[Enter maniacal laughter here]
I guess it’s not the best week for a trip to Paris
Composed as a comment (awaiting moderation) at Seebs Exhibit 7: This is sorta freaky, and I am not at all sure what I think of it
As someone coming from a somewhat similar place (getting a little help from ADHD meds and a general recognition that I could be labelled as autistic but there’s not really any point to it) I definitely understand your concern. Having 2 kids also on the autistic spectrum adds something to that perspective. My 21yo daughter followed my path: very high functioning, quirky, ADHD diagnosis but ill-served by meds, needs no CURE because her divergence from “normal” is a very mixed bag. I’d even say it is a net positive, but I’m very biased.
Then there’s my son. Whatever genetic aspect of autism he shares with myself and his sister was compounded by being born at 23 weeks and having a significant cerebral hemorrhage in his first week. It is impossible to untangle his complex neurological issues into discrete components, but the classical defining behavioral features of autism are all there and they have been roadblocks to helping him overcome his many other challenges. Curing his autism would change “who he is” but it would also give him a better shot at having a decent life.
That’s a deep problem with the label of autism. It is biologically accurate to classify the whole spectrum of autistic features together, but that doesn’t make the people exhibiting those features all the same. Some of our brains manage to work out adaptations to a world full of people with very different perception and thinking, some can’t. Would I cure Kyle’s autism if I could? Absolutely. I’d cure his CP and epilepsy and damaged eyes and generally underdeveloped left side too. Would I give him a choice? No, because he’d definitely say no. He’d much rather spend the day slamming doors, entertaining himself by seeing how hard he can make the parents flinch at his shrieks (we’re funny…), and asking us to hunt down books (which he cites by ISBN) so that he can read the first word of every line. In a decade as a putative adult 22, he’d likely make the same choice. Would I cure Megan? Not my choice, she’s 21. I’d advise against it. Would I cure myself? Well, after a week full of people insisting on teleconferences instead of email exchanges, I might take that cure. Unfortunately, no one saved cord blood in 1965 so I couldn’t participate in this trial.
That points out important features of the specific treatment in the trial: no one involved is using the word cure, it’s really only applicable to young children, and its about as close to a natural treatment as you’ll find in a modern medical trial: autologous cord blood stem cell infusion. If it actually works, it is pretty hard to argue that the process is radically changing who those children are/would/could be, since they are getting cells they missed out on having at birth by the accident of a few minutes. Whatever such a treatment actually could do would be properly called “healing” or maybe “regeneration” and it would make a strong case for whatever it changes being damage.
For reference, Seebs (someone I have a deep and multi-faceted respect for) cited a tertiary source that linked to a Faux News story that provided enough info to eventually get to the actual trial description at http://clinicaltrials.gov/ct2/show/NCT01638819 which is very narrow in scope and design. Even the PR from the hospital doing the study doesn’t say anything about curing autism.
If you have many email accounts (as so many of us do these days) but don’t much use some (as Mat Honan didn’t much use his me.com address,) you shouldn’t be using one that you ignore as a place for any other provider to send password recovery emails.
And at a deeper level, it is careless to be ignoring any working email account. In the teachable moment of the week, the ignored account was an iCloud (me.com) account, which Apple sent a notification message when they reset the password. That may seem silly, but if MH had forwarding set up on that account or had a connected IMAP IDLE session from whatever mail client he uses or even if he just checked the account every 10 minutes with a smartphone, he would have known of the crack in progress faster. With providers as careless as they have proven themselves to be, mail accounts get cracked. A user who doesn’t keep a trivial watch on an empty and unloved Inbox won’t see a crack when it happens. If you don’t exercise your ownership of an account, you won’t notice it being stolen.
Inspired by: Secret Security Questions Are a Joke - Slashdot
So-called “Security Questions” have been spreading in use as a mechanism for password recovery, but anyone who knows anything about computer security knows that they are not about securing anything, they are about loosening security.
