Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
User Journal

Journal: Motorhead's Motorboat! Sept. 28 - Oct. 2 2

Journal by grub

Last September I went on the most amazing thing ever: the first ever Motorhead's Motorboat! A heavy metal cruise full of great bands that went Miami - Key West - Cozumel - Miami. Four days of partying and heavy music.

They're doing it again this year. I've already pre-booked on Motorhead's Motorboat this time around.

Perchance did any of you go on the first or looking at this one?
User Journal

Journal: A Cure Worse than the Disease: Amending the Constitution vs. Citizens United

Journal by einhverfr

Recently a set of six senators have proposed a Constitutional Amendment to overturn the controversial Supreme Court case of Citizens United v. FEC which held that corporations were allowed to make unlimited expenditures with regard to elections provided that those were independent expenditures, not coordinated with candidates.

The Citizens United case overturned two previous Supreme Court cases, McConnel v. FEC (which was a case the court evidently had trouble drawing lines over given the fact that 9 justices produced 8 opinions, and pieces of four of the opinions commanded a majority of the court), and Austin v. Michigan Chamber of Commerce. Some First Amendment scholars from across the political spectrum have hailed the decision. For example Eugene Volokh, a Republican, has generally felt this was an important protection of Constitutional liberties, and the ACLU played an important role in filing amicus briefs in favor of Citizens United, and has been very much in favor of the decision. Others have seen it as an open invitation to Corporations to meddle in politics.

Before we get into the Constitutional Amendment and why everyone, on both sides of this issue, should be opposed to it, it's worth noting that the questions of first amendment law in election finance cases seeks to balance two competing interests. The first is to ensure that the people can write and publish on political topics surrounding an election, and the second is to ensure the integrity of the elections. Citizens United draws this line by saying that independent expenditures are different from coordinated expenditures (5-4 holding, but the dissent didn't offer an alternative except to wait for another case), and that disclosure laws were entirely Constitutional (8-1 holding). The fundamental problem is that while money is not speech, regulating how people can spend money in order to express themselves regulates a lot of speech. The court correctly noted that the Constitution didn't differentiate between, say, the New York Times and, say, Merke, and therefore, couldn't grant the government the ability to ban Merke from buying television ads without banning the New York Times' right to print editorials in favor or opposed to candidates.

Indeed the concern over freedom of the press was at the core of Citizens United. Surely when Alito asked S. G. Malcolm Stewart if the government could Constitutionally ban books, he had no idea that the only answer S. G. Stewart could give would be "yes" (an answer repeated by S. G. Kagan at rehearing, see the same link above for all oral argument), and hence a question probably intended to address an issue of statutory interpretation set the stage for a Constitutional showdown. To be fair, both Stewart and Kagan tried very hard to avoid giving that answer but both were unable to come up with any alternative that would save the law as written, because the Supreme Court tends to err more on the side of facial challenges (striking down laws) than as-applied challenges (mandating exceptions) when it comes to freedom of expression. The dissent felt the correct decision was to say, in essence, "we don't have sufficient record to make this decision. Declare it as moot and let them bring another case to us through the courts."

Citizens United was hailed as a major First Amendment victory by the ACLU, and many other organizations which work on First Amendment issues, and by major First Amendment scholars such as Eugene Volokh. However, many others have seen it as a doorway to corporate tampering with our elections.

However, for any controversy, there are solutions that are far worse than the cure. This is one of them. The relevant portion of the proposed Amendment is:

SECTION1. Congress shall have power to regulate the raising and spending of money and in kind equivalents with respect to Federal elections, including through setting limits onâ" ...
(2) the amount of expenditures that may be made by, in support of, or in opposition to such candidates.

The omitted paragraph 1 allows the government to regulate gifts and donations to candidates, something already within the power of the government. Section 2 grants identical powers to the states.

Now, it's important to note what is covered under Section 1 paragraph 2. In essence any money spent communicating a message on an election for or against a candidate in any way falls under government power. Presumably this could include purchasing gas to go to a rally, publishing pamphlets, buying Obama's books to give to undecided friends in 2012..... These are all independent expenditures and could fall under government regulation under such an amendment. And nowhere in the amendment does the word 'corporation' appear.

