Saturday, October 30, 2010
ITEM: More shots around Pittsburgh. The above is Donna's School of Dance in Murrysville. Leftover shots from my brief photo gig
Wednesday, October 27, 2010
But this is what the Daily Kos'es of the world are up against.
Here's a part of a new documentary about right wing Astro Turfers. It's called Astro Turf Wars. And no I don't think he's read or watched 80 percent of the bad books and movies that he downgrades.
Here's the ad I saw in Craigslist:
Election Jobs to Elect Democrats in PA!
Help Elect Democrats on November 2!
Hiring immediately to get out the vote from NOW until Election Day!
Full Time/Part Time/Volunteer
Earn $10 per hour
Call Pat @ 412-721-4769
- Location: Pittsburgh
- Compensation: $10/hour
- This is at a non-profit organization.
- Principals only. Recruiters, please don't contact this job poster.
- Phone calls about this job are ok.
- Please do not contact job poster about other services, products or commercial interests.
Markos Moulitsas, a man who has banned thousands of users (me included) from the Daily Kos with a system of thought crime censorship so pervasive it would frighten the ghost of George Orwell, is complaining that MSNBC has banned him. So, and I'm repeating the first line slightly because I'm trying to wrap my head around it, the man who bans people from making legitimate points that should be aired in the company of adults is now complaining that someone has banned him for making legitimate points that should be aired in the company of adults.
You know, despite being the official Pittsburgh atheism examiner, this makes me think there is a just gawd who metes out some kind of righteous Karmic justice. Who knows maybe the head of MSNBC tried to make a point at Kos and found himself with a pink slip unable to post. That can make a fella angry.
Cenk Ungar has written about the absudity of all this over at Firedoglake, where I haven't been banned and where I was so grateful for it that I sent them 10 bucks. I noticed in the comments that someone mentioned this:
"There is a “banned by Kos” merit badge."
And that reader is right. I know because there's one at the bottom of my website. I was banned because I mentioned Israel. We can't discuss that or the proxy wars that we fight for that country. Or why Israel is pushing for war with Iran. With most of our soldiers doing the dying of course. Mustn't be talked about in polite company even if it starts World War III. Such a minor thing that certainly wouldn't merit a review of all perspectives and opinions...right.
Unfortunately, that page where they kept the banners was removed from the web. Yet using the magics of "The Wayback Machine" I found those images and I'm posting all 15 of them here for our pleasure. Afterall , you may find yourself banned from Daily Kos too one day. In fact, if you have any integrity you probably will. You might as well know your brand.
The first one is "too lefty".
The second one is "mentioned armando".
The third one is "too independent".
The fourth one is, and the censorious overlord has many reasons for banishment,"insufficiently democrat".
The fifth one is "ideologically suspect".
The sixth one is "Naderite".
The seventh one is "socialist".
The eigth one is "rovian spy".
The ninth one is "agitator".
The tenth one is "free thinker".
The 11th one is "feminist".
The 12th one is the one found at the bottom of my own site.
The 13th one is "purist".
The 14th one is "concern troll".
The 15th one is, well, any reasons not already mentioned. I guess you can insert your own like "10.5 percent unemployment isn't a good thing and we should be screaming at the top of our lungs that unemployment benefits be extended."
Saturday, October 23, 2010
Check it out:
We should all hail the mighty Burger King logo at sunset.
Thursday, October 21, 2010
From the Huffington Post:
The NAACP reignited the debate over the extremism of Tea Parties on Wednesday, releasing a report alleging ongoing ties between hate groups and the movement, which the civil rights organization criticizes for giving a platform to anti-Semites, racists and bigots.
"The result of this study contravenes many of the Tea Parties' self-invented myths, particularly their supposedly sole concentration on budget deficits, taxes and the power of the federal government," reads the introduction to "Tea Party Nationalism," a joint project with the Institute for Research and Education on Human Rights. "Instead, this report found Tea Party ranks to be permeated with concerns about race and national identity and other so-called social issues."
On a call with reporters, NAACP President and CEO Benjamin Jealous was quick to point out that his organization has no problem with the Tea Party movement as a whole. "We have no problem with the Tea Party existing," he said. "We have no problem with the Tea Party expressing its views in the great debates in our great democracy. We do, however, have a problem when prominent Tea Party members who have direct ties to organizations like the Council of Conservative Citizens, are allowed to use Tea Party events to recruit people for those white supremacist groups. ... And most importantly, we have a problem when the majority of the Tea Parties stand silent and doesn't loudly condemn that sort of behavior."