That’s not altogether bad. The flipside of strong authentication is that it is easy for users to lose the ability to authenticate themselves. Passwords are forgotten, certificates are deleted, temporal PIN gadgets are lost or destroyed, etc. Having a way to reset the primary authentication mechanism helps mitigate that risk. However, the “security question” mechanisms in broad use are mostly far too loose because they draw on a common universe of research-vulnerable questions (e.g. “Mother’s maiden name”) and in many cases (as with Apple and Amazon) are mediated by humans whose jobs are mostly not focused on security, but rather on low-skill customer support for which their employers pay very little. It is not rational to expect that those workers will follow a rigorous security policy that requires them to take time and risk disappointing customers. No amount of security policy rigor can address the problem that security policy is routinely ignored.
It appears that the case of Mat Honan hinged on absurdly weak security question policy at Amazon and a failure at Apple to follow policy in regards to security questions. The best fix isn’t to tighhten and try to enforce policy, it is to change the nature of the process. Authentication recovery mechanisms need to meet 2 simple criteria:
- The secondary authentication information must be truly secret, known only to the user and the provider.
- There must be no way for a special pleading to override the formal mechanism short of persuading the people who defined the mechanism that it should be bypassed.
This means that sometimes users will lose access to their accounts because they can no longer provide either the primary or secondary authentication factors. It may mean that sometimes real security professionals will have to listen critically to the sob stories of careless users.
For the real world where that sort of change isn’t going to happen in most cases at any point in the near future, smart users must adapt to the fact that most service providers have de facto lax security. I included some user-relevant lessons in my last post but here are a few more concrete ways to stay safe:
- When offered a choice, pick security questions with non-researchable answers. If your spouse or sibling could answer the question, it’s a bad one. If a Facebook “friend” could answer it, it’s worthless.
- Answer bad security questions with memorable and unique lies. For example, you might tell Apple that your mother’s maiden name is Wozniak or that you graduated from Cupertino High School, while telling Amazon that she was born a Bezos and you went to Seattle Country Day School (dunno if that even exists…)
- Use an email service that provides a way to invent working unique addresses on the fly so that you can give a unique email address to everyone who asks for one. This is easier than you may think, since GMail supports “+” tagging and arbitrary insertion of periods in addresses.
- Don’t let anyone store a credit card number in their system that can be used by any other vendor. I said this in my prior post but it is worth repeating.
- Shun providers who behave badly. For example, some time ago a provider who shall remain nameless (as they may have changed) tried to “canonicalize” addresses I gave them by doing transformations on parts that might have been tags and trying to send mail to the modified addresses. Because I use my own complex and obscure mechanism for unique addresses this only meant that they bounced a few messages off my mail server, but the result was that I deleted my account and blocked all of their mail on my mail server.
- Avoid the temptation of making any online identity a “hub” for everything you do online. Especially avoid this with free accounts (e.g. Google, Facebook, Twitter, Yahoo, etc.) because ultimately those are provided and governed at the whim of the provider. Apple accounts are slightly better because their email accounts are associated with you being a paying customer, but they also can have such serious powers (e.g. remote wipe) that it is unwise to have them hooked to anything else (like a GMail account) that might turn out to be part of an attack surface.
- Be as autonomous as you can be. Having your own domain name is a start, but it’s just the prerequisite for a stack of DIY online services that you may or may not be up to handling on your own. At a minimum, having your own domain can be the basis for varying degrees of control over your email addresses that you really cannot have if you stick to using addresses in domains that you do not own.
This is only news because it happened to a writer for Wired. The “hack” didn’t expose any previously unknown vulnerabilities, the children doing it didn’t demonstrate any significant technical skill or use any sophisticated tools, it was essentially just a case of random vandals digging around online where they could dig easily and telling a few lies to “customer support” staff whose work can never be worth much more than the sub-median 3rd-world wages they are paid.
