12/31/2014 archive

Punting the Pundits

“Punting the Pundits” is an Open Thread. It is a selection of editorials and opinions from around the news medium and the internet blogs. The intent is to provide a forum for your reactions and opinions, not just to the opinions presented, but to what ever you find important.

Thanks to ek hornbeck, click on the link and you can access all the past “Punting the Pundits”.

Follow us on Twitter @StarsHollowGzt

New York Times Editorial: When New York City Police Walk Off the Job

Many members of the New York Police Department are furious at Mayor Bill de Blasio and, by extension, the city that elected him. They have expressed this anger with a solidarity tantrum, repeatedly turning their backs to show their collective contempt. But now they seem to have taken their bitterness to a new and dangerous level – by walking off the job. [..]

And for what? [..]

The list of grievances adds up to very little, unless you look at it through the magnifying lens of resentment fomented by union bosses and right-wing commentators. The falling murder rate, the increased resources for the department, the end of quota-based policing, which the police union despised, the mayor’s commitment to “broken-windows” policing – none of that matters, because many cops have latched on to the narrative that they are hated, with the mayor orchestrating the hate. [..]

Mr. de Blasio has a responsibility to lead the city out of this impasse, and to his credit has avoided inflaming the situation with hasty or hostile words. But it’s the Police Department that needs to police itself. Rank-and-file officers deserve a department they can be proud of, not the insular, defiant, toxically politicized constituency that Mr. Lynch seems to want to lead.

Sen. Bernie Sanders: Fight for Our Progressive Vision

As I look ahead to this coming year, a number of thoughts come to mind.

First and foremost, against an enormous amount of corporate media noise and distraction, it is imperative that we not lose sight of what is most important and the vision that we stand for. We have got to stay focused on those issues that impact the lives of tens of millions of Americans who struggle every day to keep their heads above water economically, and who worry deeply about the kind of future their kids will have.

Yes. We make no apologies in stating that the great moral, economic and political issue of our time is the growing level of income and wealth inequality in our nation. It is a disgrace to everything this country is supposed to stand for when the top one-tenth of 1 percent owns almost as much wealth as the bottom 90 percent, and when one family (the Waltons) owns more wealth than the bottom 40 percent. No. The economy is not sustainable when the middle class continues to disappear and when 95 percent of all new income generated since the Wall Street crash goes to the top 1 percent. In order to create a vibrant economy, working families need disposable income. That is often not the case today.

Joan Walsh: New York’s epic white backlash: How a horrid 1960s relic is still with us today

I grew up in New York in the 1960s and 70s saying a prayer whenever I heard a siren – a prayer for whomever the siren wailed, and a prayer for the men behind the siren, the policemen and firemen risking their lives every day, my uncles (and later cousins) among them. That’s what my mother taught me. I still find myself doing it sometimes. [..]

Now I live in New York again, for the first time since the 1970s, and again New York is in turmoil over the police –  not just over the killings of Garner and other unarmed black men, but over the murders of two police officers, Rafael Ramos and Wenjian Liu, in Brooklyn on Dec. 20.  White New Yorkers fear a return to the bad old days of riots, escalating crime and attacks on police. In the 1970s, 46 officers were killed in the line of duty, according to the New York Times, and 41 more in the 1980s. Before these latest murders, the last police killing was in 2011.

Black New Yorkers say the bad old days – of police abuse – never ended. The loudest voices are on the extremes, shouting down those who are trying to find common ground.

David Dayen: 2015′s biggest days for politics: Salon’s handy calendar for the next year

Want to know which critical deadlines Republicans will sneakily try to exploit? Bookmark this timeline as a guide

The conventional wisdom is that the 114th Congress will feature mostly angry white men in suits yelling about something or other, without the normal output from a legislative branch, like “legislation.” The passage of the CRomnibus should put that theory to rest. Republicans were able to slide dozens of policy riders into a must-pass bill, with Democrats and the White House agreeing to the changes amid the risk of a government shutdown. GOP legislators are salivating at the prospect of running this movie over and over again in the final two years of the Obama presidency.

Fortunately for the Republicans, they will have quite a few opportunities to test this model, in their first year of total congressional control since 2006. The 2015 calendar is littered with a series of critical deadlines, which Republicans will surely try to exploit. You can pretty much throw out the rest of the year and just tune in to Congress around these deadline dates, most likely the only times when anything of import will actually happen. Here’s your congressional calendar for the next year:

On This Day In History December 31

This is your morning Open Thread. Pour your favorite beverage and review the past and comment on the future.

Find the past “On This Day in History” here.

December 31 is the 365th day of the year (366th in leap years) in the Gregorian calendar. The last day of the year in the Gregorian calendar, it is widely known as New Year’s Eve.

On this day in 1759, Arthur Guinness signs a 9,000 year lease at £45 per annum and starts brewing Guinness.

