deleted

Recently a set of six senators have proposed a Constitutional Amendment to overturn the controversial Supreme Court case of Citizens United v. FEC which held that corporations were allowed to make unlimited expenditures with regard to elections provided that those were independent expenditures, not coordinated with candidates.

The Citizens United case overturned two previous Supreme Court cases, McConnel v. FEC (which was a case the court evidently had trouble drawing lines over given the fact that 9 justices produced 8 opinions, and pieces of four of the opinions commanded a majority of the court), and Austin v. Michigan Chamber of Commerce. Some First Amendment scholars from across the political spectrum have hailed the decision. For example Eugene Volokh, a Republican, has generally felt this was an important protection of Constitutional liberties, and the ACLU played an important role in filing amicus briefs in favor of Citizens United, and has been very much in favor of the decision. Others have seen it as an open invitation to Corporations to meddle in politics.

Before we get into the Constitutional Amendment and why everyone, on both sides of this issue, should be opposed to it, it's worth noting that the questions of first amendment law in election finance cases seeks to balance two competing interests. The first is to ensure that the people can write and publish on political topics surrounding an election, and the second is to ensure the integrity of the elections. Citizens United draws this line by saying that independent expenditures are different from coordinated expenditures (5-4 holding, but the dissent didn't offer an alternative except to wait for another case), and that disclosure laws were entirely Constitutional (8-1 holding). The fundamental problem is that while money is not speech, regulating how people can spend money in order to express themselves regulates a lot of speech. The court correctly noted that the Constitution didn't differentiate between, say, the New York Times and, say, Merke, and therefore, couldn't grant the government the ability to ban Merke from buying television ads without banning the New York Times' right to print editorials in favor or opposed to candidates.

Indeed the concern over freedom of the press was at the core of Citizens United. Surely when Alito asked S. G. Malcolm Stewart if the government could Constitutionally ban books, he had no idea that the only answer S. G. Stewart could give would be "yes" (an answer repeated by S. G. Kagan at rehearing, see the same link above for all oral argument), and hence a question probably intended to address an issue of statutory interpretation set the stage for a Constitutional showdown. To be fair, both Stewart and Kagan tried very hard to avoid giving that answer but both were unable to come up with any alternative that would save the law as written, because the Supreme Court tends to err more on the side of facial challenges (striking down laws) than as-applied challenges (mandating exceptions) when it comes to freedom of expression. The dissent felt the correct decision was to say, in essence, "we don't have sufficient record to make this decision. Declare it as moot and let them bring another case to us through the courts."

Citizens United was hailed as a major First Amendment victory by the ACLU, and many other organizations which work on First Amendment issues, and by major First Amendment scholars such as Eugene Volokh. However, many others have seen it as a doorway to corporate tampering with our elections.

However, for any controversy, there are solutions that are far worse than the cure. This is one of them. The relevant portion of the proposed Amendment is:

SECTION1. Congress shall have power to regulate the raising and spending of money and in kind equivalents with respect to Federal elections, including through setting limits onâ" ...
(2) the amount of expenditures that may be made by, in support of, or in opposition to such candidates.

The omitted paragraph 1 allows the government to regulate gifts and donations to candidates, something already within the power of the government. Section 2 grants identical powers to the states.

Now, it's important to note what is covered under Section 1 paragraph 2. In essence any money spent communicating a message on an election for or against a candidate in any way falls under government power. Presumably this could include purchasing gas to go to a rally, publishing pamphlets, buying Obama's books to give to undecided friends in 2012..... These are all independent expenditures and could fall under government regulation under such an amendment. And nowhere in the amendment does the word 'corporation' appear.

In essence the proposed amendment is that we trust to Congress the ability to arbitrarily limit the freedom of the press not only by corporations but also by natural persons. Such an amendment would prevent a first amendment challenge to some laws already on the books (say, a foreigner here on a student visa publishes a blog posting on a site that he/she pays for hosting on opposing an anti-immigrant candidate. This is already against the text of campaign finance law, but would probably allow either an as-applied or facial challenge to the law even before Citizens United but that would be taken away).

This proposed Constitutional Amendment then goes well beyond repealing Citizens United in that it takes away Constitutional protections that each of us enjoy.

Now, the subject of independent expenditures is a controversial one. However, given that only defenders of Citizens United have offered any data defending their side, I am forced to at least tentatively conclude that the ACLU is right on this one. However for the purpose of the rest of this post, I will assume that this is a serious problem and offer recommendations for changing this proposed amendment so that it does not strip us all of fundamental Constitutional rights.

