Forgot your password?
typodupeerror
The Courts

Journal: Federal judges order California to release 43,000 inmates 1

Journal by visible.frylock
http://www.latimes.com/news/local/la-me-prisons5-2009aug05,0,4339337,full.story

That just about says it all, I don't have too much to add.

Normally, I don't really give much weight to judges ruling in favor of the comfort of prisons, but those rows of beds look a little too Mao-ish for me.

Completely OT:
JHC, /. needs bbcode or something. Just because I want to put links (I know, high tech stuff right?) into a post, doesn't mean I want to go to the trouble of manually separating paragraphs with <p> or <br/>. Apparently it works differently for writing journals than for writing comments.
It's funny.  Laugh.

Journal: /.'s blashphemy story, who's laughing last?

Journal by visible.frylock

After the crapstorm that was the comments from this story, with atheist v agnostic starting only 3 comments deep, who do you think is laughing last?

I think it's this guy.

And the Irish government, of course, restricting free speech on the grounds of blasphemy. They didn't even need kiddie pr0n, muslims, or cyber-rudeness. They got away with it using blasphemy.

One thing "agnostics" and "atheists" should be able to agree on: that pic of the cross carved in stone is sublimely cool.

User Journal

Journal: Commercial real estate 2

Journal by visible.frylock

Remember thinking to yourself, over the last few years, that all the new restaraunts and strip malls in suburbia must have been unsustainable?

Well, you weren't crazy, and it wasn't just you.

FTA:

As the financial system tries to right itself after its near-collapse last fall, the Treasury Department has assembled a team to examine what could yet bring it down and has identified several trouble spots that could threaten the still-fragile lending industry.
 
Informally known as Plan C, the internal project is focused on vexing problems such as the distressed commercial real estate markets, the high rate of delinquencies among homeowners, and the struggles of community and regional banks, said government sources familiar with the effort.
 
Part of the mission is assessing which firms are the most vulnerable and trying to decipher what assets these companies hold and whether they pose a danger to the wider financial system. Plan C is a small-scale, relatively informal approach to a problem the administration hopes to address in the long term by empowering the Federal Reserve to oversee systemic risk.

The cynic in me says that this will just be more big banks cannibalizing smaller ones, overseen by our benevolent overlords, of course.

Thousands of these institutions wrote billions of dollars in mortgages on strip malls, doctors offices and drive-through restaurants. These commercial loans required a lot of scrutiny and a leap of faith, and, for much of the decade, the smaller banks that leapt were rewarded with outsize profits.
 
In doing so, many took on bigger and bigger risks. By the beginning of the recession in December 2007, the median midsize bank held commercial real estate loans worth 3.55 times its capital cushion -- its reserve against unexpected losses -- according to the Federal Deposit Insurance Corp.

I'm sure some people would cry "Regulation!" here, but if we would just control M0 (and by extension M1, M2, and M3) a lot better from the government's end, this easy credit problem probably would have been fixed. Banks can't gamble with what they don't have.

While I'm definitely not against all regulations in every form, it seems that trying to regulate a bank from the liabilities side is just swimming upstream. Instead of trying to show how much a bank is really on the hook for, subject to certain market conditions, and trying to get a detailed sense of the cash flow of every damn institution in the FRB, why don't we just cut the problem off at the source, the Treasury's presses, and the Fed's authority to turn them on?

User Journal

Journal: gog's catalog is growing

Journal by visible.frylock

This is a shameless plug, but I have no interest in this other than wanting to see a DRM-free game store get more support.

The catalog over at gog.com is growing. They've started to get some more modern era games. Two recent examples are Far Cry and ut2004.

They also have a space based rts, Haegemonia, which looks cool.

TOCA racing 3 is for sale now, but is going down by Saturday.

The games are drm free, you can download them to your heart's content, and they're reasonably priced. I'm hoping more people will shop there so that it can become a viable, drm free alternative to steam and piracy.

User Journal

Journal: Highlights from proposed cybersecurity bill 2

Journal by visible.frylock

This entry is in response to recent story about the tentative Cybersecurity Act of 2009 (PDF). Rather than having it buried below all the comments, I thought I'd just put it here.

There really is quite a bit in this, related to both freedom as well as more practical security aspects. It includes security standards, exploit defenition languages, security professional licensing, DNSSEC, IANA, government software acquisition, and of course the President's shutdown authority which everyone has been commenting about. You should really read the bill for yourself.

