Posts by tom dial 2187 publicly visible posts • joined 16 Jan 2011
Apple was not asked to create a "skeleton key." They were asked to develop and implement a breach specific to the Farook iPhone, identified by both IMEI and serial number if I recall correctly, and required that it not be usable on any other device. There is no way to read the original court order to imply that it asked for anything remotely resembling a "universal skeleton key (like the TSA locks on luggage)."
Presumably the uniqueness of the solution Apple might have developed would involve them incorporating the iPhone's unique ID information in the software and signing it using the same method they use normally for signing. The software would, of course, be convertible to a universal breach tool, at least for the particular model, if Apple's software signing key were leaked. But such a leak would likely enough let any or all of quite a large number of people develop their own break-in software, independent of what Apple might have produced if they had cooperated with the FBI.
IAANAL. However, it is my recollection from the late and much lamented Groklaw that changing the names, in a software copyright case is immaterial; that a sufficiently close "structure, sequence, and organization" match of the code samples determine infringement. It is not clear whether sorting the API entry points in the include file would get you any further from infringement.
This cannot be anything but very bad if it is allowed to stand.
The basic violation of human rights, so called, would be publication of an arrest, or charge, as news. Yet as far as I have seen nobody advocated for that information to be withdrawn by the publisher, something that for print is nearly impossible and in the US cannot be imposed by the government.
The demand is to make the report, presumably a true one in most cases, harder to find.
It really should not be hard. Two click boxes for the Google (and Yahoo!, etc.) start pages:
#1: Allow this time, once only.
#2: Allow now and in future until cancelled (e. g.) by blanking the prefilled box)
That, and a link to the full text description of what data are collected and how long they are retained.
The whole thing shouldn't clutter it up too much.
The first amendment to the US Constitution describes one of the most fundamental rights of those subject to the government, and that includes those who combine their efforts in the form of a corporation. The right "to petition the government for a redress of grievances" is not a second class right, and along with "the freedom of speech, or of the press" applies to corporations as organizations of individuals just as it does to newspapers and individuals. To characterize it a a "problem" is to miss the point, among others, of the Citizens United decision.
Some, maybe many, think that was a bad decision, but given the current corporate organization of "the press" and the ease, in the present technological environment, of becoming one of "the press" it is hard to see how to "fix" it in a way that would not be trivial to circumvent. Similarlhy, in the case of lobbying, it would be hard to make a reasonable boundary between corporate and individual "petition for a redress of grievances." It would be equally hard to distinguish between the petitions of the "bad" corporations that we do not like (think Google or FaceBook or the NRA) and the "good" ones that we tend to like (think PETA or Friends of the Earth or the Sierra Club). All of them lobby, including with the help of paid lobbyists. Those most often left out, in fact, are the natural persons, who mostly have a hard time getting the ear of a political or civil official.
In the US, bicycles generally are treated as road vehicles and cyclists are required to use the roadway and observe the same rules as motor vehicle drivers. Where there is no bicycle lane, cyclists may occupy a traffic lane and in many cases two may ride abreast. Motor vehicle drivers must pass cyclists according to the same rules that would apply when passing another motor vehicle. As an example, the Utah rules are summarized at https://www.bikelaw.com/2014/06/utah-bicycle-laws/.
Bad proof reading: I meant to write "I suspect that if [the Democrats] had nominated Sanders and got behind him wholeheartedly, he would now be the President."
Although I could not stomach Clinton, I probably would have voted for Sanders as the Democratic nominee, partly on the basis that he is better qualified than she, as well as apparently quite honest (in the universe of elected officials) and has demonstrated the skills and demeanor needed to work productively with other elected and appointed officials. The Congress probably would have spurned most of his proposals, but he doesn't seem the type to take it personally.
I can't decide whether this merits an upvote or a downvote.
Could an officer of a generally respected intelligence service make a mistake? Certainly; that is one of the ways spy networks are broken and taken down.
The paragraph on Clinton's non-victory is not too far from the mark, although her somewhat indolent campaigning didn't help, nor her (and her husband's) well known history. It is far from clear that the media attention to Trump helped him much. The consistently anti-Trump bias of the reporting is unlikely to have swayed many voters toward him. More likely it firmed up the opinions of those already leaning one way or the other. Neither of the major candidates really had much to offer, and although I am not a Democrat, I suspect that if they had nominated Sanders and got behind him wholeheartedly, he would not be the President. As it happened, well over 90% of the voters chose the wrong candidate.