In essence the proposed amendment is that we trust to Congress the ability to arbitrarily limit the freedom of the press not only by corporations but also by natural persons. Such an amendment would prevent a first amendment challenge to some laws already on the books (say, a foreigner here on a student visa publishes a blog posting on a site that he/she pays for hosting on opposing an anti-immigrant candidate. This is already against the text of campaign finance law, but would probably allow either an as-applied or facial challenge to the law even before Citizens United but that would be taken away).

This proposed Constitutional Amendment then goes well beyond repealing Citizens United in that it takes away Constitutional protections that each of us enjoy.

Now, the subject of independent expenditures is a controversial one. However, given that only defenders of Citizens United have offered any data defending their side, I am forced to at least tentatively conclude that the ACLU is right on this one. However for the purpose of the rest of this post, I will assume that this is a serious problem and offer recommendations for changing this proposed amendment so that it does not strip us all of fundamental Constitutional rights.

If the problem is a concentration of power over spending in our elections, it seems to me unwise to further concentrate that power in the hands of the state. Instead it would seem to me that granting power to Congress to curb the worst abuses only, while preserving the power of the common man would be preferable. In this case, if the problem is specifically corporate spending, then allow Congress to limit Expenditures, not part of profit-making goods and services offered at standard prices, on the parts of for-profit corporations only. This would be sufficiently broad enough to ban Corporate donations to Citizens United and the ACLU, but not sufficiently broad to regulate what fliers and pamphlets you or I can print to distribute. It would allow Congress to prevent Corporations from offering special discounts for such material, but would not prevent them from offering standard discounts (such as volume discounts available to everyone else).

In the end, it's easy to get whipped up into a frenzy and believe that because we must do something that this must be done. This is unfortunately common. We see on the other side of our politics, amendments to state Constitutions which forbid state judges from using foreign laws to inform decisions, forgetting that in international contracts or other cases where conflict of laws issues may come up, these foreign laws are extremely relevant to the cases. Like this present proposal, the problem is with being overbroad, and therefore causing a great deal of harm to our basic freedoms in the name of solving problems.

Every American should be opposed to this amendment. Those who oppose Citizens United and seek to overturn it should insist that the amendment to do so be narrow. Those who support it should listen to the others but make sure their concerns are addressed.

Databases

Journal: LedgerSMB 1.3.0 -- Why it's cool

Journal by einhverfr

LedgerSMB 1.3.0 was released today after several years of development (perhaps nearly joining the ranks of Perl 6 and Duke Nukem Forever). The release offers a number of compelling features, such as separation of duties, far improved payment handling, better cash reconciliation and the like. But what makes LedgerSMB 1.3.0 cool is how we are pushing the envelope technically and attempting to provide a framework for quickly building new programs which re-use our application's functionality.

Simply put, the cool approach we are taking is in making stored procedures discoverable, much like web services. This is done by assigning semantic meaning to argument names, and then using a mapping function to pull argument names from the system catalogs, mapping these to object properties. This offers many of the benefits of web services, such as offering a looser coupling between database and application layers than is traditional, and it facilitates the development of add-ons or even other applications which re-use LedgerSMB functionality.

One key element to making this work is the principle that the database in such an environment should be the centerpiece of the computing environment rather than the bottom tier of a multi-tier architecture. Thus every application user is a database user, the database itself enforces permissions, and can act not only as a data store but also a message queue, possibly routing data to other applications (via queue tables and PostgreSQL's LISTEN/NOTIFY framework). In essence the database does everything that could be done with set functions.

Of course the database doesn't do everything. We don't hand it raw http query strings, or have it output HTML documents assembled from data inside the database. This is the job of the application layer, which is to manage the interaction with the human component. Separating this role off, then allows for more diversity in usage in the future. We are thus no longer tied to a web interface for the long-run, and could allow other client apps to be built on our software in the mean time, all sharing a common security and data logic framework.