NIST and security responsibilities (pg 17) In section 6, NIST is given responsibility to develop security metrics, measuring the risk from a "prioritized list of software weaknesses known to lead to exploited and exploitable vulnerabilities" (including embedded, or so they say). Section 6 goes on:

(4) SOFTWARE CONFIGURATION SPECIFICATION LANGUAGE
The Institute shall, establish standard
computer-readable language for completely speci-
fying the configuration of software on computer sys-
tems widely used in the Federal government, by gov-
ernment contractors and grantees, and in private
sector owned critical infrastructure information sys-
tems and networks.
(5) STANDARD SOFTWARE CONFIGURATION
The Institute shall establish standard configurations
consisting of security settings for operating system
software and software utilities widely used in the
Federal government, by government contractors and
grantees, and in private sector owned critical infra-
structure information systems and networks.
(6) VULNERABILITY SPECIFICATION LANGUAGE
The Institute shall establish standard com-
puter-readable language for specifying vulnerabilities
in software to enable software vendors to commu-
nicate vulnerability data to software users in real
time.
(7) NATIONAL COMPLIANCE STANDARDS FOR ALL SOFTWARE
(A) Protocol.?The Institute shall establish
a standard testing and accreditation protocol
for software built by or for the Federal govern-
ment, its contractors, and grantees, and private
sector owned critical infrastructure information
systems and networks [......]

Licensing for security professionals contracting to the federal government (pg 21)

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL
Within 1 year after the date of
enactment of this Act, the Secretary of Commerce shall
develop or coordinate and integrate a national licensing,
certification, and periodic recertification program for cy-
bersecurity professionals.
(b) MANDATORY LICENSING
Beginning 3 years
after the date of enactment of this Act, it shall be unlawful
for any individual to engage in business in the United
States, or to be employed in the United States, as a pro-
vider of cybersecurity services to any Federal agency or
an information system or network designated by the Presi-
dent, or the President?s designee, as a critical infrastruc-
ture information system or network, who is not licensed
and certified under the program.

IANA (pg 22)

SEC. 8. REVIEW OF NTIA DOMAIN NAME CONTRACTS.
(a) IN GENERAL
No action by the Assistant Sec-
retary of Commerce for Communications and Information
after the date of enactment of this Act with respect to
the renewal or modification of a contract related to the
operation of the Internet Assigned Numbers Authority,
shall be final until the Advisory Panel?
(1) has reviewed the action;
(2) considered the commercial and national se-
curity implications of the action; and
(3) approved the action.
[......]

DNSSEC (pg 23)

SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM.
(a) IN GENERAL
Within 3 years after the date of
enactment of this Act, the Assistant Secretary of Com-
merce for Communications and Information shall develop
a strategy to implement a secure domain name addressing
system.
[......]

PUBLIC-PRIVATE CLEARINGHOUSE (pg 39)

SEC. 14. PUBLIC-PRIVATE CLEARINGHOUSE.
(a) DESIGNATION
The Department of Commerce
shall serve as the clearinghouse of cybersecurity threat
and vulnerability information to Federal government and
private sector owned critical infrastructure information
systems and networks.
(b) FUNCTIONS
The Secretary of Commerce
(1) shall have access to all relevant data con-
cerning such networks without regard to any provi-
sion of law, regulation, rule, or policy restricting
such access;
[....]

President's authority (pg 43)

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President
(1) within 1 year after the date of enactment
of this Act, shall develop and implement a com-
prehensive national cybersecurity strategy, which
shall include

[....]

(2) may declare a cybersecurity emergency and
order the limitation or shutdown of Internet traffic
to and from any compromised Federal government
or United States critical infrastructure information
system or network;
[....]

(Non) Definition of critical infrastructure network (pg 50)

(3) FEDERAL GOVERNMENT AND UNITED STATES CRITICAL INFRASTRUCTURE INFORMATION SYSTEMS AND NETWORKS
The term Federal gov-
ernment and United States critical infrastructure in-
formation systems and networks includes
(A) Federal Government information sys-
tems and networks; and
(B) State, local, and nongovernmental in-
formation systems and networks in the United
States designated by the President as critical
infrastructure information systems and net-
works.

FEDERAL SECURE PRODUCTS AND SERVICES ACQUISITIONS BOARD (pg 49)

SEC. 22. FEDERAL SECURE PRODUCTS AND SERVICES ACQUISITIONS BOARD.
(a) ESTABLISHMENT
There is established a Secure
Products and Services Acquisitions Board. The Board
shall be responsible for cybersecurity review and approval
of high value products and services acquisition and, in co-
ordination with the National Institute of Standards and
Technology, for the establishment of appropriate stand-
ards for the validation of software to be acquired by the
Federal government.
[.....]