If the problem is a concentration of power over spending in our elections, it seems to me unwise to further concentrate that power in the hands of the state. Instead it would seem to me that granting power to Congress to curb the worst abuses only, while preserving the power of the common man would be preferable. In this case, if the problem is specifically corporate spending, then allow Congress to limit Expenditures, not part of profit-making goods and services offered at standard prices, on the parts of for-profit corporations only. This would be sufficiently broad enough to ban Corporate donations to Citizens United and the ACLU, but not sufficiently broad to regulate what fliers and pamphlets you or I can print to distribute. It would allow Congress to prevent Corporations from offering special discounts for such material, but would not prevent them from offering standard discounts (such as volume discounts available to everyone else).

In the end, it's easy to get whipped up into a frenzy and believe that because we must do something that this must be done. This is unfortunately common. We see on the other side of our politics, amendments to state Constitutions which forbid state judges from using foreign laws to inform decisions, forgetting that in international contracts or other cases where conflict of laws issues may come up, these foreign laws are extremely relevant to the cases. Like this present proposal, the problem is with being overbroad, and therefore causing a great deal of harm to our basic freedoms in the name of solving problems.

Every American should be opposed to this amendment. Those who oppose Citizens United and seek to overturn it should insist that the amendment to do so be narrow. Those who support it should listen to the others but make sure their concerns are addressed.

LedgerSMB 1.3.0 was released today after several years of development (perhaps nearly joining the ranks of Perl 6 and Duke Nukem Forever). The release offers a number of compelling features, such as separation of duties, far improved payment handling, better cash reconciliation and the like. But what makes LedgerSMB 1.3.0 cool is how we are pushing the envelope technically and attempting to provide a framework for quickly building new programs which re-use our application's functionality.

Simply put, the cool approach we are taking is in making stored procedures discoverable, much like web services. This is done by assigning semantic meaning to argument names, and then using a mapping function to pull argument names from the system catalogs, mapping these to object properties. This offers many of the benefits of web services, such as offering a looser coupling between database and application layers than is traditional, and it facilitates the development of add-ons or even other applications which re-use LedgerSMB functionality.

One key element to making this work is the principle that the database in such an environment should be the centerpiece of the computing environment rather than the bottom tier of a multi-tier architecture. Thus every application user is a database user, the database itself enforces permissions, and can act not only as a data store but also a message queue, possibly routing data to other applications (via queue tables and PostgreSQL's LISTEN/NOTIFY framework). In essence the database does everything that could be done with set functions.

Of course the database doesn't do everything. We don't hand it raw http query strings, or have it output HTML documents assembled from data inside the database. This is the job of the application layer, which is to manage the interaction with the human component. Separating this role off, then allows for more diversity in usage in the future. We are thus no longer tied to a web interface for the long-run, and could allow other client apps to be built on our software in the mean time, all sharing a common security and data logic framework.

In this regard, PostgreSQL takes on traditional middleware roles in LedgerSMB from 1.3 onward. This isn't to say it is an application server in the classical sense, but rather that it takes on many roles of application servers. We've found this approach to be quite scalable because hand-tuned SQL generally performs better (and is easier to troubleshoot) than ORM-generated SQL statements, and yet of course much business logic is not in the db server at all but rather in the application which provides the interface between the db server and the user interface, whatever that may be.

Work has already begun on 1.4 to take this approach to an even higher level, as we re-engineer the financial logic to make use of this approach.

Remember the bridge in Newport? I think we both agreed it's like a highway to heaven, a gate to paradise. It's so worthwhile, the waiting for your realisation, the awakening of you, I know it and know it so much now. On halfway, there were tears flooding my pillow, music played a thousand times. Then I knew Loving also makes you strong.

Now, I know you are there, waiting for me, going home. I let the virus invade my body. In the feverish sleep, I fell into a million parts, each of them grew into a full moon, hanging above, yearning for your love, and loving you.

Allow me to crash
to be sick
to be weak

I was reborn / will be reborn every day, if your love stretches out, from far to near.

Love me as much as you can
more than you can

Yours,

I'm digging G+ more and more. Feel free to add me to your whatever circles. I have a "/.ers" circle.

my g+ profile

I did have teh lulz...

