I remember correctly, for significantly less severe Category II vulnerabilities. Requirements were not always met, but failure carried a requirement for detailed and frequent requirements and the implied threat of suspension of an Authority to Operate for the affected devices.

10
0

On today's a-gender: Axing net neutrality will harm America's women, say women senators

tom dial
Silver badge

The letter claims that the number of women-owned firms grew five times as fast as the total during the period between 2007 and 2016. For most of that period there no net neutrality order was effective, and in particular, providers were allowed to provide enhanced service at a higher rate. There is, therefore, very weak evidence at best that reclassification as a Title II service and the subsequent net neutrality order adopted in February 2015 had anything to do with it. Etsy, mentioned in the same paragraph, seems to have fallen on rather hard times and not grown my much in the last couple of years, but its earlier growth can hardly be credited to net neutrality requirements.

In general, it seems likely that very new businesses using or based on internet services will have less trouble paying for any necessary service enhancements than in getting noticed among a few hundred million others, some of which may already be large and well established.

2
3

Cisco patches switch hijacking hole – the one exploited by the CIA

tom dial
Silver badge

Telnet? Really?

From 2009 or so within the US DoD networks, telnet (and ftp) services were generally not allowed. There were exceptions, nearly all ftp from non-DoD data providers, and these were addressed by establishing hardened proxy servers or DMZs where traffic could be examined and transferred securely for internal use. In later years, the screws were tightened several times a year in a continuing effort to weed out remaining exceptions.along with ftp.

It exceeds my ability to understand use of telnet for administration, or enabling the telnet service on a network exposed to or reachable from the public Internet.

1
0

US copyright law shake-up: Days of flinging stuff on the web and waiting for a DMCA may be over

tom dial
Silver badge

It used to be 14 years, with an option to renew one time for an additional 14 years.

As for "to protect the small independent content creators," I foresee a problem with the implied non-protection of "big businesses who use it to bully the small people."

Small independent content creators may not have (in general probably will not have) the resources to monetize their creations, and the big businesses that do have are quite likely to be unwilling to do so without obtaining the copyright. However, if the the copyright is not effectively transferable, it will have no value to them. Like a great many market restrictions, this could reduce the total utility to the people as a whole, whether creator, non-creator producer, or consumer.

It might be possible to mitigate this by various more or less complex contract provisions, but it is not clear that we would be better off collectively than we are now.

1
0

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

tom dial
Silver badge

Re: Goibg to Jail?

The draft does not seem to say this - it seems aimed at communication carriers. On the other hand, is there anything to prevent another order, or perhaps a new law, requiring devices sold in the UK with manufacturer provided encryption be decryptable by the manufacturer, much the same as this order appears to require carriers to be able to decrypt communications encrypted by or for them?

5
0
tom dial
Silver badge

Re: Encryption is not made "illegal"

I missed that when I read the document. A clarifying reference would be helpful in understanding this claim.

1
0
tom dial
Silver badge

For a sufficiently long key current well known and extensively analyzed algorithms are thought to be secure against "breakable" for period of the order of the expected life of the universe. And the keys are not that long.

Technology and mathematical research could change that, but recent weakening results seem to be in the range of a bit or two here and there, and not overly useful in the context of a 4096 bit key.

There are, however, other means to circumvent encryption.

6
0
tom dial
Silver badge

Unless UK English words carry rather different meanings than the same (up to spelling) US English words, telecommunications providers may be required to be able to decrypt the encryption they apply or that is applied on their behalf by another party.

The document does not appear to prohibit other use of encryption, or require the providers to be able to decrypt messages not encrypted by or for them.

On its face, this appears to be a regulation governing ordinary wiretapping (and examination of mail, which I did not see mentioned in the article), with the additional requirement that a carrier could not evade warrants or other authorized orders by encrypting the communications or hiring someone else to do so.

0
0

What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years

tom dial
Silver badge

Just asking

Apologies if this has been asked and answered, but I was too lazy today to go through 165 posts to find out.

Background: my Samsung S3 (Android 4.4.2), purchased in 2012, was updated most recently in October 2014, and my wife's S4 (Android 5.0.1), purchased in 2013, was last updated in December 2016. The carrier in both cases is Verizon.

