Forgot your password?
typodupeerror

Comment: Re:Also Disturbing (Score 1) 116

by danheskett (#46771699) Attached to: Lavabit Loses Contempt Appeal

Well you are right. Thanks for that. I think that I have improperly cement Section I as the only one establishing courts because it is the one most cited in research, Section II being well settled by this point.

I was not originally suggesting the Court seek out cases or controversies, or have a police power (like in, say, France).

I do suggest that they need to actively distrust in hearings and rulings the claim that the Government will do what it says. In the case, Lavabit, the Government says matter of factly that it will not use the SSL keys to do anything to the other 400,000 customers of Lavabit's service, but that is (a) not binding and (b) not believable. It would be ideal if a Judge, hearing such a claim, pro-actively took steps to either force the Government to adhere to that (i.e. consent agree) or to in some other way hold it harmless. It is really in a way too bad that the Government can't usually be forced to post a bond. Levinson was fairly clearly concerned that the Government would overstep their authority, leaving his customers damaged and himself without recourse. This was the nature of his request to provide the data after the fact (after he could verify it was only targeted to one customer who under investigation). The Judge immediately dismissed his concern because the Government stated - in a non-binding, non-policy specific way - that they would only tap one customer.

Comment: Re:Also Disturbing (Score 2) 116

by danheskett (#46770895) Attached to: Lavabit Loses Contempt Appeal

Judges should NOT start being proactive.

I suppose I should have said "in their rulings". Meaning, they should be defacto skeptical of Government claims, and defacto assume that Government shall not be trusted. Currently, they take the Government's claims at face value. I.E. the Government says they wont use any data they are not allowed to, so we trust them. They should be proactive in assuming that the Government lies.

n the US, at least, judges are - per the US constitution - reactive.

Really? Where is that? Article III establishes the Judicary, but does not in any way circumscribe the power of the Courts, or make them reactive in nature. There is nothing even suggesting that a suit must be made - only that the Supreme Court has original jurisdiction.

The entire concept of a reactive, ex-post facto review based Court is entirely based on statue and tradition (Marbury v. Madison et all). There is nothing inherently anti-Constitutional about, for example, the Court being given, by Congress, an ad-hoc review power of any government action. Or a pre-enactment review authority over all legislation.

At very least, allowing judges to be proactive would require a massive rewriting of laws, starting with the constitution and working your way down.

I disagree. Most of it is all stacked precedent and not black letter law.

Comment: Re:A remarkable order. (Score 3, Insightful) 116

by danheskett (#46770139) Attached to: Lavabit Loses Contempt Appeal

The cogent and accurate description of public key cryptography a

Disagree. The "padlock" analogy was garbage. In PKI, anyone cannot simply "lock the padlock" as the author of the ruling states. For any key-set, exactly 1 key can "lock", and exactly 1 key can "unlock". The brief claimed that anyone could come by and lock it, and that's not true. And it's relevant since, as Levinson stated, with the keys, the Government could impersonate his service to any of his 400,000 users.

As we know, they government routinely uses deception. The DEA creates fake histories of evidence and plants it on local law enforcement.

Comment: Also Disturbing (Score 4, Insightful) 116

by danheskett (#46770093) Attached to: Lavabit Loses Contempt Appeal

I think one thing we need to be aware of is that the Court defers to the Government's claim that, once decrypted, the Government will not view anything but the "metadata" of the communication, not it's "content", and not for anyone but the target.

Every legal case, every Court hearing, from here forever, the Government must never be given the benefit of the doubt. Any time they have the capability to abuse that claim, we must assume that they will, and Judges should start factoring that assumption into their discussions. We know, only through illicit disclosures, the government will abuse the legal theories that are plainly written in black letter law (Section 215 for example), and will simply declare that the domestic law doesn't not apply for any number of novel theories outside the review of anyone.

Judges must start being proactive. I think it's fairly clear that Levinson was skeptical that the Government would only target one user, and that the Government would never use any of that data that they were not permitted to have. In that regard, he was 100% right that forcing mass decryption is in fact "a general warrant", the precise protection that the 4th Amendment's specific language was intended for.

The whole affair also shows how badly the Stored Communications Act and the Pen/Trap statue's are drafted and how out of date they are. The Law must finally realize that there is no such thing as "meta-data" anymore. It's a label without meaning. The message is the message, including the routing information. "Content" versus "Meta-data" is a garbage distinction with email. The entire layer 7 message - headers and all, is the content.

Comment: Demonstrates the futility of opposition.. (Score 5, Informative) 116

by danheskett (#46769715) Attached to: Lavabit Loses Contempt Appeal

I think that the ruling and the case demonstrate the futility and the problems with attempting to defend yourself or your clients against the government. It seems clear to me that Lavabit suspected that the order was overbroad, but had no idea what to do about it. The contempt charge was probably inevitable as he searched for a legal basis and representation to do what was quite obviously "the right thing".