Guiness is a popular Irish dry stout. Guinness is directly descended from the porter style that originated in London in the early 18th century and is one of the most successful beer brands worldwide.

A distinctive feature is the burnt flavour which is derived from the use of roasted unmalted barley (though this is a relatively modern development since it did not become a part of the grist until well into the 20th century). For many years a portion of aged brew was blended with freshly brewed product to give a sharp lactic flavour (which was a characteristic of the original Porter).

Although the palate of Guinness still features a characteristic “tang”, the company has refused to confirm whether this type of blending still occurs. The thick creamy head is the result of the beer being mixed with nitrogen when being poured. It is popular with Irish people both in Ireland and abroad and, in spite of a decline in consumption since 2001[1], is still the best-selling alcoholic drink in Ireland where Guinness & Co. makes almost €2 billion annually.

The company had its headquarters in London from 1932 onwards. It merged with Grand Metropolitan plc in 1997 and then figured in the development of the multi-national alcohol conglomerate Diageo.

Arthur Guinness started brewing ales from 1759 at the St. James’s Gate Brewery, Dublin. On 31 December he signed (up to) a 9,000 year lease at £45 per annum for the unused brewery. Ten years later on 19 May 1769 Guinness exported his ale for the first time, when six and a half barrels were shipped to England.

Guinness is sometimes believed to have invented stout,[citation needed] however the first known use of the word stout in relation to beer appears in a letter in the Egerton Manuscript dated 1677, almost 50 years before Arthur Guinness was born.

Arthur Guinness started selling the dark beer porter in 1778. The first Guinness beers to use the term were Single Stout and Double Stout in the 1840s.

The breweries pioneered several quality control efforts. The brewery hired the statistician William Sealy Gosset in 1899, who achieved lasting fame under the pseudonym “Student” for techniques developed for Guinness, particularly Student’s t-distribution and the even more commonly known Student’s t-test.

Guinness brewed their last porter in 1974.

Guinness has also been referred to as “the black stuff” and as a “Pint of Plain” – referred to in the famous refrain of Flann O’Brien’s poem “The Workman’s Friend”: “A pint of plain is your only man.”

Have A Private New Year

One of the key components of a secure and private Internet connection is The Onion Relay Project, commonly known as Tor after its browser, a variation of the popular open source Firefox.

Recently the FBI announced that it had arrested 17 people and brought down over 400 sites including the infamous “Silk Road 2.0”.

Does that mean Tor is broken?  Not so much apparently.

Did the FBI Break Tor?

By Naomi Gingold, Slate

Dec. 8 2014 8:49 AM

This past July Tor announced it had shut down a five-month-long combined “Sybil” and “traffic confirmation attack,” allegedly carried out by researchers at CERT, a computer security research institute at Carnegie Mellon University.



A traffic confirmation attack is one of the most well-known ways to assault Tor. To carry it out, you need to be able to control the first and last relays of Tor circuits. Once in control, you secretly tag data packets when they enter the network and check those tags when they exit. This way you can figure out who is talking to whom.

A common way to gain control of those relays is through a “Sybil attack,” where you flood the system with your own relays, so that you can dominate parts of the network. (Recent research shows that it’s not that expensive to do this; after all, there are only 6,000-plus relays currently on Tor.) This Sybil attack exploits an inherit vulnerability of Tor’s design: its reliance on volunteers to create the network.

As it turns out the FBI was able to make these cases through traditional police methods (finding a weak link in the organization and threatening and lying to them in order to get them to implicate others).  However another group, the Lizard Squad (best known for hacking game servers and consoles), has also been attempting to compromise Tor security using a Sybil attack.

The Attack on the Hidden Internet

Marc Rogers, The Daily Beast

12/29/14

Most recently, it’s Tor’s ability to provide websites with a private “onion” address that has been hitting the headlines. “Onion” addresses are private addresses that can only be reached after connecting through Tor’s layers of anonymity. Ordinary Web browsers can’t see the site, in other words-protecting it from government censors. Seen both as a way to make websites used by activists accessible in countries governed by hostile regimes and as a way to host websites carrying illegal products and services, this part of the Tor network is now known as a central component of the “darknet” or “deep web.”



Over the space of a few hours on Friday, Lizard Squad registered a little more than 3,000 Tor relays. Relays are special computers that Tor uses to anonymously transmit traffic across the Internet. Comprised entirely of volunteered machines, the larger and more distributed this network of relays is, the better for the network and its users. So it’s understandable that the Tor folks wanted to make it as easy as possible to add new relays to the network, allowing it to grow. However, it appears it is this very open nature that the Lizard Squad is attempting to exploit.