Is there a carrier that supports updates, including security updates, longer than Google? Unless there is, and the period is at least half a year longer, I am unconvinced that Google's policy warrants the scorn and criticism in the article and comments here, other than for the near universal custom of binding the firmware and software to the hardware. If they, and the carriers (for phones no longer on their network, at least) would break that tie, there would seem to be a lot less to complain about.

0
0

It's Russian hackers, FBI and Wikileaks wot won it – Hillary Clinton on her devastating election loss

tom dial
Silver badge

Re: Comey

Some reports at the time had it that there were some FBI agents or US Attorney staff lawyers in the New York area who were quite upset about hushing up the Weiner matter, and it might well have leaked before the election or, maybe worse, after it. As it happened, both letters were public before the election, and comparable poll series do not show that they had any definite effect.

2
0
tom dial
Silver badge

I doubt that more than 5% of the population understood the difference between an email server and an email account, or that her bad behavior with respect to that really affected the election outcome. It had no effect on those who already had made up their minds one way or the other and neither did Comey's letters; indeed, his news conference when declining to prosecute over it seems to have had no lasting effect. As for the undecided voters, it probably had no real effect on them either; nearly all would have been leaning one way and ignoring it or the other and also ignoring it. In fact, nearly everyone had fully incorporated it before the conventions, just as they had decided to tolerate Donald Trump despite his shortcomings or reject him because of them.

2
0
tom dial
Silver badge

Re: Real Reason

William Jefferson Clinton is an extremely accomplished electoral politician. If she had listened to him, and more importantly insisted that her general election campaign management do so, she probably would be President now.

Another issue can be found in her State Department tenure, particularly in the email fiasco. Setting up that illicit server demonstrated that she elevated her personal goals above her sworn duty, and that she disrespected both her boss, the sitting president, and her pemanent foreign service and civil service subordinates: the president, in that she knowingly violated department and government wide regulations, and her subordinates by enforcing on them conduct she failed to observe herself and, worse, by compelling them to evade those same regulations in order to communicate with her by email. Beside those things, it is not completely unreasonable to think carelessness with a small amount of classified material, as bad as that is, might be less consequential in judging whether she should be elected.

5
0
tom dial
Silver badge

Re: Least disliked

While I am inclined to agree that Sanders would have had a better chance than Clinton against Trump, it was not in the cards for him to win the Democratic party nomination, and not alone because of sharp dealing within the party organization. For starters, he was not a Democrat until he decided to run, and was. Second, Clinton, had been running for years and had a well-oiled organization, as well as Debbie Wasserman-Shultz and the superdelegates. Sanders was a late entry and had much less in the way of an organization. Either one of those can be offset to a degree by supporters' enthusiasm, but in combination they are almost sure to be fatal.

I am not a Democrat, but Sanders probably* would have got my vote over Trump. He is an experienced politician (in some ways more so than Clinton), and I judge him to be decent and honest. I doubt he would have had much success in getting his program through the Congress, any more than Trump or Clinton, but I do not think he would have treated us to the shenanigans of either of them.

* There were other candidates.

7
0
tom dial
Silver badge

Re: Not entirely correct.

States choose electors as provided by their respective constitutions and laws. Maine and Nebraska elect two based on the state total and one in each congressional district. Accordingly, in Maine, Clinton got 3 electoral votes, and Trump one. Nebraska's three district and two at large electors all went to Trump, but it could have come out otherwise.

A number of misguided states have entered into a compact whereby they will, by law, assign all their electors to the winner of a plurality of the national popular vote. The compact will take effect if joined by states having a total of more than 273 electoral votes Some people do not think this is a good idea, but there is little doubt that it is legal.. It has been approved by law in 10 states and the District of Columbia, with a combined total of 165 electoral votes; all of them, for the present, return a Democratic majority fairly reliably. My suspicion is that it would not long survive the first election similar to that of 2016 that was carried based on very large majorities in a fairly small number of states.

2
0
tom dial
Silver badge

Re: Not entirely correct.