As for the Russian threat, it is rather hard to forget that they have a large number of nuclear weapons, ample means to deliver them, and a rather obvious inclination to meddle in the affairs of other nations. The fact that those statements are true also of the US does not change that.
I participated in political organization to a meaningful degree in college, got a graduate degree in political science, and have generally followed politics in the US for the following half century or so. After seeing a quick summary of the DNC secrets I thought of better ways to spend time than paying much attention to them. I do not think anything in them came as a surprise to a professional or semi-professional politician in the US, or probably anywhere else.
There were consequences, in that the Bernicrats were outraged, Debbie Wasserman-Schultz, of course, had to go, and those Republicans who had the time were mildly amused and some of them probably relieved that it hadn't yet happened to them. Aside from the Sanders supporters, it probably had little effect, but there is a small probability that enough of them bolted and voted for Jill Stein in Wisconsin, Michigan, and Pennsylvania to deny Clinton the presidency she didn't deserve. Instead we got Trump, who had all the qualifications of the average tavern hangabout who knows what it takes to turn the country around and make things right.
As an occasional political scientist, I think of this as a confirmation that democracy is the worst form of government, except for all the others. And a confirmation that people, generally, act in ways well known to those who authored the Constitution, and of justification of deep suspicion of those who claim they know and represent the public interest, deny personal motives, and seek election in order to impose their perception of it on the rest of us.
Two observations about the NSA EC parameter bogeyman:
It is true that NSA could have generated the NIST parameters with knowledge the secret related parameters that would provide them (and anyone else who obtained access to the secrets) with a back door. As far as I have seen reported, it has not been established that they did so, and it also is possible that NSA generated its parameters as described in the NIST document appendix, as anyone with the resources can do.
I have not seen reports, either, of atttempts to generate EC parameters using the procedure, and I have not done so. It occurs to me, however, that different possible values of the randomly generated 'P' and 'Q' parameters might differ substantially in the security, and it seems possible that the values provided in SP 800-90 and its revisions (until the Dual EC DRBG was removed in 2016) were selected as the best of many generated correctly as described in Appendix A of that document. It may be that using Dual EC DRBG with homegrown P and Q would be expected to be less secure than using it with NSA's parameters.
That said, uncertainty about a back door in Dual EC DRBG is only one reason to avoid its use. Others, independent of that, are its high computational cost (even after the bit generator was weakened) and the fact that it produced biased output. These were widely known to specialists in 2005 or 2006, and reason enough to select other types of DRBG.
I have known since I was about 10 that Coca-Cola tastes better than Pepsi-Cola. A few years later I learned a critical exception: Pizza must be taken with Pepsi rather than Coke, but the basic rule held otherwise. And a few years later came the realization that beer in its many forms is the only viable alternative to either.
All of this wisdom came largely from experience and the guidance of contemporaries. I do not recall ads that told me Coke beat Pepsi, but certainly there were some, and a comparable number of Pepsi-Cola ads that said the opposite. And the beer ads were probably more numerous than either, and as inconsequential. I suspect the same is true of Google and Facebook ads (as well as The Register's push, which I largely avoid with either AdBlock or uBlock.
Whether we like it or not, essentially everything the Nix described in Channel 4's expose clips is, and was, bog standard practice well known to US political campaign managers for many decades if not several centuries. Thomas Jefferson, as a presidential candidate, was attacked semi-anonymously (but apparently correctly) for having fathered a black child or so. Targeting then was seriously limited by the available technology, but Ray C. Bliss, as Ohio state, and later national, Republican chairman, certainly knew and used very similar techniques within the technological limits of the 1960s. As did Lee Atwater in the 1980s; as did Mary Matalin (for the Republicans) and her husband James Carville (for the Democrats) in the 1990s.
It is tempting to say there is nothing new under the sun, but that is not quite true. Present technology differs quite a lot from that available in the past. It might even be more effective, although that is unproved and there is little persuasive evidence for it.
There seems to be a concerted attempt to generate a moral panic, to be resolved by hasty investigations and perhaps legislation to control a phenomenon based on "science" that is not well established and, if subjected to reasonable analysis, may either be at odds with the rather large body of knowledge about voting behavior developed over the last 80 years or so, simply confirm it, or be somewhere between.