I’m NOT picking on Mat Honan here. It’s pretty clear that he’s a gadget guy not a security expert and as a journalist I’m sure he gets more and slicker pitches from hucksters who find security a nuisance than from security experts. Real computer security isn’t cool. It isn’t fun. It isn’t in any sense spiffy. If you think it is, you’re a geek. I do not say that as an insult, just to note that we are not normal. I have given up scolding normal people for not being security geeks. It’s pretty well proven that a lot of generally normal people love gadgetry but have no affinity for system security.Mat Honan wasn’t particularly careless or clueless, he just had never absorbed some clues that those of us who work in security have sadly stopped talking about much. Clues that are among the least cool, fun, or in any way spiffy lessons of computer security:
- Any secret which you share with someone else so that they can authenticate your identity later is a password. That includes things that are not very secret (e.g. “mother’s maiden name”) that can be used to recover or reset “the” pasword. This means that “security question” access recovery mechanisms are de facto security-weakening tools.
- Don’t use the same password for different accounts. This is a hard one, since it really is not practical to use a completely different password for every account without using a keyring tool, which ultimately is one password for everything. However, a secure keyring is MUCH better than using just one password everywhere or keeping all of your passwords in a plaintext note in some “cloud” service.
- Don’t give anyone an unrestricted credit card number or bank account number to store for easy reuse. Yes, I know Amazon, PayPal, Apple, and others all really want this. They are stupid and effectively evil. Really. It’s not in a bad way; they don’t intend to be stupid or evil. That doesn’t make it much better. If you can’t resist easy one-click purchasing, get a Discover or other card that provides single-vendor numbers, so that you can’t break the previous rule with a card number. After all, a credit card number is a password to your money and Mat Honan’s example shows that even a part of a number can become part of a de facto alternative password to your account. The same card number linked to many accounts becomes a common and very weak password to them all and to your money.
- An authentication system that has a fallback system that lets you recover from a lost or forgotten password is less secure than one which does not.
- If it can be, human judgment almost always will be the weakest link in any security system. It takes an unusually weak assembly of mechanical security mechanisms to out-fail a person who has the power to circumvent it. If an authentication system includes the ability to call a human and beg for access, that will be the easiest way to break it.
- Security and convenience are directly and intrinsically opposed to each other. Secure systems are not cumbersome and easy-to-use systems are not insecure as a result of poor design, but by necessity.
- Using email addresses as unique identifiers for people is irresistible, so they become (sigh) a sort of secondary password. If you use one email address for everything, see the second clue…
- Incumbent technical constraints are often not seen as part of security but may in fact be critical tacit assumptions for the security of systems that are perfectly functional — but are made insecure —with those constraints removed. Parables of this include WEP, the silly kerfuffle created by Steve Gibson over “raw socket” support in Windows, and a long parade of schemes to stop spam based on assumptions that spammers wouldn’t do things that they so far hadn’t done which basically only demanded audacity and motivation.
- Email isn’t secure. It can be in specific cases and could be in general with existing tools, but in the real world as it is today the main protection most people have against undetected interception of their email in transit is the fact that there’s so much email in transit all the time and so much of it is pure worthless garbage. The “needle in a haystack” analogy applies, but a better one would be “corn kernels in the sewer.”
- Backup is a critical security component because information loss is much more common than and usually worse than information leakage.
- There are many degrees of security and many degress of attacker. If you allow yourself to be “low-hanging fruit” you will be vulnerable to low-effort attacks from a huge population of weakly motivated opportunists. The other side of this is that very small improvements in how you maintain your own security can raise your vulnerability above where most random vandals will bother.
These boring old truths have implications for “Cloud” services that sell themselves as hubs for a digital life enabled by frictionless sharing and synchronization and yadda yadda yadda. Mat Honan did things that those of us who are Security Geeks have given up warning against. Those warnings make people who wear ties and sign paychecks doze off and wake up grumpy. We’ve spent the past decade or so biting our tongues and taking paychecks and hoping that it would all work out, but it hasn’t. It never will, because it fundamentally can’t. Systems and applications that are most appealing when used in fundamentally insecure ways cannot be made secure. Systems and applications whose security is dependent on end users practicing good security hygeine will not be secure. Systems and applications whose provider-side security is dependent on adherence to policy rather than operation of tools will always be crackable by social engineering.