It is interesting to look at maps showing the election results. A number of them are at

https://en.wikipedia.org/wiki/United_States_presidential_election,_2016

A total of four non coastal states went for Clinton. Four of the 21 (including DC) where she received a majority or plurality of the popular vote. The often mentioned popular vote majority was smaller than her margin in California alone, or the four adjacent states of New York, New Jersey, and Massachusetts. A look at the county level map shows her support even more narrowly clustered near the big waters or boundaries.

2
0

Trump trumps US Digital Service with order to establish American Technology Council

tom dial
Silver badge

I read the order. It has very little content, assigns no meaningful authority to direct changes, and the ATC members have enough on their schedule to render their participation in it useless. It will deteriorate quickly into periodic presentation of white papers similar to those touted in my daily spam, that nobody will read; and decision papers that summarize and direct what already is being done.

On the other hand, it probably will be relatively cheap because everyone involved already is on the payroll, and it is barely possible that it will divert some of them from other mischief.

1
0

What's driving people out of tech biz? Unfair treatment, harassment, funnily enough – study

tom dial
Silver badge

Re: Left A job the technology industry

The linked white paper, which I read, did not state that the survey respondents had left the tech industry. From the paper's description of the sample:

"The Kapor Center for Social Impact and Harris Poll conducted an online

survey of a nationally representative sample of 2,006 adults who have left

a job in a technology-related industry or function within the last 3 years."

1
0

Don't listen to the doomsayers – DRM is headed for the historical dustbin, says Doctorow

tom dial
Silver badge

For copyrighted material DRM is not the problem. Under copyright laws, an author or assignee is granted a monopoly over production and distribution of a work for the duration of the copyright. There is no legitimate reason they should not use whatever technical means there may be to protect that right. Moreover, there is no really good reason that the government, having awarded the right, should not further protect the DRM with laws that criminalize evasion of the DRM protections.

Those authors and assignees certainly had input, but are not wholly responsible for the fact that copyright extends for 70 years beyond the creator's lifetime and for anonymous or hired works for 95 to 120 years. They are, no doubt, quite happy to take advantage of that. Yet It is that duration that is the real problem. Copyright duration once fell within somewhat reasonable bounds, and there would be far less reason to whine about it, or about the DRM, if that still were so.

The great majority of works probably exhaust their practical capability to generate revenue in no more than three to five years, and the original period of 14 years with an optional 14 year extension should be enough for an owner to collect whatever can be in almost all cases.

2
2

Republicans want IT bloke to take fall for Clinton email brouhaha

tom dial
Silver badge

The IT company's guy (a) wiped the disks thoroughly and (b) had the backups deleted and destroyed. This at a time when it was perfectly clear to anyone smarter than a pet rock that there would be a demand for their production for an investigation. As such behavior plainly hints at obstruction, the committee may be interested in whether orders were given to do that, by whom, and whether there is documentation of that. So far, it appears that the administrator copped to doing it on his own - I believe after a grant of immunity. That may be the end of it, unless they have evidence that it is not so, in which case both he and whoever gave the order could be in trouble.

As to scanning outgoing mail for classification marks: there were reports in generally reliable media that in some cases Secretary Clinton or one of her aides ordered "sanitization" before transmission by insecure fax. Some of the classified email material may have been included by copy/paste and omitted classification information. While either represents significant mishandling of classified material, and certainly would not declassify it, doing so would make it orders of magnitude harder to filter it. It should be noted, too, that nothing classified secret or above is permitted to be stored on a network interconnected with the public Internet.

1
3
tom dial
Silver badge

"She [said] she never sent or received anything classified at the time." - Fixed.

According to the FBI report after the investigation, she did. A few of them were top secret and some of those were further restricted to those with access to specific programs.

Repeating untrue statements, especially those made by political office seekers, will not make them true, and on sites like this one, where quite a few of the commenters are well informed, often will elicit a correction.

0
1
tom dial
Silver badge

Re: I'm ignorant! But I'm commenting anyway!

BigJohn's hypotheticals are beside the point, as well as generally incorrect.

- Trump did, indeed, get fewer votes than Clinton. There is no rational basis to doubt that. Yet Clinton won a majority of the vote in 13 states and the District of Columbia, and a plurality in 7 more. Trump won a majority of the votes in 23 states - nearly half - and a plurality in 7 more, and a clear majority of the presidential electors. That makes him the President. Legitimately, by the only standard that applies.