In this regard, PostgreSQL takes on traditional middleware roles in LedgerSMB from 1.3 onward. This isn't to say it is an application server in the classical sense, but rather that it takes on many roles of application servers. We've found this approach to be quite scalable because hand-tuned SQL generally performs better (and is easier to troubleshoot) than ORM-generated SQL statements, and yet of course much business logic is not in the db server at all but rather in the application which provides the interface between the db server and the user interface, whatever that may be.

Work has already begun on 1.4 to take this approach to an even higher level, as we re-engineer the financial logic to make use of this approach.

User Journal

Journal: A letter

Journal by lyoz

Remember the bridge in Newport? I think we both agreed it's like a highway to heaven, a gate to paradise. It's so worthwhile, the waiting for your realisation, the awakening of you, I know it and know it so much now. On halfway, there were tears flooding my pillow, music played a thousand times. Then I knew Loving also makes you strong.

Now, I know you are there, waiting for me, going home. I let the virus invade my body. In the feverish sleep, I fell into a million parts, each of them grew into a full moon, hanging above, yearning for your love, and loving you.

Allow me to crash
to be sick
to be weak

I was reborn / will be reborn every day, if your love stretches out, from far to near.

Love me as much as you can
more than you can

Yours,

User Journal

Journal: Star Trek meets Candyland 5

Journal by grub

The other day my family was playing Candyland. Our daughter was getting into it so I started playing some classic Star Trek fight music.
The music ends just as she advances to GLORIOUS VICTORY!

YouTube video here

It's awesome, not that I'm biased... :)
Bug

Journal: Slashdot link weirdness solved: rogue link tracker 5

Journal by nacturation

In the last week or two links to external sites on Slashdot generally don't seem to work unless I click several times. This only appears to happen on Firefox... Chrome is unaffected. I haven't tried IE, Safari, or any other browser. Finally fed up with it, I decided to look through the javascript to see if there was anything funky going on. Looks like there's a script being included from leads.demandbase.com that defines some kind of click tracker. Here's a snippet:

  • else if(a[i].className.match(/clicky_log_outbound/i)){clicky.add_event(a[i],"mousedown",clicky.outbound);}else{clicky.add_event(a[i],"mousedown",clicky.click);

So if you find you've oddly had to click a few times to RTFA, it's not your mouse button dying. Open up adblock and disable everything from leads.demandbase.com and it will be fixed. Links clicked once in Firefox will properly load as they used to. Thanks Slashdot for using an external company for tracking my click behavior. Though perhaps implementing this poorly is Taco's way of giving us a heads-up. Much like the "Idle" section, his overlords may have mandated the addition of this awesomeness to the site and by making it break it alerts us to what we need to block. In which case, a non-sarcastic thanks is due.

I also found this wonderful gem:

  • function pageload_done( $, console, maybe ){
            pageload.after_readycode = (new Date).getTime();
            pageload.content_ready_time = pageload.content_ready - pageload.before_content;
            pageload.script_ready_time = pageload.after_readycode - pageload.content_ready;
            pageload.ready_time = pageload.after_readycode - pageload.before_content; // Only report 1% of cases.
            maybe || (Math.random()>0.01) || $.ajax({ data: {
                    op: 'page_profile',
                    pagemark: pageload.pagemark,
                    dom: pageload.content_ready_time,
                    js: pageload.script_ready_time
            } });
    }

Unless my javascript is really rusty, won't this report 99% of cases?

Anyway, pass this information on so everyone can RTFA without the hassle.

User Journal

Journal: Why The Encryption Back Door Proposals are Bad (Technically) 2

Journal by einhverfr

Permission is hereby granted to distribute modified or unmodified copies of this content far and wide. I, the author, do request though do not require that the link to the New York Times story is preserved in any redistribution, however.

(Copyright (c) 2010, Chris Travers)

The New York Times has reported today that the Obama Administration is seeking legislation to require backdoors into encryption software that could be used for wiretapping. I believe this is deeply problematic for both technical and social reasons, but the technical reasons are probably the worst. Because this area is not well covered in the existing articles, I figure it's worth giving a quick primer here.