None of this is news. Back when the press made a big deal of Kevin Mitnick as a great “hacker” it was known by many people who wore that label proudly with no connotation of criminality that he was in fact just a very good con man with unremarkable technical tools and skills. We have had standards, tools, and tested best practices for online security since before most people had heard of the Internet, but still most service providers don’t bother with them. There is a geek subculture where good security hygeine is the norm and then there’s the world at large where many people use one email address and one password and let all of their accounts everywhere interact freely with each other to the extent that losing one to a random script kiddie essentially means losing them all. People who don’t understand that they have to deal with inconvenience as a price of security and that they can’t rely on providers who promote convenience to maintain security will always be the easiest prey for the largest field of predators.
- Security lapses at Apple and Amazon lead to an epic hack. This could be you.
- Black cloud looms over Apple online service after high-profile hack
- When iCloud becomes the Perfect Storm
- Apple cloud ‘life’ wiped
- Apple Support Gives Hacker Access to Blogger’s iCloud
- Mat Honan details the Amazon and Apple security flaws that let hackers wipe his MacBook
- Hack causes fear about cloud storage
Originally a comment on: Finding Motivation in “You’re Doing It Wrong”
Posted here because that comment is “awaiting moderation” and I doubt they have the integrity to publish it.
That’s a remarkably timely blog post, given that I was made aware of your existence by spam sent on behalf of one of your customers through your mail system, with links to their website which is hosted on your facilities. How they got my address and why they assumed that I would want mail about an association I care nothing about, I can’t know.
As someone who has dealt with email permissions issues professionally for nearly 2 decades, I am here to tell you: YOU ARE DOING IT VERY WRONG. The problems with this mailing started with the fact that they never should have had my address in the first place, but it was compounded by additional problems:
- The first contact they made was a pitch for an event. It offered no clues as to why they thought (perhaps innocently, perhaps foolishly, likely BOTH) that I was someone to be mailed by them for any reason at all. First email contact should ALWAYS be a confirmation of the address as belonging to someone who wants to be sent further email.
- The message included a link “to update your email preferences” which redirected to their home page without showing any sign of doing anything. Was I unsubbed? Maybe. There’s no way for me to know.
- The mail and web facilities used and pointed to in the spam live in Time Warner/RoadRunner network space without proper SWIP or rwhois records and have names in the ymem.net domain which lacks a registered abuse contact or working MX. This makes you and your customers look sleazy, plus it means the first place they will complain about spam is not to you, but at best to your connectivity provider.
- You are sending mail with an arbitrary customer address used as the SMTP envelope sender. This makes it very likely that if they have a SPF record in DNS which has a “fail” or “soft fail” default, the mail you send for them will get it.
Because you act as a sole source for your customers, providing hosting, tools, and expertise, these are not just their problems, they are YOUR problems. Will email@example.com get enough complaints to cut your connection off? Probably not. Will enough people report spam coming from ymem.net machines with links for ymcdn.com tracking bugs to public reputation systems and filter providers to cause real trouble? Probably not in the near term. Have people reported spam to their own mail providers adequately to make those aspects fodder for spam filters? YES. That’s something you may not notice until it is a big problem, but it is already reducing your deliverability a little.
A professional acquaintance wrote a great piece for the StarTribune that actually might manage the trick of changing some minds on the issue of marriage equality and particularly the MN marriage amendment. Seebs (no one calls him Peter…) has quite the corner case, but like all good sysadmins he knows that a robust system has to handle those.
Looking into the center of the universe.
Who run the universe?
First, someone from MS dissects an exploit: An interesting case of Mac OSX malware - Microsoft Malware Protection Center - Site Home - TechNet Blogs In the closing paragraph, there is this certainly true sentence:
In conclusion, we can see that Mac OSX is not safe from malware.
Then, Kaspersky’s Threatpost blog riffs on the it without adding much beyond putting it somewhere more likely to be seen by security geeks: New Malware Found Exploiting Mac OS X Snow Leopard | threatpost. It has this mostly-true sentence:
Microsoft researchers have analyzed a new piece of malware that’s targeting Macs running Snow Leopard and found that the malware uses a multi-stage attack that’s similar to typical Windows malware infection routines.
So what is wrong here? Simple: the dissected malware DOES NOT EXPLOIT A VULNERABILITY IN SNOW LEOPARD OR ANY OTHER VERSION OF MAC OS X .