For all the smoke, the Mueller investigation has been going for over a year and despite the breathless reporting about it the results do not overwhelm. So far, it has charged several Trump associates with crimes based on events several years before the start of the 2016 campaign that have no visible connection to it. He has accepted guilty pleas from several more for lying to FBI investigators about their activities during the campaign that, on their face, were not unlawful. And he has obtained indictments against 13 Russians who almost certainly never will be brought to trial and got a guilty plea from one individual for activities during the campaign that do not appear to have any connection to the official campaign. The new furor about Cambridge Analytica and Facebook doubtless will provide an excuse to extend it, and perhaps to reinvigorate congressional investigations. The probability is low that we will learn anything really new from it.
At present it is arguable that the main practitioners of psychological warfare are the media that have, since 9 November 2016, been pushing the story that Donald Trump would have lost the election but for any number of actions by his campaign, its supporters, and foreign agents that, if not illegal should have been and need to be by the next election. And that, therefore, he is not legitimately the US President and must be brought down by any means possible, even the gentle coup of impeachment or finding him deranged.
I did not vote for Donald Trump on the basis that he lacked the necessary political skill, experience and for the job and espoused policy positions with which I disagree. And I did not vote for Hillary Clinton on the basis that she was untrustworthy and unfit and espoused policy positions with which I disagree. Unlike a great many of the loudest voices in the public space, I accept the election outcome because that is the basic buy in necessary in a functioning republic.
That does not relieve me or others of the obligation to oppose what we see as bad policy, but does require that we generally treat government institutions and office holders as legitimate and not treat policy differences as evidence of conspiracy and corruption until that is proved.
A skeptical question from a Facebook nonuser (for practical purposes): troland, earlier, asserts that FB data "is a goldmine for targeted advertising." I wonder if this actually is justified based on measured results, or are the advertisers also drinking snake oil?
I lean toward granting the accompanying points about phishing and especially stalking on the basis of their plausibility; that's one reason I mostly avoid Facebook.
The Mercers, like you and I and all other (US person) commenters on this and other threads here and on other sites, exercised rights guaranteed by the first amendment to the US constitution. Their chosen vehicle might have broken laws, but it does not, in fact, seem overly likely even based on Nix's fairly stupid statements to the fake Sri Lankans as shown in the linked CH4 video.
It is far from evident that these people, snakelike as they may be, should be read out of the human race for embracing practices that, subject to constraints of contemporary technology, have been common practice in US political campaigning for over two hundred years and probably are as widely used nearly everywhere public elections are held.
Human drivers have an error rate. Accordingly, they run down an expected number of pedestrians or bicyclists annually (among other adverse events) and they kill some of them. According to the Pedestrian and Bicycle Information Center, the2015 deaths ran to about 5400 pedestrians and 800 cyclists.; nonfatal injuries seem to have been around 70000 pedestrians and 45000 cyclists.
Controlling software for autonomous vehicles also will have an error rate, and such vehicles will run down an expected number of pedestrians and cyclists and kill some of them. In their history to date, the known number of such errors seems to be 1, far too low for statistical analysis.
The fact that both humans and the sensor/software autonomous vehicles operate in a physical environment with a certain amount of unpredictability guarantees that an error rate of zero never will be more than a goal that can be approached but not attained. As they are an alternative to human controlled vehicles, autonomous vehicles should be judged against the fairly well known results attained by human control, although it is proper now, while they are being evaluated before general use, to subject each incident to elevated scrutiny directed to improving outcomes.
I did not forget others, but did not think it worth trying to be exhaustive, so chose some that often, but quite inaccurately in my opinion, put forward as relatively unbiased, and from which I choose to acquire the majority of my news input. While sometimes annoyingly biased, they usually cover the facts reasonably well if you read articles completely and disregard the slant. In technical matters it is somewhere between very useful and essential also to have some independent subject knowledge.
I would rank the others suggested, from most useful to least, CBS or ABC, then Fox, CNN, and (MS)NBC. In the past I listened to a fair amount of short wave radio and thought BBC, along with VoA and Deutche Welle English services, to be relatively complete and accurate, and much less biased than others.
This overstates. Echo chambers probably do not distort aggregate public opinion, whatever that may be. They very probably do act to firm up opinions by reinforcing confirmation bias. It takes some effort (and, for most people outside Facebook and Youtube) to seek out various viewpoints. TheRegister comment section is one of the better places to find a range of viewpoints; The New York Times and Washington Post, especially but not only the comment sections, are among the worst.