  Types of Encryption

The simplest form of encryption is what's called symmetric encryption. It comes in various forms, some simpler than others, but the basic process is conceptually simple. Two parties share a secret. One party takes the message and encodes that message with the shared secret, and the other party decodes it using that same shared secret. This encryption is reversible and the key is the same on both sides.

A trivial example might include what we think of as ROT-13 (used for obfuscation) where every letter is rotated 13 places forward. So "this is a sample message" becomes "guvf vf n fnzcyr zrffntr." Of course such a cypher is easily broken, but there are very good quality symmetric cyphers available, such as AES.

The real problem with symmetric cyphers is that they require that both sides knows the same key before encrypted communication begins. If you are communicating with a lot of third parties, you would find you'd either have to publish the key (making sure everyone else could decrypt the same messages!) or find some way of getting the keys to the other parties in advance. This obviously renders this form of encryption useless for initiating secure communications with individuals one has never met.

To solve this problem, public key encryption was designed. Public key encryption uses two keys, called a public key and a private key. Knowledge of the public key is not sufficient to derive the private key through any sort of feasible process, and these keys are usually very long (AES may be 256 or even 512 bits long, but public/private key pairs are often 1024, 2048, or 4096 bits long per key), making brute force even harder (since the public key is expected to be publicly available).

The public key is then published and the private key is retained. A user can then look up a public key, encrypt a message with it, and only the holder of the private key can decrypt it. Similarly a private key holder can sign a cryptographic hash of a message and anyone with the public key can validate this "digital signature." (A cryptographic hash is another form of encryption with is one-way, and is used in document validation, tamper-proofing, and password checking.)

Public key encryption depends on the idea that ONLY the appropriate party has the private key. When you make a secure purchase on, say, Amazon.com, Amazon sends you their public key, and you and them use this to negotiate a symmetric cypher (probably using AES or RC4). In this way you know the key was properly exchanged and eavesdropping on this sale by criminals is not possible. When you enter your credit card data is not intercepted by criminals. Protection of the private key is very, very important to this process, but even knowing the private key does not enable you to eavesdrop on a conversation in process since that's done with a symmetric cypher.

SSL, PGP, IPSec Opportunistic Encryption, and related technologies all use asymmetric encryption, but the differences tend to be in how keys are published and who is vouching for them. SSL is designed so that you know who you are talking to because a third party (like Verisign) is vouching for the identity of the server.

Problems with Backdoors in Public Key Encryption

To effectively wiretap public-key-based communications, you have to have access to the private key, or you have to tap them post-decryption. Tapping post-decryption works fine in some contexts, such as what you are purchasing at Amazon.com. However, it does not properly work when trying to capture the content of encrypted emails, since these are usually encoded with the recipient's private key. Communications encrypted in this way are not generally vulnerable to interception in the middle. Moreover, communication itself could include encrypted files as attachments and such which could be handled entirely outside the flow of the program (I can encrypt a file and then attach it and my email program doesn't care if it is encrypted).

There isn't a real way to retrofit peer to peer communications programs to allow this sort of interception without compromising the core of how encryption works. A company may maintain their own certificate authority and use it to publish keys for internal company communications. A person taking a company laptop home may then use those certificates to encrypt emails. There is no way to intercept the content of these communications without requiring that the company keep copies of all private keys, thus compromising their own security. Similarly, if I email out an OpenPGP key or an OpenSSH key, these are not sufficient to wiretap the communications that would be encrypted using those keys. The only way out would be to require the makers of the software to include a facility sending the private key to some sort of escrow service which could then provide the key to law enforcement, but this compromises the basic integrity of the software, and any attempt on open source programs could be easily circumvented.

Consequently, this doesn't actually affect the sorts of technologies an organized crime ring is likely to use. Instead it makes each of us more vulnerable to government spying, and it makes key data, such as credit card data, far more accessible to criminals.

Such a law would thus benefit organized crime at the expense of the average consumer. It's an unbelievably bad idea no matter how you look at it.

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...