It uses a MS Office for Mac vulnerability. A stack overflow, the sort of thing no competent developer has allowed in release software in over a decade. (But of course this is MS…) It was fixed in a patch by MS almost 3 years ago. MS Office for Mac has an autoupdate gadget of its very own that is on by default. MS Office for Mac is also an overpriced, shoddy, and usually superfluous piece of bloatware that isn’t exactly rare on Macs, but it is far from universal. The exploit requires getting a user to open a maliciously crafted Word file with MS Word (or possibly with other MS Office programs that use the same code.) Even Mac users who have Word installed often switch the default handler for Word docs back to TextEdit (the simple text editor that comes with Mac OS X) because if you don’t keep Word open all the time, starting it up is a panfully long process. For most work with most files, TextEdit is all you need. Launches in a couple of seconds.
Nobody worth listening to says Mac OS X is “safe from malware” in an absolute sense. It never has been. Yet there’s been no claim or evidence that this particular malware is widely distributed or even capable of wild propagation. It isn’t particularly remarkable, it isn’t even clear that it is all that new. It looks to me like a “spearphish” payload: something used to attack a particular known-vulnerable target, not something used to take control of a large number of machines. This is moderately interesting for people in the business of security, but it isn’t a serious threat.
What is far more dangerous than the MS09-027.A exploit is the cynicism that pervades the Mac OS X user community about the commercial anti-malware industry. For many years we have had a trickle of malware species targeting Macs which have with one very recent exception (Flashback) posed no risk to users who practice the simplest sorts of careful behavior. Almost every one of them has been trumped up by opportunists in the commercial anti-malware industry as the first drop in the coming deluge of Mac malware. Because that deluge has yet to materialize and because many Mac users are not idiots, the whole industry is seen as the Boys Who Cry Wolf by the Mac community, and that skepticism also holds sway at Apple. But Flashback has shown that there IS a wolf. It’s time for the software security community to address the Mac community as rational adults instead of continuing to try to work up irrational fears over narrow risks. Stop trying to tell us that our machines are at the same risk as Windows machines: we can see that they are not. Stop trying to sell us the same bloated software monsters you have to create for the Windows world: we know we don’t need all that. The old-timers in the Mac world remember what good AV protection looks like. We remember the death blow dealt to the embryonic MacOS malware environment in the 90’s by Mac-specific tools like Gatekeeper and Disinfectant. While there may be valid reasons to expect that more aggressive approaches are needed to fight off the more robust flora that are trying to come back to us after a long evolution in a friendlier environment, we won’t buy the argument that we need to accept the same tools that are used on Windows with Mac skins on them. We need Mac tools. We need proof that the software security industry actually understands the Mac OS and the Mac community, because they’ve provided a decade of evidence that they understand neither and worse, that they don’t take the platform or its users seriously.
[ Originally posted as a comment at Eclectablog]
Like why didn’t he fulfill the campaign promise, one of the cornerstones of his campaign btw, to close Gitmo?
Because a bipartisan coalition of paranoid imbeciles in Congress passed a bill forbidding it. How can anyone who brings up Gitmo not know that?
Why has he not called for an investigation into his AG for the gun running program he signed off on, or for lying to congress, who is about to charge Mr Holder with contempt of congress
Good question. I think Holder has spent 3 years demonstrating that his time out of government did not include acquisition of a moral compass or growth of a backbone, despite appearances 3-4 years ago. He has proven himself unfit for his office, and his failure to fire everyone involved with F&F the day he learned of it is an important part of that proof.
Why is it that Obama, who promised in his campaign that his government would be transparent, and open, has commissioned the CIA to run a secret drone bombing campaign that’s targeted civilians on multiple occasions?
See Brennan’s discussion of that this week. I think it is an implausible claim that the drone program has “targeted civilians” for any rational definition of those words, and such claims are never made by anyone who can credibly claim to know.