- Any suggestion of discouraged Trump voters in California and New York (and a number of others) has to meet the opposing suggestion of discouraged Clinton voters in a number of other states. But in any case, hypothetical votes do not count.

- The claim that more than a few handfuls of aliens or othewise unqualified people voted has no reliable support. It is pure fake news.

2
0
tom dial
Silver badge

Re: I'm ignorant! But I'm commenting anyway!

I doubt anyone seriously claimed that any of the Clintons made money on the Clinton Foundation other, possibly, than a trustee fee of the sort usually payable but sometimes declined.

The question some people have raised is whether some of the gifts to the foundation were made anticipating possible benefits after Ms. Clinton's election to the presidency, especially gifts from foreign sources, some of which were governments or otherwise government-connected. Reports of significant declines in donations since the election, although mostly not from sources I think highly reputable, suggest some of them were so motivated,

0
0
tom dial
Silver badge

Re: He should take the fall

Sorry, but neither the US News article nor the USA Today article to which it links -

https://www.usatoday.com/story/news/2016/09/07/powell-email-advising-clinton-personal-email-released/89984698/

even comes close to hinting that Gen. Powell advised Secretary Clinton to set up a private email server. There is a large difference, probably quite well understood by most who post on this site, between operating a collection of servers and using a commercial email account.

That said, it really does not matter what General Powell might have told her. There were major changes to the law, federal information processing standards, and State Department regulations between his appointment as Secretary of State in 2001 and hers in 2009. The rules governing her actions were those effective in 2009 and the following years.

The rules that applied to Secretary Clinton required that a server used to store and process government data - including email - had to be approved for the purpose by the department's certifying authority who, for the Department of State, was the CIO. The certification presumes verification of compliance with a long list of specific requirements that Secretary Clinton's servers plainly did not meet, and the CIO stated to the DoS IG that the server was not approved and would not have been if it had been requested.

1
2
tom dial
Silver badge

Re: He should take the fall

FISMA may not carry criminal penalties for violation, but employee violations certainly couldlead to adverse personnel action, and if repeated probably would. Adverse actions may vary from oral reprimand on upward to dismissal. An agency civil service executive who arranged a server like Clinton's almost certainly would be on the receiving end of upper end adverse action unless she discontinued its use pretty quickly.

By maintaining her server as her (and her closest aides') only line of email communication, Clinton put her subordinates in the uncomfortable position of either putting themselves in position for disciplinary action or finding a different, authorized, and probably much less efficient means of communication.

Clinton aside, there is plenty of blame to go around. The State Department IT staff identified the server as a problem at some point and were told to bugger off. Apparently they did, rather than either push the issue or report it to the IG or federal whistle blower contact. They also did not take the fairly obvious action of blocking communication between the State Department and clintonemail.com servers, which probably would have brought things to a head rather quickly.

1
0
tom dial
Silver badge

Re: Bah!

"Fox ... brought you the Tea Party" credits them far beyond what is due. They probably reported on it more approvingly than most of the other major media, which generally lean leftward in their reporting, but the movement itself originated without media help from Fox or anyone else, largely as a result of some Republicans' perception that the government was not working as they thought proper.

Nearly all news is delivered with a slant using a combination of selectivity about what is reported and which details, and use of loaded language. Many years ago the New York Times (before it had color pictures), the Washington Post, and the Wall Street Journal generally reported the news without notable bias. That has not been true of the NYT or Post for years. I no longer read the Journal and don't know what has happened to it under the Murdoch regime. TV news has long been better thought of as entertainment, and Fox is no worse, despite being differently slanted, than any other. The less said about the Internet the better.

1
0
tom dial
Silver badge

In addition, the backups were deleted and destroyed. That was done after Secretary Clinton left office when Platte River Networks was doing the system administration, and may be why the committee is interested in hearing from Mr. Suazo.

3
2
tom dial
Silver badge

The classified emails on the servers appeared by magic! Who would have thought it possible.

2
2
tom dial
Silver badge

Re: Can anyone tell me

This often repeated analogy is a false equivalence attempt. Those emails were "lost" owing to a backup failure, but later were found (in other backups, as I recall). There was no particular evidence in that case of more than operations sloppiness in a commercial entity.