The ruling also has a powerful, and sad, commentary on our system of government as it stands today:

"Because of the nature of the underlying criminal investigation, portions of the record, including the target’s identity, are sealed."

We are right back at Star Chambers and secret courts and hidden rulings and anonymous witnesses. We've devolved back to a legal system which is only concerned with secrecy.

Comment: Re:Two things to note (Score 1) 527

by danheskett (#46763203) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

The reason is understandable and explained in the above paragraph - the vast majority of software developers out there are probably not able to contribute meaningfully to a project such as OpenSSL.

You got it big time, right on the nose. The power of Open Source is that it attracts professionals and experts from across the world to contribute. Do we really think that there is a big concentration of the best and most skilled crypto experts in the world all centered around Redmond Washington USA? Money will only go so far. There are likely exploits in Microsoft's SSL stack that are so subtle that their small team of experts are not even aware that they exist. Assuming they were not paid for by the NSA or other agency.

Comment: Re:The bug was found because it was open source.. (Score 1) 527

by danheskett (#46763183) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Agree. OpenBSD and folks like Theo are integral to pushing the world forward on this stuff. You have my point exactly which is it is statistically unlikely that there isn't an SSL exploit, in the wild today, that is undetectable, undisclosed, unknown. We don't even know what we don't know. For all we know, the NSA and Microsoft collobrated to weaken the standard, make an implementation fault, and suppress it from being discovered, patched, and closed. Literally, MS can deny it, the NSA can deny, but it's all based on trust. And trust is a crappy plan.

With OpenSSL, it's not based on only on trust, it's based on verification.

Was I annoyed that I had to spend 2 hours investigating and answering client questions? You betcha. Is it a heck of a lot better than the alternative? It's not even close.

Comment: Re:It doesn't. (Score 1) 527

by danheskett (#46763165) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Right, and I agree. However, for example in case of Heartbleed, I run a fairly sophisticated IDS platform, and do my own random log reviews, and all that, (turns out I was never at risk on any of my networks), but it still didn't turn up evidence of Heartbleed, nor would it even if I was actively exploited.

You do what you can, but it's never enough.

Comment: Re:Appeal to authority is not good enough (Score 1) 582

by Alsee (#46762869) Attached to: Jenny McCarthy: "I Am Not Anti-Vaccine'"

if 100% of vaccines are 100% safe

There is no if. There is no 100%.
"If" is anti-vaxism.
"100%" is antivaxism.

Real world data from a multitude of studies by a multitude of independent professionals show that vaccines are something like a hundred or a thousand times safer than any random food item.
There is no "if" there. There is no "100%" there. Vaccines are safer than food.

ad hominem attacks

Ad hominem means "against the person". More specifically, an ad hominem attack is an argument that someone's statement is false, or should be ignored, because the person is bad.

When the argument is "don't listen to her, she's a nasty ugly bitch", that's ad hominem.

When the argument is "she's repeating stuff that was shown to be fraudulent research, and her claims have been exhaustively proven false, therefore she is wrong" is not ad hominem.

Proving her wrong, and then concluding she's a bad person because she's wrong, is not ad hominem.

Getting angry at her after she is proven wrong is not ad hominem.

Throwing gratuitous insults at her, after she is proven wrong, calling her an ugly bitch or whatever, after she is proven wrong, is not ad hominem. Gratuitous insults certainly add nothing to a debate, BUT THERE'S NO DEBATE HERE. On one side you have data and science and evidence, and on the other side you have an irrational social movement - fear based on a fraud all flying around a rumor mill of conspiracy theories and ignorance. "Don't take your child for their routine medical checkup, I heard the doctor is a pedophile! Don't take your child to any doctor for a routine medical checkup, you don't want to risk that doctor is part of the vast secret pedophile-ring that I hear is running the American Medical Association".

Heck even the huge Wakefield thing was handled like someone who was trying to cover up bad behavior.

Your description of events is rather inaccurate.

Wakefield was being directly paid to do his "research" by a lawyer looking to file a lawsuit against vaccine manufacturers.
Wakefield drew up a business plan, with figures for how many tens of millions of dollars a year could be brought in by marketing a competing vaccine
Wakefield established a contract with the medical school where he was working, requiring them to conceal the source of his funding, prohibiting them from disclosing his involvement with a pharmaceutical company.
Walkfeild established a contract with that pharmaceutical company requiring his involvement to be kept secret - secret specifically until he would be able to cash out on stock options.
Wakefield preformed "research" which, on later investigation, was found to be entirely fraudulent.
In order to publish his research the Journal REQUIRED the disclosure of things like the source of his funding and relevant business plans or involvement with pharmaceutical companies. In order to get his fraudulent study published in the Journal he fraudulently denied the existence of any financial conflicts of interest.
Countless legitimate scientists, a ton of valuable medical research money and research resources, were all WASTED trying to replicate the fraudulent Wakefield paper. It resulted in massive confirmation that the original claims were fictional and that vaccines were extremely safe. And then the specific investigation revealing exactly how Wakefield's original work was fraudulent.