Networks like Tor have long been considered to be vulnerable to an attack known as a “Sybil” attack, named after the famous 1973 book about the woman suffering from multiple personality disorder. The attack relies on flooding the network with fake nodes, or identities, until enough of them are present that the operator of those fake nodes can use them to influence or control the network. It’s like poisoning a party by overloading it with assholes.

Just how many fake nodes would be needed in order to pull off a successful Sybil attack against Tor is not known. Luckily, Tor was prepared for this sort of assault, and has built-in defenses to protect against it.

Tor’s administrators have to allow new nodes to connect and play a trusted role in the network. So to enable this while protecting the network, it has a system of evaluation that cycles the new node through several distinct phases before loading it up with traffic. This means that for the first few days the node essentially sees no traffic until the network is confident about it and its reliability.

As a result, while the 3,021 nodes added by Lizard Squad looked like a significant chunk of Tor’s more than 6,000-node network, they actually carried less than 1 percent of Tor’s traffic. Most importantly, they were all deleted long before that percentage could rise any higher. So, while Lizard Squad’s latest attack against the Internet’s most important anonymity network is troublesome, it was also completely harmless-this time. There is a lot of residual concern that Lizard Squad was able to get even this far. One of the biggest concerns is that if they had been more patient and subtler about how they executed this attack, it’s possible that they could have added relays slowly, across a wide range of networks, in such a way that they became trusted integral parts of the Tor network. At that point, who knows what they could have been capable of.

Even so the Tor browser when properly used and end-to-end encryption are the best way to protect yourself against casual snooping, including by Government Agencies.  How do we know this?  Der Spiegel has just published a piece based on the Snowden Papers showing the “threat” (meaning difficulty in illegally spying on you) the NSA considers various practices and programs.

Prying Eyes: Inside the NSA’s War on Internet Security

By Jacob Appelbaum, Aaron Gibson, Christian Grothoff, Andy Müller-Maguhn, Laura Poitras, Michael Sontheimer and Christian Stöcker, Der Spiegel

12/28/14

For the NSA, encrypted communication — or what all other Internet users would call secure communication — is “a threat”. In one internal training document viewed by SPIEGEL, an NSA employee asks: “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?”



The Snowden documents reveal the encryption programs the NSA has succeeded in cracking, but, importantly, also the ones that are still likely to be secure. Although the documents are around two years old, experts consider it unlikely the agency’s digital spies have made much progress in cracking these technologies. “Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said in June 2013, after fleeing to Hong Kong.



As one document from the Snowden archive shows, the NSA had been unsuccessful in attempts to decrypt several communications protocols, at least as of 2012. An NSA presentation for a conference that took place that year lists the encryption programs the Americans failed to crack. In the process, the NSA cryptologists divided their targets into five levels corresponding to the degree of the difficulty of the attack and the outcome, ranging from “trivial” to “catastrophic.”



Things first become troublesome at the fourth level. The presentation states that the NSA encounters “major” problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user’s information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.

The NSA also has “major” problems with Truecrypt, a program for encrypting files on computers. Truecrypt’s developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Things become “catastrophic” for the NSA at level five – when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a “near-total loss/lack of insight to target communications, presence,” the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. “It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque,” says RedPhone developer Moxie Marlinspike.

Also, the “Z” in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. “No decrypt available for this PGP encrypted message,” a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.

Phil Zimmermann wrote PGP in 1991. The American nuclear weapons freeze activist wanted to create an encryption program that would enable him to securely exchange information with other like-minded individuals. His system quickly became very popular among dissidents around the world. Given its use outside the United States, the US government launched an investigation into Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.

PGP continues to be developed and various versions are available today. The most widely used is GNU Privacy Guard (GnuPG), a program developed by German programmer Werner Koch. One document shows that the Five Eyes intelligence services sometimes use PGP themselves. The fact is that hackers obsessed with privacy and the US authorities have a lot more in common than one might initially believe. The Tor Project, was originally developed with the support of the US Naval Research Laboratory.

Today, NSA spies and their allies do their best to subvert the system their own military helped conceive, as a number of documents show. Tor deanonymization is obviously high on the list of NSA priorities, but the success achieved here seems limited. One GCHQ document from 2011 even mentions trying to decrypt the agencies’ own use of Tor — as a test case.

To a certain extent, the Snowden documents should provide some level of relief to people who thought nothing could stop the NSA in its unquenchable thirst to collect data. It appears secure channels still exist for communication. Nevertheless, the documents also underscore just how far the intelligence agencies already go in their digital surveillance activities.

Having used Tor on an experimental basis I’ll tell you the experience is very much like moving from 98 SE to XP 64 in that it’s mostly notable for the many things you used to do and programs that used to work that simply don’t anymore because they’re insecure.  Now this is either an insurmountable hardship for you or it isn’t.  I’ve found that as time progresses I have less and less use for my old stuff which I still have available anyway on my dusty machines that worked until I turned them off.