1
1
tom dial
Silver badge

Re: What laws did he break?

"He set up a private server ... which was legal."

That is untrue, on two counts. First, Platte River Systems did not set up the server, but took over administration at a later date which, I believe, followed Ms. Clinton's departure from the State Department. The server was set up by Brian Pagliano, who had worked for Ms. Clinton's 2008 presidential nomination campaign. He was hired, presumably at her request, as a political appointee at the State Department to advise on IT matters at a salary that probably exceeded $100,000 pa, and moonlighted as administrator of the clintonemail.com servers. According to the DoS IG report, he performed some of those duties from his office at the DoS. Second, the servers violated State Department regulations derived from National Institutes of Science and Technology standards that were written to tell federal agencies how to implement requirements of the Federal Information Security Management Act of 2002 (44 U.S.C. Chapter 35). They were set up and operated in violation of the law.

Platte River Systems was under contract to administer the systems during the period after Ms. Clinton left the State Department and before the systems were delivered to the FBI for analysis. During that period, at a time when it was common knowledge that the servers and their contents were the subject of an investigation, their administrator wiped the disk drives with multiple pass overwrites and destroyed all the backups. The administrator, and Brian Pagliano, were immunized in exchange for cooperation, but as far as I have seen that did not apply to either Platte River Systems or its officers.

The analogy between Platte River Networks' responsibilities for Clinton's servers and Google's for an email account is both specious and irrelevant to the issue at hand.

10
3
tom dial
Silver badge

Re: He should take the fall

I haven't seen such a collection of alternative facts in a while.

- Hillary's server did violate the law - FISMA 2002.

- General Powell did not advise Secretary Clinton to set up a private server. One downvote for what appears to have been intentional and disparaging misspelling of General Powell's given name.

- President Trump may use Twitter from an insecure device, but I have not seen it reported that he used an outside email service to conduct government business. It is not obvious that using Twitter from an insecure device is significantly worse than using it at all.

It is quite understandable that you would post anonymously, however.

25
10

FCC's Pai: I am going to kill net neutrality in US

tom dial
Silver badge

Re: Net neutrality

"* This will require some form of regulation."

Yes, it would. That does not mean it will require government regulation, however. Service level is, or can be made, a matter of contract. Companies like Netflix are well situated to monitor contract compliance and litigate over failures. End consumers, even in the absence of government regulation, have contracts that could be litigated as class actions against providers that consistently fail to deliver the contracted service.

0
0
tom dial
Silver badge

Pai has worked in various federal government positions for all but 26 months of a roughly 20 year employment history. His employment by an ISP (Verizon) ran from February, 2001 to April, 2003. His predecessor, Wheeler, on the other hand, spent 45 years in the private sector, at least 22 of them in telecommunications. Disagree with either of them as to policy if you wish, but neither is a good example of tainting based on prior employment.

0
0
tom dial
Silver badge

It is a somewhat unfortunate fact that competition is hard to arrange for services that require a large capital investment for each customer. There is a reason why there usually is only one electric power company, one water company, and one natural gas company in any area. The same applies to a slightly smaller degree to communication services, which often can share part of the investment with the power company and historically have had implicit subsidies, either long distance service (pre-1984) or cable TV. Fiber to the home is slow to come partly because of lack of incentive for the substantial additional capital investment that would be required, but is reported to have produced a competitive response where Google has entered the market. Radio based internet service, with lower per customer investment requirements might be a competitor, although in the Salt Lake, UT area it does not seem to have made much of a mark in the last few years.

0
0
tom dial
Silver badge

Re: Yet another example

It might be a good idea to be extremely wary of such a proposal as "single subject legislation." It is the rule in some states, and probably works well enough in them. States, compared to the US as a whole, range from tiny and densely populated to rather large and sparsely populated with a substantial part of the population concentrated in a few large cities. Within most states the range of opinion is not really very large and the distances involved mostly are within a day's automobile travel. The US, by contrast, is vast, even the lower 48 states, and the issues and range of opinion about them varies by a correspondingly large amount.