Slayer goes to church

In the last week or two links to external sites on Slashdot generally don't seem to work unless I click several times. This only appears to happen on Firefox... Chrome is unaffected. I haven't tried IE, Safari, or any other browser. Finally fed up with it, I decided to look through the javascript to see if there was anything funky going on. Looks like there's a script being included from leads.demandbase.com that defines some kind of click tracker. Here's a snippet:

• else if(a[i].className.match(/clicky_log_outbound/i)){clicky.add_event(a[i],"mousedown",clicky.outbound);}else{clicky.add_event(a[i],"mousedown",clicky.click);

So if you find you've oddly had to click a few times to RTFA, it's not your mouse button dying. Open up adblock and disable everything from leads.demandbase.com and it will be fixed. Links clicked once in Firefox will properly load as they used to. Thanks Slashdot for using an external company for tracking my click behavior. Though perhaps implementing this poorly is Taco's way of giving us a heads-up. Much like the "Idle" section, his overlords may have mandated the addition of this awesomeness to the site and by making it break it alerts us to what we need to block. In which case, a non-sarcastic thanks is due.

I also found this wonderful gem:

• function pageload_done( $, console, maybe ){
          pageload.after_readycode = (new Date).getTime();
          pageload.content_ready_time = pageload.content_ready - pageload.before_content;
          pageload.script_ready_time = pageload.after_readycode - pageload.content_ready;
          pageload.ready_time = pageload.after_readycode - pageload.before_content; // Only report 1% of cases.
          maybe || (Math.random()>0.01) || $.ajax({ data: {
                  op: 'page_profile',
                  pagemark: pageload.pagemark,
                  dom: pageload.content_ready_time,
                  js: pageload.script_ready_time
          } });
  }

Unless my javascript is really rusty, won't this report 99% of cases?

Anyway, pass this information on so everyone can RTFA without the hassle.

Permission is hereby granted to distribute modified or unmodified copies of this content far and wide. I, the author, do request though do not require that the link to the New York Times story is preserved in any redistribution, however.

(Copyright (c) 2010, Chris Travers)

The New York Times has reported today that the Obama Administration is seeking legislation to require backdoors into encryption software that could be used for wiretapping. I believe this is deeply problematic for both technical and social reasons, but the technical reasons are probably the worst. Because this area is not well covered in the existing articles, I figure it's worth giving a quick primer here.

  Types of Encryption

The simplest form of encryption is what's called symmetric encryption. It comes in various forms, some simpler than others, but the basic process is conceptually simple. Two parties share a secret. One party takes the message and encodes that message with the shared secret, and the other party decodes it using that same shared secret. This encryption is reversible and the key is the same on both sides.

A trivial example might include what we think of as ROT-13 (used for obfuscation) where every letter is rotated 13 places forward. So "this is a sample message" becomes "guvf vf n fnzcyr zrffntr." Of course such a cypher is easily broken, but there are very good quality symmetric cyphers available, such as AES.

The real problem with symmetric cyphers is that they require that both sides knows the same key before encrypted communication begins. If you are communicating with a lot of third parties, you would find you'd either have to publish the key (making sure everyone else could decrypt the same messages!) or find some way of getting the keys to the other parties in advance. This obviously renders this form of encryption useless for initiating secure communications with individuals one has never met.

To solve this problem, public key encryption was designed. Public key encryption uses two keys, called a public key and a private key. Knowledge of the public key is not sufficient to derive the private key through any sort of feasible process, and these keys are usually very long (AES may be 256 or even 512 bits long, but public/private key pairs are often 1024, 2048, or 4096 bits long per key), making brute force even harder (since the public key is expected to be publicly available).

The public key is then published and the private key is retained. A user can then look up a public key, encrypt a message with it, and only the holder of the private key can decrypt it. Similarly a private key holder can sign a cryptographic hash of a message and anyone with the public key can validate this "digital signature." (A cryptographic hash is another form of encryption with is one-way, and is used in document validation, tamper-proofing, and password checking.)

Public key encryption depends on the idea that ONLY the appropriate party has the private key. When you make a secure purchase on, say, Amazon.com, Amazon sends you their public key, and you and them use this to negotiate a symmetric cypher (probably using AES or RC4). In this way you know the key was properly exchanged and eavesdropping on this sale by criminals is not possible. When you enter your credit card data is not intercepted by criminals. Protection of the private key is very, very important to this process, but even knowing the private key does not enable you to eavesdrop on a conversation in process since that's done with a symmetric cypher.