Read the whole thing as they say.
By way of Raw Story:
In the 2010 midterm elections, Republicans may be returning to a game plan that has been effective at garnering the support of white voters while turning off minority voters.
MSNBC's Rachel Maddow noted Tuesday at least ten incidents of Republicans intentionally or unintentionally race baiting during the 2010 campaign.
By way of background, Republican Barry Goldwater lost the 1964 presidential race in a landslide. At the same time, he managed to win the southern states, something that no other Republican had done since Reconstruction. It is widely believed that Goldwater did this by promising to repeal the Civil Rights Act if elected.
Although the "Southern strategy" was in place in 1964, the phrase was not popularized until Richard Nixon's political strategist, Kevin Phillips, spoke to the New York Times in 1970:
From now on, the Republicans are never going to get more than 10 to 20 percent of the Negro vote and they don't need any more than that... but Republicans would be shortsighted if they weakened enforcement of the Voting Rights Act. The more Negroes who register as Democrats in the South, the sooner the Negrophobe whites will quit the Democrats and become Republicans. That's where the votes are. Without that prodding from the blacks, the whites will backslide into their old comfortable arrangement with the local Democrats.
Story continues below...
Republican National Committee Chairman Michael Steele admitted this year that the Republican Party had been using the Southern strategy for decades.
"For the last 40-plus years we had a ‘Southern Strategy’ that alienated many minority voters by focusing on the white male vote in the South," he told an audience at DePaul university in April.
In 2006, race baiting may have backfired when former Sen. George Allen lost his race after calling an opponent's staffer "Macaca," a slur used to describe the native population in Central Africa's Belgian Congo.
Maddow set out to highlight two or three occurrences of the strategy being used in this year's elections but instead found many more "1964 moments."
Republican Senate candidate from West Virginia John Raese has repeatedly mangled ethnic names. He called Supreme Court Justice Sonya Sotomayor "Sarah Morgan" and "Sarah Manorgan." He also referred to Energy Secretary Steven Chu as "Steven chow mein."
Read the whole thing.
Read the whole thing as they say.
Republicans and their outside allies seem to be spending money on two things this election. One is zillions and zillions of TV ads. The other is the usual voter suppression machine, designed to intimidate minorities and the poor.
In Illinois, Mark Kirk was caught on tape talking about a “voter integrity” program that he will deploy in black neighborhoods on Election Day. This is how it’s always pitched, as an anti-fraud measure, despite the fact that there’s no evidence whatsoever of voter fraud occurring on any major scale anywhere in the country for the last 30 years. Alexi Giannoulias, Kirk’s opponent for US Senate in Illinois, told it like it is in a debate yesterday:
Saturday, October 16, 2010
This is an actual house in Murrysville. I always thought that the geodesic structure was cool. It's supposed to be warmer in the winter and cooler in the summer if I remember the rules for such homes. Looks like its about to lift off.
ITEM: I think the Green Party should go all in for their senate candidates in Arkansas and South Carolina. The Dems have nothing there (Greene and Lincoln or the Dumb and the Corrupt) so no one can accuse the Greens of being spoilers. They should attempt to raise a million each for both of them and run ads the final 10 days. Or my new organization can do it if they lack the organization to do it or more importantly, if they refuse to ask for enough money to actually compete and win.
Hey, I can at least ask to do it. More on this later.
ITEM: I don't know why Eli isn't proclaiming his Open Fear about my Peter Parker like photog gifts. That might be because he's a slightly better photographer (see here) who uses one of them fancy dan cameras. Or it might be the shoes.
Sunday, October 10, 2010
ITEM: Took a freelance job doing photos for what I hope will be a couple of months. How does it look? Watch out Mark Southers and Eli. I'm comin'...hard.
Friday, October 08, 2010
Here's the report in its entirety:
Hacking the D.C. Internet Voting Pilot
The District of Columbia is conducting a pilot project to allow overseas and military voters to download and return over the Internet. Before opening the system to real voters, D.C. has been holding a test period in which they've invited the public to evaluate the system's security and usability.
This is exactly the kind of open, public testing that many of us in the e-voting University of Michigan, including my PhD students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff.— including me — have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days' notice. I assembled a team from the
Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.