And if things had ended there, all of this would be a pretty insignificant non-story. But things didn't end there.

We got a melting-pot that took on a life of it's own. We got the news media hyping an insignificant "research study" based on an insignificant patient sample, a paper which had not yet been confirmed (and which would turn out to be fraudulent). And in the melting pot we got parents of autistic children DESPERATE for any explanation why their kids have autism. And in the melting pot we got the kooks whom no one usually listens to.... the ones who spin conspiracy theories about vaccinations being some evil government plot... kooks who latched on to vaccine news stories to sound credible while they spew random scary paranoia-generated vax-nonsense into the mix. And then some famous idiot like Jenny McCarthy picks up the banner and tells millions of uninformed parents how scary and dangerous vaccines are while saying how any good parent would eagerly choose measles over autism. Which is a load of crap. It is a completely fraudulent implication that choosing to vaccinate is a choice about autism. It is a fraudulent and DEADLY implication that a parent who vaccinates is a bad parent risking giving their child autism.

What is the pro-vaccine response? To tell people they are stupid murderers

You kinda skipped a few steps in your story. In particular you skipped the step WHERE CHILDREN STARTED DYING.
And we're not even talking about anti-vaxxers killing their own children, which would be bad enough. We're talking about anti-vaxxers killing other people's children. We're talking about actual disease outbreaks among anti-vaxxers, who then infect someone else's 1 month old infant. You can't vaccinate a 1 month old baby, their immune system isn't developed enough yet and the vaccine isn't effective yet. We're talking actual infant corpse, dead of vaccine-preventable-disease. Not to mention any cases resulting in brain damage, deafness, blindness, infertility, or other sever complications.

But, I guess you're right..... it's not literally murder by the legal definition. Perhaps manslaughter would be a more appropriate term? Reckless endangerment and disregard for life resulting in someone's death. I'm only half joking there. There are severe problems with trying to make people criminally liable for something like that, but they sure as hell are morally responsible. People DIE from this antivax bullshit. Antivaxxers are morally culpable for causing deaths or catastrophic injury to innocent bystanders, including other people's vulnerable infants.

There's good reason that smallpox, polio, measles, mumps, and rubella were targeted for world vaccination. We've had a generation of people growing up in a world essentially free of these diseases, and people are blissfully unaware of just how painful, horrific, or fatal the outcome can be for a percentage of the people who contract them.

three shots seperatly

You mean 6 shots. The triple vaccine is 2 shots, giving them separately requires 6 shots.

First, lets just rationally examine the merits of that plan.
We have thirty years record of probably a billion+ people and a gargantuan body of research establishing the triple vaccine is extremely safe and and highly effective. We have only limited study and limited track record on the safety and efficacy of a 6 shot program, and essentially zero basis on the ordering or timing of such a program.

What we do have is an extensive record that vaccination programs suffer skyrocketing failure rates as the number of doctor visits and injections increases. Whether it is due to poverty, apathy, forgetfulness, children begging their parents to avoid the needle, or whatever, vaccinations programs fall into catastrophic collapse because too much of the population fail to reach each increasing doctor visit or injection.

Some children aren't bothered by needles while others escalate the fear and pain to almost traumatic levels, but in any case it's hardly in the child's best interest to subject them to it three times more than necessary.

It's certainly not in the child's best interest to subject them to three times as much pain, three times as much bleeding, three times as much risk of infection from the puncture. And while the risk of adverse reaction is negligible... vastly lower than the risk of adverse reaction of eating a banana or any other food... it's still contrary to the child's interest to multiply the risk of an adverse reaction.

Splitting vaccination into 6 shots leaves the children vulnerable to two-out-of-three diseases during the delay period. (What delay period anyway? A day? A week? A month? 6 months? A year? There's no answer on that because this is all a vacuous hear-say "fix" for an urban legend nonexistent problem.)

The only "other side of the argument" is parents who are going to harm their children out of fear of an urban legend. Given a choice between harming children by not vaccinating them at all, or harming children with an untested regimen involving three times the pain and three times the skin punctures and multiplied risk of adverse reaction, well...... an untested vaccination regimen with a multiplied suffering and multiplied negligible-risk is vastly better than the dangers of going unvaccinated.