How one's Facebook friends distribute in political leanings probably seems quite variable. Among my dozen or two I have a few each of hard core progressives and conservatives, gun nuts and gun control freaks, and some whose politics I am clueless about. Most are either family members or work acquaintences. My wife has more, with similar composition; from what she says, politics hardly ever comes up. My son has quite a few, also covering a large part of the political range but somewhat weighted to a Libertarian orientation, I think. My daughter has several hundred, mostly either high school or college classmates or former students from the time she was a public school teacher. I much doubt they come close to offering a closed political discussion universe.
A data set like this, with four interrelated samples isn't very useful, but suggests the reinforcement of political leanings may be less common and less important than sometimes claimed. In addition, focusing on Facebook in particular and social media in general overlooks the fact that people inevitably are exposed to other sources of information, including political information.
There is a bit of truth in this, but "fake news" as generally understood outside outside the Trump immediate circle consists pretty much of false reports about things that did or sometimes did not happen, combined with unsubstantiated rumors, carefully selected "experts,", anonymous sources, and slanted language to present a picture quite distinct from reality. Prime participants in such activity include, in addition to the usual suspects, the New York Times, Washington Post, (US) National Public Radio and, increasingly (again US) Public Broadcasting System.
The presumption that Cambridge Analytica and its alleged activities caused the Clinton loss is very far from proved and there are good reasons to think it is pretty much rubbish. It seems to be built on the notion that by applying its secret algorithms, CA (or the Trump campaign with their help and guidance) was able to convey a specially targeted tailored message to each likely voter (or perhaps those they were interested in reaching). Is there actual evidence that was done? To take it a bit further, it is then assumed that those messages were effective in persuading people who independently might have favored Clinton to vote instead for Trump or a different candidate, or to not vote. Given the large differences among the candidates this, too, requires considerable evidence that has not yet shown up. Inasmuch as any CA assistance apparently failed to move Ted Cruz much beyond the first cut in the Republican joust for the nomination it is likely such evidence will not appear soon. Even if effective when considered alone, Facebook and targeted advertising do not operate in a vacuum and in practical use their effect is diluted, probably a great deal, by voters' and consumers' other social interactions.
I do not entirely dismiss the possibility that the techniques alluded to are effective. They are in line with research at the University of Chicago, the University of Michigan, and others going back 60 or 70 years. Vance Packard popularized earlier and less sophisticated commercial application of some of the notions as long ago. CA's and similar activities In the commercial arena represent the engineering application of the academic work. In the end they may be shown to be highly effective, but for now a good deal of skepticism is in order.
The asserted power of Facebook and the likes of CA as social manipulation vehicles, like the asserted power of campaign money in politics, probably is being overstated by an order of magnitude or more. A more serious danger may be that we go off in a moral panic and enact legislation that, while palliating our moral outrage, may have little real effect.
Software copyrights are evaluated partly on structure, treating variable names used in the same way as equivalent. I recall looking at the infamous "rangecheck" code for a bit under a minute and concluding that there were, in practical terms, exactly two ways to code it, unique up to choice of variable names. This means, of course, that if three programmers of modest skills addressed the problem rangecheck solves, it is a near certainty that at least one of them was an infringer.
Automating checks for such things on github seems a singularly bad idea.
No insurance company worthy of staying in business long term bases premiums on other than their actuaries' projections from experience. They might get a bit blindsided the first year or so for a new model because of unknown vulnerabilities or unanticipated popularity with thieves, but they nearly always will have enough raw profit margin built into the rates to cover the losses until they can adjust premiums.
I don't use Kaspersky software for AV, but it has been generally respected for some years and not, as far as I know, have been found to be defective or unfit for purpose. Knowing practically nothing about it, I conjecture that anything it uploads from a customer's equipment is encrypted using cryptographic algorithms and protocols generally considered secure.
That does not guarantee that they have not been compromised or are trustworthy. Security is hard, as many have found. It is possible that the encryption Kaspersky uses, assuming they do, or their servers, have been compromised. It is possible also that they have a careless or rogue employee. And although it is much less likely in view of their business interest, it is possible that they are cooperating with their government, as companies sometimes do.
There are quite a few non-US speakers of English, which stands third behind Mandarin and Spanish. Many more speak it as a second language, some of them very well, especially when it comes to the written language that might show up in code.
The US government may be wary of Kaspersky because of its Russian domicile and the possibility that they collaborate with the government they live under or, more likely that they have been penetrated by that government.
My last (HP dv6) keyboard, from which I now type, cost under $9, including delivery that took about 4 days. It's not and IBM PC or Telex 3270 keyboard, but except for the crappy layout that puts the "calculator" key where the left control key belongs, it's decent, with definite touch feedback but no audible click.