SSL, PGP, IPSec Opportunistic Encryption, and related technologies all use asymmetric encryption, but the differences tend to be in how keys are published and who is vouching for them. SSL is designed so that you know who you are talking to because a third party (like Verisign) is vouching for the identity of the server.

Problems with Backdoors in Public Key Encryption

To effectively wiretap public-key-based communications, you have to have access to the private key, or you have to tap them post-decryption. Tapping post-decryption works fine in some contexts, such as what you are purchasing at Amazon.com. However, it does not properly work when trying to capture the content of encrypted emails, since these are usually encoded with the recipient's private key. Communications encrypted in this way are not generally vulnerable to interception in the middle. Moreover, communication itself could include encrypted files as attachments and such which could be handled entirely outside the flow of the program (I can encrypt a file and then attach it and my email program doesn't care if it is encrypted).

There isn't a real way to retrofit peer to peer communications programs to allow this sort of interception without compromising the core of how encryption works. A company may maintain their own certificate authority and use it to publish keys for internal company communications. A person taking a company laptop home may then use those certificates to encrypt emails. There is no way to intercept the content of these communications without requiring that the company keep copies of all private keys, thus compromising their own security. Similarly, if I email out an OpenPGP key or an OpenSSH key, these are not sufficient to wiretap the communications that would be encrypted using those keys. The only way out would be to require the makers of the software to include a facility sending the private key to some sort of escrow service which could then provide the key to law enforcement, but this compromises the basic integrity of the software, and any attempt on open source programs could be easily circumvented.

Consequently, this doesn't actually affect the sorts of technologies an organized crime ring is likely to use. Instead it makes each of us more vulnerable to government spying, and it makes key data, such as credit card data, far more accessible to criminals.

Such a law would thus benefit organized crime at the expense of the average consumer. It's an unbelievably bad idea no matter how you look at it.

But only after "socio-economic parity" has been achieved.....

Six Brits arrested for burning Qurans

It's amazing how people try to rationalize away the phrase "I could care less", much in the same way that Star Wars apologists try to rationalize the use of parsecs when talking about the Kessel Run. Maybe there are black holes to navigate around, and minimizing the distance is the sign of a good pilot, or maybe this, or maybe that... or maybe George Lucas just made a mistake, you know?

So when it comes to people rationalizing away "I could care less" as being some nonchalant way of saying "yeah, I could but I'm not going to bother" I just don't buy it. It's a misquote of the perfectly unambiguous phrase "I couldn't care less". So when I stumbled across a rationalization of that, my mind wandered upon what I think is a pretty damned good analogy of why it doesn't make sense: I could eat more.

Many commentators seem to believe that the Tea Party represents a net minus for the GOP because of the split between them and the existing establishment. This criticism seems oddly familiar to me. Many people predicted that the drawn out fight between Hillary and Obama would be the death of the Democrats in 2008. As it turned out, that extended fight kept them in the news for months and built up the ground networks that helped Obama carry the day in states that normally be out of reach for a Democrat. Take Indiana, where Obama carried the state by ~28k votes. Does that happen without the ground operation built for the primary and the name recognition/publicity gained from it? Impossible to say, but I think it's clear that the intra-party squabbling was a net positive for the Democrats in the end.

It seems likely to me that the Tea Party will have the same impact on the GOP. They may well prove to be a net minus in selected races (Delaware) but the enthusiasm they've generated and the new people they've brought into the political process will more than balance that out come November.

Worked the NYS primary election today. We had higher turnout for this mid-term primary than I've ever seen -- more than we did for the Presidential Primary in 2008. I'm only one poll worker in a single district but I've never seen this kind of enthusiasm for a primary before. We had 44% turnout for our GOP voters and 30% for the Democrats.

Paladino looks to have crushed Rick Lazio. I called this race at 10pm -- Paladino ran up a much higher margin (93% in Erie and Niagara counties, all districts reporting) with his base than Lazio did with his (60-65% in Suffolk and Nassau counties, 60% of districts reporting) . Paladino beat Lazio in some downstate counties (Dutchess and Orange) that should have been more familiar with Lazio. He looks to have edged him out with 50-55% of the vote in most other upstate counties, though we'll have to wait for tomorrow for the final numbers.

With this kind of turn out for a primary I'm betting that November is going to be huge. It wouldn't surprise me if we beat our numbers for 2008 -- we had a 60% turnout that year.