As for single vaccines they are around, although it seems that for one of the three diseases the most effective version is only available from Merck and only in the triple vaccine. The others are known to be less effective and aren't approved in all countries. I guess it would be a good thing if Merck offered all three as single vaccines if it would reduce the harm being done by vax-paranoid parents. And if Merck doesn't want to do that, well every country has health-and-public-safety clauses to their intellectual property laws and they could take the extremely extraordinary step of issuing an exemption allowing other companies to manufacture single vaccines. Or counties could just plain invoke health and public safety and make the triple vaccine mandatory, and simply ignore the anti-vax nonsense the same way we ignore the fluoridation paranoid conspiracy theory nutters.

It is like my wife coming home and finding a womans jacket that does not belong to her.

No, someone TOLD your wife that there was a woman's jacket.

And after that person was shown to be LYING about it, your wife just spiraled deeper into paranoid jealousy and started following an internet psychic who tells her details about the (fictional) woman you're sleeping with. And then your wife kidnaps the kids and takes them to hide out in cabin in the woods, refusing to take the kids for regular checkups at the doctor because she's afraid you and the (fictional) woman you're sleeping with are planning to sue for sole custody of the kids.

-

Comment: Also (Score 3, Informative) 527

by danheskett (#46761341) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

I would like to just point out this is a huge win in my book for Debian. Those of us running an all Debian oldstable environment, getting backported security patches, and sticking with the tried and true version of OpenSSL instead of that newfangled 1.0 code release got to write nice letters to our customers saying we still don't use Windows and we were never vulernable.

LONG LIVE OLDSTATBLE.

Comment: Re:It doesn't. (Score 1) 527

by danheskett (#46761313) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

And we know this happens - researchers learn about zero-day exploits in the field everyday. Whats the odds that we learn about all of them? Zero, I'd wager.

People who do really deep audits of a system after a breach know what this is like. When you get that feeling that you are up against something new, or something unreported.

Comment: This was positive (Score 4, Interesting) 527

by danheskett (#46761289) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Heartbleed was positive for the world. The bug was found by code review, twice independently in a short period of days. It was patched rapidly across a hundred different versions and platforms, and now the world is vastly more safe. The system worked exactly as it should.

It is entirely likely that Heartbleed is out there for a closed platform. Or worse. And it's likely that it is being exploited right now by not only our own Government in the US, but our foreign rivals for economic and political gain. And what's worse, there is probably code out there that is defunct, full of Heartbleeds, bleeding exploits into the wild uncontrollably.

The only downside it exposed is that some projects have a lock on what they do. OpenSSL is so good that everyone uses it, and no one is seriously interested in forking it or doing a new implementation.

Comment: Re:Yeah, maybe not now (Score 1) 582

by Alsee (#46751935) Attached to: Jenny McCarthy: "I Am Not Anti-Vaccine'"

It seems there's a portion of the population that will compulsively latch onto hear-say and pseudoscience nonsense and conspiracy theories, no matter what we do. Maybe we should just accept that. Just deal with it and make the best of things.

I've got this totally scientific evidence that autism is caused by the ink in lottery tickets. The ink doesn't affect adults, but the chemicals stick to your fingers. Then when you touch your kids the chemicals get absorbed through their skin and disrupt their developing brains. My kid was perfectly healthy one morning, and at a routine checkup that afternoon my child was diagnosed with autism! And the only thing that happened in between was that I bought lottery tickets and hugged by child! You can't imagine how devastating that is to a parent, unless of course you're a parent who bought a lottery ticket and immediately had their child diagnosed with autism.

Have the so-called "scientists" tested the lottery ticket ink? HELL NO! The government rakes in millions of dollars on lottery tickets! Scientists all want grant money (our money taken in taxes!) to do their research. And is the government going to give them money if the government doesn't like the results of that research! OF COURSE the scientists are going to be biased and tow the government line.

I am not anti-lottery-tickets.
I just want to reduce the ink and reduce the toxins. Lottery tickets are fine when the government proves that that new ink ensures no children will get autism.
If you ask a parent of an autistic child if they want their kid to have autism, or whether they'd choose to pass up on a lousy lottery ticket, well duh they'll pass up on the lousy lottery ticket.

What parent would ever knowingly risk giving their child autism? It's unthinkable! It's just not worth the risk.

-

Comment: Re:George Carlin nailed it (Score 1) 582

by Alsee (#46751729) Attached to: Jenny McCarthy: "I Am Not Anti-Vaccine'"

Now will somebody please explain to me why people shouldn't listen to this particular celebrity but we should all listen to and shout hosannas to the rogue's gallery of celebrities James Cameron got to spout off in his global warming movie.

Because the percentage of scientists who say anti-vax is nonsense is within a rounding error of 100%,
and because the percentage of scientists who say global warming is real and serious is within a rounding error of 100%.

(Not that I know jack squat about James Cameron's movie, but the question was why one celebrity voice would be credible while another would not be. A celebrity who doesn't speak French, but who accurately recites a French dictionary, is backed by the full credibility of that dictionary.)

-

nohup rm -fr /&

Working...