Why would it be cheaper to use a crystal oscillator - and a counter - than a counter alone? The ICs probably cost the same, and the extra crystal cost is positive.
And, as another poster observed, power line frequency generally is more stable over time than an autonomous quartz crystal.
It might be worth mentioning in connection with the numerous swipes here at Trump is that he ordered this audit, and similar ones across the government, as one of his early official acts. As I remember it, The Register reported quite negatively and dismissively upon that directive, as did a likely majority of those who commented on the article. He may have done quite a few things worthy of opposition, but this was not one of them.
DISA, and probably DHS as well, has been using SCAP for some years. At my last contact, it told you a lot about what was wrong, but it didn't fix it. And as noted, but a bit more bluntly, the things it found last month and you fixed will be replaced by new findings (some identical to older ones) by the next scan.
I can comment only on the Department of Defense and, in fact, only on one medium sized civilian agency within it. By around 2005 we had a CIO who was increasingly picky about security, and from well before that we had a chain of Information System Security Managers, Information System Security Officers, and Terminal Area Security Officers, the last an additional duty, responsible for various aspects of information assurance. Titles and specific duties changed some over the years, but as a group they were generally responsible for authorizing access and ensuring that system managers and administrators implemented the increasingly bulky set of directives and instructions, applied patches, and verified compliance with the periodically updated Security Technical Implementation Guidelines, another large set of documents, one for each OS and major service. Ultimately, they reported to the CIO who, in my agency also was the CISO.
There was not a separate budget for information assurance, but that was not the problem so much as an overall shortage of funding and staffing, combined with increasing workload to take care of the steady tightening of standards.
In practical terms, the only repair likely to be made, for nearly all owners, will be the battery. These should be generic enough that if the OEM prices them to high other manufacturer will compete.
Shame on those pushing this law if they did not think of that and include language to head it off. On the other hand, the US Supreme Court in Impression v. Lexmark (581 U.S. 1523 (2017)), gives potential competitors some legal backing.
Reality Winner may not have been "in custody" when she made her confession. If so, (a) the FBI agents were not required to give a Miranda warning and (b) the confession very likely is admissible. The outcome suggests that the prosecutor persuaded the judge that the circumstances did not require the warning. It appears Ms. Winner forgot or did not know the cardinal rule for dealing with law enforcement officials in any dicey situation: say nothing without legal advice beyond what is required to establish or confirm identity.
As for the prison suit, there are a few plausible explanations, one of them that the defendant's ploy irritated the prosecutor, who might have thought her better strategy would be to negotiate a guilty plea and two or three years in custody with some credit for time served. The information released, while classified, did not come as a great surprise to most, and revealed very little in the way of sources and methods.
In my opinion, there is a better case to be made over a delay of more than a year and a half between arrest and trial, which falls a good deal short of the sixth amendment requirement in what seems a fairly uncomplicated case.
The issue of a probable cause search warrant creates a legal exception to the normal expectation of privacy. An affidavit that includes the information about the computer the article describes and a statement of the fact of visiting the porno web site will get a search warrant to a near certainty.
That said, those accused of illegal trafficking in pornography, even child pornography, are entitled equally with others suspected of criminal activity to fourth amendment privacy protection until probable cause is sworn in a warrant application. and formal presumption of innocence until and unless convicted.
The mean distance to the moon from Earth is about 238,855 miles, so round trip delay isa bit more than two and a half seconds. My recollection is that when men were on the moon, the delays were noticeable but not so large as to get in the way of sensible communication.
"Any non-trivial actions taken by US Cyber Command, overseen by the NSA, could be considered an act of war, and as such would require some serious authorization: the NSA needs the President's approval to attack, knacker, or shut down a foreign government's computer systems."
Arguably, that requires an act of war by the Congress. Arguably, too, we have engaged in far too many acts of (undeclared) war, with too many different countries, since the last such declaration, more than 76 years ago.
This often repeated suggestion ignores the fact that the American colonists and their immediate successors generally had the most modern and effective of the available that they could afford. For personal weapons, they had the same range and types as those in any military service of the time.
Automatic weapons are hard (and quite expensive) to obtain legally. Semiautomatic weapons are used somewhat extensively for hunting. I believe that includes AR-15 type rifles for smaller game. There are quite a few larger caliber semiautomatic rifles available for hunting animals of the order of deer and elk. Where they have detachable magazines the usual capacity seems to be three to five, sometimes going to ten. The overwhelming majority of handguns, of course, are semiautomatic.