D.C.'s pilot system
The D.C. system is built around an open source server-side application developed in partnership with the TrustTheVote project. Under the hood, it looks like a typical web application. It's written using the popular Ruby on Rails framework and runs on top of the Apache web server and MySQL database.
Absentee overseas voters receive a physical letter in the mail instructing them to visit a D.C. web site, http://www.dcboee.us/DVM/, and log in with a unique 16-character PIN. The system gives voters two options: they can download a PDF ballot and return it by mail, or they can download a PDF ballot, fill it out electronically, and then upload the completed ballot as a PDF file to the server. The server encrypts uploaded ballots and saves them in encrypted form, and, after the election, officials transfer them to a non-networked PC, where they decrypt and print them. The printed ballots are counted using the same procedures used for mail-in paper ballots.
A small vulnerability, big consequences
We found a vulnerability in the way the system processes uploaded ballots. We confirmed the problem using our own test installation of the web application, and found that we could gain the same access privileges as the server application program itself, including read and write access to the encrypted ballots and database.
The problem, which geeks classify as a “shell-injection vulnerability,” has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter:
gpg […] /tmp/stream,28957,0.pdf.
We realized that although the server replaces the filename with an automatically generated name (“stream,28957,0” in this example), it keeps whatever file extension the voter provided. Instead of a file ending in “.pdf,” we could upload a file with a name that ended in almost any string we wanted, and this string would become part of the command the server executed. By formatting the string in a particular way, we could cause the server to execute commands on our behalf. For example, the filename “ballot.$(sleep 10)pdf” would cause the server to pause for ten seconds (executing the “sleep 10” command) before responding. In effect, this vulnerability allowed us to remotely log in to the server as a privileged user.
Our demonstration attacks
D.C. launched the public testbed server on Tuesday, September 28. On Wednesday afternoon, we began to exploit the problem we found to demonstrate a number of attacks:
- We collected crucial secret data stored on the server, including the database username and password as well as the public key used to encrypt the ballots.
- We modified all the ballots that had already been cast to contain write-in votes for candidates we selected. (Although the system encrypts voted ballots, we simply discarded the and replaced them with different ones that we encrypted using the same key.) We also rigged the system to replace future votes in the same way.
- We installed a back door that let us view any ballots that voters cast after our attack. This modification recorded the votes, in unencrypted form, together with the names of the voters who cast them, violating ballot secrecy.
- To show that we had control of the server, we left a “calling card” on the system's confirmation screen, which voters see after voting. After 15 seconds, the page plays the University of Michigan fight song. Here's a demonstration.
Stealthiness wasn't our main objective, and our demonstration had a much greater footprint inside the system than a real attack would need. Nevertheless, we did not immediately announce what we had done, because we wanted to give the administrators an opportunity to exercise their intrusion detection and recovery processes — an essential part of any online . Our attack remained active for two business days, until Friday afternoon, when D.C. officials took down the testbed server after several testers pointed out the fight song.
Based on this experience and other results from the public tests, the D.C.and Ethics has announced that they will not proceed with a live deployment of electronic ballot return at this time, though they plan to continue to develop the system. Voters will still be able to download and print ballots to return by mail, which seems a lot less risky.
D.C. officials brought the testbed server back up today (Tuesday) with the electronic ballot return mechanism disabled. The public test period will continue until Friday, October 8.
What this means for Internet voting
The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We've found a number of other problems in the system, and everything we've seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I'm confident that we would have found another way to attack the system.
None of this will come as a surprise to Internet security experts, who are familiar with the many kinds of attacks that major web sites suffer from on a daily basis. It may someday be possible to build a secure method for submitting ballots over the Internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today's security technology.We plan to write more about the problems we found and their implications for Internet voting in a forthcoming paper
Read the full story at Firedoglake.
Thursday, October 07, 2010
Irrational thought systems need irrational systems of poverty and misery to grow and thrive. The poor usually don't have, and they certainly aren't taught, the critical thinking skills you need to counteract religious and superstitious nonsense.
Really, the first goal of anyone who wants to rid the world of dangerous delusional thinking is to rid the world of world poverty. Remember: the fundamentalism abroad, and you can take your pick of Iran, Iraq and various other countries, usually starts with an American government taking out a democratically elected leader and putting in some Shah or other thug....Ayatollahs need Shahs. Tea parties need high unemployment and joblessness...
Just a thought....