I have had a great laugh doing some research online (various sites) to try to figure out why this year's whooping cough epidemic is happening in California. It is amazing the amount of misinformation I have found. Pro-vaccine people are blaming it on anti-vaccine people (false, see below), and Anti-vaccine people are blaming it on the vaccine (also wrong). Some people are even blaming it on illegal immigration. As best as I can tell this is because the whooping cough vaccine is different from the vaccines of, say, Polio or Measles, and people try desperately hard to fit it into their agenda even when it doesn't fit. In my reading I have learned a lot about a type of vaccines I never really paid attention to. I figure it's time to set everyone straight.

The NPR article above is particularly laughable (really, NPR does enough good reporting they should know better) because they say whooping cough was once "wiped out." Not so, says the CDC.

Most vaccines against serious illnesses are called "live attenuated virus" vaccines. These include MMR and Polio, and and basically the idea is you give the body a weak version of the virus so it develops an immune response against a stronger version. Usually with appropriate doses, these provide permanent immunity, but there are rare cases where the virus can revert, so it is possible to get full-blown measles from the MMR vaccine, though once again this is rare. These are the vaccines which produce herd immunity.

It turns out that whooping cough vaccine is a different kind of vaccine altogether and in fact individuals are not actually vaccinated against the bacteria that cause the disease at all. Instead, the vaccine is against a toxin that is excreted by the bacteria, and that toxin, called an exotoxin, is what causes respiratory damage. The theory is that this way if you get the illness, your body will have a head start at damage control (by attacking and neutralizing the exotoxin) and so you won't get very sick. So the vaccine is a dose of denatured bacterial exotoxins, called toxoids, that your body can develop antibodies to. Other toxoid vaccines include tetanus and diphtheria. While it is possible to be allergic to an acellular toxoid vaccine like this one, it is entirely impossible to get the disease from it because there are no live (or even dead) microbes in the vaccine itself. Whooping cough, or pertussis, vaccine is usually given with diphtheria and tetanus toxoid vaccines together either as a DTaP or a Tdap depending on age of the individual, but adult vaccinations are rare.

One interesting feature about toxoid vaccines is that they don't actually provide direct immunity against the disease at all because the targets of antibody production aren't on the envelope of the microbe. Instead they work by reducing the severity (and length) of the illness. In short, they don't keep you from getting sick. They just keep you from getting extremely sick. Consequently most people reading this could still get diphtheria this winter, or whooping cough, and could even spread it, but you probably wouldn't know you were carrying a serious illness. In short these vaccines provide absolutely no herd immunity at all, though they may provide some epidemiological benefits in terms of reducing the number of individuals infected by a single person (the downside of course is that it makes diagnosis and monitoring much harder--- we simply don't have any idea, for example, how many minor cases of whooping cough or diphtheria actually occur every year. We just know they don't get sick enough to be diagnosed).

Yet the news media and many "experts" still talk about herd immunity from this vaccine. Indeed while the CDC recommends adults be vaccinated, they state clearly that herd immunity is not a direct factor and that it's not a simple choice.

And while it is not believed that whooping cough has an asymptomatic carrier state, diphtheria is shown to have one, particularly in vaccinated adults. (One possibility worth considering is that asymptomatic means just that, so even mild symptoms, such as those resembling the common cold could be a symptomatic carrier state.)

So the picture that emerges is that whooping cough vaccine prevents death and long, tiring illnesses in children, but doesn't stop the bug from circulating. So it's probably a good thing for kids to have. However, whooping cough is also very much out of control and not just this year, as the CDC admits.

Furthermore I have come to realize that a few times in the last decade I've gotten this cough which lasts a few weeks and then mostly goes away, except for periodic, very heavy coughing, and with no symptoms in between. In these cases, sometimes I have been diagnosed with asthma but the inhalers don't seem to help much (so I go back to using an herbal remedy which seems to work very well, but it is rather non-standard). This lasts a few more months, and then goes away. My current thinking is that my son probably picked up whooping cough at school and I picked it up from him. Since he was vaccinated, he only seemed to have the common cold, but I got something a bit worse.

This specific vaccine isn't about herd immunity, but rather reducing the severity of a serious childhood illness. It doesn't contain microbes, live or otherwise, and while it may reduce the spread of the illness there isn't sufficient data to know the extent of this. This particular vaccine is almost certainly worth giving to most kids. However, there is no benefit that non-vaccinated individuals get from those who are vaccinated in this case.

Whooping cough cycles come and go every few years. This is no different. While hospitalizations may be preventable with the vaccine, it's spread is probably not.