As for transparency, a military program is the last place you will ever find it. If you want transparency, try http://www.recovery.gov. Reversing the natural tendency of government to operate opaquely and the active promotion of that under Bush is a large slow process. If you had listened carefully to Obama, you would have noted that he made relative promises about transparency, not absolute ones. I think he’s met the promise to be “more transparent” and maybe even the “most transparent”, even if he’s not making the CIA publish daily operational planning reports.
why is Obama’s justice department acting as a proxy for the entertainment industry in an unconstitutional attack on a file sharing company? This clearly a civil case, yet Holder’s crew is prosecuting the case in a criminal trial
I don’t think it is at all clear that the MegaUpload case is not criminal in principle, although it does seem clear that there are technical challenges with enforcing US criminal law against foreign corporations that were not met (and maybe couldn’t have been) in this case. I think this is another case of Holder going along with a corrupt bureaucratic establishment that is in the habit of doing anything in the intellectual property realm that the lawyers from Disney, Universal, Sony, et al. can give them a rationalization for.
As for that reflecting on Obama, I think that has to be informed by an understanding of how the federal government and especially the DoJ should function. I think that the Holder Problem has been made worse by the fact that Obama doesn’t see the Reagan/Meese or Bush/Gonzales cases as the proper models for how a President should relate to an AG. Holder’s serial failures are his own and only reflect poorly on Obama in the sense that the appointment was a mistake that has played out as such in a predictable way.
So which is more odious? Some stupid campaign lies, which will be flowing fast and heavy from both sides over the coming months,
Arguing from the assumption of purely hypothetical future events is about as weak as it gets. There are gradations of untruth due to the imprecision of words and the human capacity for sincere misbelief, so there really can’t be a valid argument that all sides are equally guilty of the sort of bullshit called out in this case until such time as there is a concrete example. Based on their respective track records, I think it is ridiculous to suggest that Romney and Obama will engage in comparable sorts of ”campaign lies” in the coming 6 months. Romney hasn’t managed to personally alienate 2 batches of nomination contenders by accident, he’s done it largely by a pattern of carefully crafted and practiced dishonesty.
or the actual bombing of innocent people and subjugation, once again, of the constitution by the sitting administration?
Apples and oranges and hyperbolic hogwash.
I’m all for ending all killing of innocents in war, because I’m all for ending war, which always kills innocents and always will. I think the Forever & Everywhere War crafted for us by the prior administration for strategic domestic political ends remains a huge intractable problem that has no ethically pure solution which can actually be executed by any President. Our architected state of war is to some degree working as designed, but I think Obama has followed an unexpected path to dismantle that design by finding colorable “victories” to end the various sub-wars one by one. It is clear from Romney’s choice of advisors and spokespeople on military and foreign policy that he is fully on board with the strategy of a permanent state of unwinnable war against a vaguely defined enemy (the “Not With Us” legions.) As cynical as it may be, Obama has declared victory and left Iraq (which is hardly a peaceful place) and has lashed US policy to a similar path in Afghanistan, with victory pre-declared for 2014 and a decade of vigilant friendship declared for the ensuing decade without regard to actual events. I’m not sure I understand what endgame plan is served by the CIA drone campaign, but I expect there is one. Given the alternatives of a proven track record of overall reduction in the scope and intensity of our warfare or promises to reverse that trend, the right choice is clear to me even if it isn’t one I’m excited about making in this area. The option of rapidly dismantling the military-industrial complex and de-imperializing our foreign policy isn’t being offered by anyone realistically capable of winning the Presidency, and it hasn’t been for a very long time. Anyone who believes Obama ever offered that was not paying attention. Since I never held that delusion I’m not particularly disappointed.
We got a demo yesterday of how wrong all of the “Obama=Bush” bullshitters are and always have been.
The agreement he went to Kabul to sign helps cement the plan and timetable that has been in operation since the so-called “surge” in Afghanistan that Obama initiated in late 2009. It’s easy to criticize that plan, but it has the very important features of being a plan with a timetable for ending our occupation of Afghanistan requested by the Afghan government. Last night, the President referred to the ongoing phased reduction in forces that will be complete by 2014 as the end to our “time of war.”