User Journal

Journal: ron paul, obama, churches, and the internet 2

Journal by visible.frylock

I found something interesting in one of Ron Paul's statements. That's probably not a permalink, btw, sorry, wish he used better software.

He's talking about the executive order by President Obama dealing with faith-based initiatives. I've seen this in the news, but apparently NARA is late to the game, because they still haven't posted the text, as of this writing.

This was the part I found interesting:

The logic behind funding faith-based initiatives seemed reasonable to some. Private organizations are much more effective in charitable endeavors than government programs and bureaucracies. Therefore, why not "outsource" some of the government's welfare-state activities to these worthy organizations? [...] But now, dependencies on federal money have been set, operations have been expanded accordingly, and many charities are waiting breathlessly for the administration to tell them what new conditions they will have to meet.

I agree with this logic overall, and thus see any faith-based office as a pretty bad idea. In fact, I'll take it a few steps further and say that not only should we not be funding faith-based programs, we also shouldn't have any tax exemptions for any organizations. Church,non-profit, or whatever they may be. This allows us to avoid the sticky situation in the first place.

But now to the point of my post. I think this line of reasoning has implications for internet policy also. On the one hand, we could say that having an internet infrastructure run by the government would be superior to one run by quasi-private, regulated monopolies (which is, TMK, almost exclusively what we have here in the US). Points in favor of this are that a government-run network lacks profit motive, and thus the anal raping might not be as bad as with the monopolies. Examples of current infrastructure done this way are roads, I believe some rail lines (don't know about inter-city, but I believe all intra-city subways in the US are government owned and operated), the water system in many places in the US, and I believe in some areas, even the electrical grid.

More on that in a bit, but let's look at some of the points against this. The monopolies might be money grubbing bastards, but they're not stupid money grubbing bastards. They know that any filtering/censorship with fine granularity is expensive. Thus, they have a built-in resistance to filtering, which works in our favor. A government-operated network would not likely have this resistance, unless of course they had actual, reasonable budget constraints to work within (this will not be the case in the US anytime soon).

So what our are choices? A potentially less expensive, more performant broadband, but more filtered/censored/controlled? Or do we continue the monthly anal-raping, and depend on the greed of the rapists to resist the government's urge to control (before they finally give in, and just pass the cost along to us anyway)?

Neither of these are good choices, unfortunately. Probably the best thing for us to do right now is recognize that anything we would do to significantly alter the structure of the internet would only make it much worse. Some people might see that as "defeatist" (I hate the word, but can't think of a better one), but it's the only practical solution I can think of that preserves what we already have.

I wanted to bring up this Ron Paul piece to highlight things that I see missing in the debate in all of the broadband stories recently.

I love American logic. We interpet the no establishment of religion clause to mean that government can make no law concerning religion in any shape, form, or fashion. Thus, churches can't be taxed, or so the logic goes. But who decides what a church is, so that they can get their tax-exempt status? Well, the government, of course! Which is, de facto, a governmental establishment of religion. This is a classic example of American thinking: We get some pretty damn good advice from our Constitution, we coopt the language in it to dodge our taxes, and ultimately we completely contradict the meaning of the Constitution and end up doing the exact thing that it said we should never, ever do.

But in the same way as government has the tendency to reach it's tentacles into religion via these braindead policies, this same process also applies to government involvement, whether directly, legislatively, or regulatory, into the internet. Yes, I hate the cableco's and telco's just as much as anyone, and if there is a god, and he is just, then telco execs will spend eternity in hell on the phone with the cableco's customer support, and vice versa. But we need to remember that, as much as the monopolies want to rape your wallet, the government, if it thought it could get away with it, would rape freedom of speech, press, religion, freedom of thought, freedom to tinker, and any other freedom you may think you have online.

I'm not getting into which one is worse, I won't even venture a guess. What's worse, a kick ass net that no one can afford, or a free digital cable propaganda line piped into your x86? I'm saying that maybe we need cool it on advocacy for making any changes, because, if we actually get any changes, we probably won't like it. Yes, I think it sucks too.

I've done quite a bit of thinking about this problem, and there is one thing I'd like to share. One of the differences between water/sewage, electrical, roads, as opposed to the net and the postal service, is that the former are commonly considered dumb pipes, while the latter are by and large not. If someone says that we should not treat our running water like a dumb pipe, people would rightly call him an idiot. But, everyday, many people are saying that the net is too dangerous to be treated as a dumb pipe. Until this perception is changed in the minds of Americans, we will not be ready to make any significant changes to the internet. IOW, we're screwed.

You are in a maze of little twisting passages, all different.

Working...