Training requirements for gun ownership makes sense generally, but does not address the problem of someone intent on a rampage killing. There is no reason to think such people are incapable of training, or any clear benefit to improving their skills.
Unless military service is compulsory and universal it probably can't be used as a gun ownership prerequisite. There are quite a few ways one can get a dishonorable military discharge. Not all of them constitute reasons to restrict civil rights after discharge. If I remember the Navy BuPers manual correctly, there was a time when committing a homosexual act could lead to dishonorable discharge.
Background checks have been federal law for some time, without apparent effect on rampage shootings, and the often mentioned "gun show loophole" seems not to be a significant problem, as nearly all guns used in these shootings have been acquired legally, after background checks, from licensed firearm dealers. The problem here seems to be lapses and sloppiness with implementation of existing law.
"Mental health issues" covers a lot of people, nearly all of whom are dangerous only to themselves, if they are dangerous to anyone at all. Something like a majority are not under treatment and therefore likely to be missed anyhow, along with those like the Colorado theater shooter who went fairly quietly crazy shortly before beginning to accumulate his arsenal. Again, restricting civil rights is a serious business, demanding particularized and individual legal process, not simply a relative's (or psychiatrist's) impression that something might be brewing.
There is a case to be made that someone mature enough to vote is mature enough to be a full citizen - including gun ownership and alcohol purchase. There is no proof that the age of 18 or 21 (or 13) is magical, or that the appropriate age is the same for men as for women. I have seen lay articles suggesting that the appropriate age for men might be as high as 26.
Waiting periods might be a good idea, but probably would be most effective in preventing suicide. Spree shooters generally seem to take quite a while and do a fair amount of preparation; they would not be impacted by any plausible waiting period requirement.
Putting armed teachers in schools is not something to be done on a whim. Both civilian and military police officers receive extensive training and are required to requalify periodically. Armed teachers would need to meet the same standards and more: in their environment, they would be called to use their weapon only under chaotic conditions in which it is far too likely that a shot will hit an innocent person or two. The spree shooter does not care, but it would be devastating for a teacher to take out a student or another teacher instead of an attacker. School systems would be far better off to pay close and detailed attention to building physical security.
I doubt that even the most hard core NRA members think spree shooting is a good idea. As a non-member, my impression is that they do not think anything short of universal and fully effective confiscation of all private guns will prevent them, and that they think those who want to restrict gun ownership beyond current limits know it too and are working an agenda that, if completed, will lead to it. They consider that end completely unacceptable, and any step toward it nearly as unacceptable.
"Cynic" is not the correct description. It is simply commercial realism and pragmatism. No company wants much to do public things that a significant sized and very vocal group can portray with some plausibility as evil. In the 1980s Proctor and Gamble took heat over their allegedly satanic logo, and ultimately changed it. These gestures are transparent public relations gimmicks.
My feeling long has been that the NRA's power and influence is seriously overrated given its (probably overestimated) membership. I suspect this is because, at bottom, those demanding "sensible gun laws" don't agree on the detailed meaning of "sensible" in the context and don't believe anything they are prepared to propose seriously actually will work, even if it passed both constitutional and legislative constraints. At bottom they fear that the polls reported to show ~80% of the population in favor are fatally flawed and that the support will evaporate as soon as there is a specific proposal on the table that goes much beyond tweaking age requirements and firming up and tightening restrictions already in place. And they probably are pretty sure that second amendment repeal, probably necessary for any actually effective legislation, is not in the cards. Blaming the lack of "sensible gun laws" on the all-powerful NRA gets them neatly and fairly painlessly off the hook for their ineffectiveness.
Omitted here: Amazon, Microsoft, and Google cloud services run enormous numbers of virtual machines that run code that is, to them and other customers on the same servers, untrusted and would make their cloud operations direct and immediate targets of both criminals and signals intelligence agencies world wide. BSDs, not so much, although possibly significant on web and storage servers where these vulnerabilities could add to the tool kit and allow malefactors to avoid the need for privilege escalation after gaining access using other vulnerabilities.
The number of political advertisements in campaigns for federal office makes this pretty much a nonstarter, especially if it is to be done by federal law enforcement agency.
In any case, it does not address political trolling, which arguably is a more significant issue despite a paucity of evidence that foreign trolling has, or had, much effect.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