National legislation must be passed by a majority of each house of the Congress. In the Senate for sure, and generally in the House of Representatives as well, that means legislation requires votes of senators from a large number of states for passage. For many bills that is not a problem, but for those where significant geographic differenced of opinion operate, incorporating a number of disparate matters into the same bill allows formation of coalitions that allow passage of combinations in which a majority of the legislators can vote for something important to their constituents while concurring with the same vote in a matter their constituents do not care much about but that is important to those of other legislators. Eliminating that as an allowable tactic might lead to more ideological purity at the cost of making bill passage even more difficult than it is at present. It is not clear why one should think this would be a good idea.

0
1
tom dial
Silver badge

Re: Yet another example

One third to repeal is, in a sense, the arithmetic equivalent of two thirds to enact.

The problem, in my opinion, is not the executive orders as much as the overall, and overwhelming, size of the federal government. An executive order cannot exceed the Constitution and laws, as we are seeing in the judicial attacks against some of those issued by both Trump and Obama. The vast majority of "rules" are issued by executive branch agencies, and exceed by many orders of magnitude what is possible for the Office of the President. To compound things, the Supreme Court has, so far, generally acceded to executive agency interpretations and extensions of laws enacted by the Congress.

The question of legality as to Trump's immigration orders is a work in progress. Court use of campaign statements as a basis to find the orders unconstitutional seems odd view of the manifest fact that neither order came close to implementing those campaign statements. The first order arguably overstepped as to those who already had valid visas, but that was eliminated in the second, which was temporarily enjoined on the same basis. It seems perverse to impute meaning clearly absent from the orders based on campaign statements when, as a rule, campaign statements generally are considered to be inconsequential and to be ignored. It is o be hoped that such rubbish will be struck down in the decisions on the permanent injunction or by a higher court on appeal.

The additional argument, accepted by the courts so far, that states would be damaged by the orders, seems too general and weak to be adopted as a general basis for standing or finding of violation. As a precedent it seems likely to open the door to a wide variety of mischief, as such "damage" could be attributed to an enormous range of federal executive branch action.

0
2
tom dial
Silver badge

Re: "government control is the key to the ability to speak your mind"

The US government was established to govern. It was expressly prohibited from governing "speaking your mind." Despite a number of notable exceptions, the judicial branch has hammered that prohibition down fairly consistently over the following two and a quarter centuries.

3
0
tom dial
Silver badge

Re: Yet another example

The rights of political parties in the US is effectively guaranteed by the first amendment to the Constitution, especially the part that forbids the government abridging "the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." The fourteenth amendment extends that to the states and their political subdivisions.

That is pretty much what the parties, in an organized and continuing way, do. Smashing them up would not be likely to work in the US. Party name allegiance has been shown to be very durable over time, preventing establishment of significant regional parties as in, for example, the UK. That doesn't mean a party advocates for the same policies across the country; it does not. Montana or Wyoming Republicans or Democrats tend to be quite different from members of the same party on either coast. Because there is only one president, the parties come together every fourth year, paper over the differences for a week or ten days, adopt a platform with lots of important sounding words designed to be as vague and inoffensive as possible, and choose nominees. Sometimes it works out badly, as in 2016, when each major party managed to choose a candidate disliked and thought untrustworthy by a majority.

3
2
tom dial
Silver badge

Re: Yet another example

That might be a help, especially if supplemented by a requirement for 1/3 in each of the House and Senate to repeal legislation.

The march of executive orders by Trump is, so far, no more far reaching than Obama's executive orders, even if several of them had not been enjoined temporarily by the courts. As the injunctions show, however, an executive order may not exceed what the Constitution and the laws enacted by the Congress allow.

2
4

Linux kernel security gurus Grsecurity oust freeloaders from castle

tom dial
Silver badge

Re: Grsecurity makes money out of Open Source

The GPL part of their software is available at no cost, via CentOS if not directly from them. Red Hat charges for support and for tools and other additional non-free software, as also is their right. And they are, as stated, doing alright with that model.

0
0
tom dial
Silver badge

Re: Grsecurity makes money out of Open Source

You also are free to charge whatever you like for the software, but are unlikely to attract many buyers.

3
1

Hackers uncork experimental Linux-targeting malware

tom dial
Silver badge

And how would the hack succeed if the SA used proper key-based identification and authentication?

0
0

Forums

Biting the hand that feeds IT © 1998–2017