That is a highly significant choice of words. Consider what Bush did with the political and legal leverage of the idea that we were “at war” for 7 years. The war in Iraq was rationalized with an edifice of lies, but at the base of that structure was a truth: we were “at war” with a vaguely defined enemy under a vague Congressional authorization for the use of military force. Bush’s failure to take out bin Laden in battle at Tora Bora was entangled with his strategic goal of launching a war in Iraq. Whether one believes that the failure was merely a consequence of a strategic error influenced by the contingencies of prepping for Iraq and a loss of focus or (as I do) that allowing bin Laden and many others to escape into Pakistan was an intentional choice, it is matter of fact that the consequence of that blunder was the loss of any notional path to a decisive victory in Afghanistan. It became a contest for hearts and minds against an enemy whose leadership was safe from our military: a war that could never be called “over” no matter what we did. Having a war which never can be won or lost and which never calls for intensification is useful to an unscrupulous politician, particularly one who wants to start another war and to justify an attack on domestic civil liberties. Bush used the ongoing and going-nowhere war in Afghanistan politically and legally to justify the invasion of Iraq and the advancement of an authoritarian revolution in US law and public policy. The latter is clear in the rationalizations of torture and the legal arguments over the Guantanamo Bay prison, but it extends to the so-called Patriot Act, “homeland security” projects, and even the uses of the “unitary executive” theory in widespread areas of domestic governance. Agencies like NASA and EPA found themselves with political overseers silencing their scientific work on the pretense that as Commander in Chief in wartime, the President had no limit to his power over the Federal government. The highly flexible authorizations given Bush for both wars were used to expand executive power and weaken the controls on politicization of government functions. The wars without end also provided cover for insane fiscal and economic policies that led to the 2008 collapse and the current political gridlock over the budget: artificially low interest rates, deficits, spending tilted towards military rather then domestic needs.
Obama has followed through on the withdrawal from Iraq that was negotiated in late 2008 as he was campaigning on scheduled withdrawal and McCain was still rejecting the whole idea. He has negotiated a similar plan for Afghanistan despite resistance from the Right and he has cemented that plan with a long-term agreement for strategic cooperation that is predicated on ending our combat deployment by 2014. Force reductions have started and will continue. He has described this in a major address to the nation as an end to our time of war. Could anyone believe that Bush would have EVER given up the productive tool of a Forever War? John McCain made it clear in 2008 that he wouldn’t. Much of the GOP has been agitating for war with Iran, a project that Obama shows no signs of adopting. You can call this a cynical declaration of victory to cover a retreat but even if it is, how is it a bad thing? Is there anything to be gained for anyone for the USA to frankly declare Afghanistan a lost cause as a premise for withdrawal instead? I think not. Should we pull out as fast as possible and tell the people of Afghanistan that they are on their own in holding the Taliban at bay while they figure out how to govern their country sanely? I think we tried that once, and it was bad for them and for us.
I think that Obama’s choice of words is important, and that it raises the profile of the real stakes of the election. Those who have argued that it does not matter if Romney wins because Obama has not reversed the damage done by Bush using the excuse of war need to review their estimations. Do anyone really believe Romney would stick to Obama’s plan to give up the excuse of war by 2014? One need only look at the way he has pandered to the Far Right for the past 4+ years and adopted Loyal Bushie neocons for foreign policy advice to change that belief. There will be no end to war with Romney. We have a timetable for an end with Obama. It matters.
[ Original version awaiting moderation as comment on Maxthon Browser Beats Chrome and Tops HTML5 Test! | Tech18]
There are major problems with the so-called “HTML5 Test" being cited here. Some are admitted to and rationalized at http://html5test.com/about.html but that apology for the test creator’s choices fails to address issues such as fundamental security problems with some tested features, incomplete specs of some HTML5 features, and unsettled issues of what new features will actually be included in HTML5. Any compliance test is premature and this particular test which arbitrarily hands out points for non-HTML5, deprecated, and incomplete features is a great demonstration of how bad such a test can be.
Maxthon may be a great browser, but it says nothing good about its developer that he cites this lousy test.
Concerning the nature of a woman of computer science
A long-form response to Ionic, who, in essence, has found woman’s dedication lacking, if she...
Remembering my dad, Jim Henson”
9/23/2011 03:52:00 PM
We’re thrilled to share this guest post by Brian Henson about his father—puppeteer, director...