Ahhh work, that most marvelous of pursuits that keeps food on the table.
Today was my first official day of work as a full time employee of Gigantomegabankcorp North America, where I have been a contractor for 26 months.
Going from Contractor to FTE means bennies, paid time off (25 days a year actually. Woo hoo), and job security (at least to the degree that it exists anywhere today).
I am officially classified as an "authorized homeworker or telecommuter", for which I get to work at home; and the bank gets a tax credit, since I'm not out there every day clogging up the roads, and burning up the gas.
Nice deal all around eh?
However, for things such as receiving and filling out and submitting the 400 pages of HR paperwork, you kind of have to be in a physical office location.
...That's not a joke or an exaggeration by the way. Between the general employment paperwork, Homeland Security paperwork, federal tax paperwork, Arizona tax paperwork, medical insurance, dental insurance, optical insurance, life insurance, AD&D, long term care coverage, healthcare savings account, 401k, employee stock purchase plan, employee credit card, employee checking, savings, and money market accounts, direct deposit, security forms, badge forms, non disclosure form, health and safety forms, electronic and information security forms, building safety forms, employee handbook acknowledgment, sexual harassment policy acknowledgment, terms of use acknowledgment, disciplinary procedures acknowledgment, environmental disclosures, and the checklists to keep track of them all; I had to deal with over 100 form pages requiring filling in, and approximately 300 pages of reference materials.
How is it we make money again?
Of course to fill all of this in, I had to get to the office at 8:30, meet an admin assistant so she could let me in to do my badge paperwork (my old contractor badge is officially no good; I had to get a visitor badge until they could issue me a new "team member" badge) so I could get my badge, and my two large "packets" (I use the term loosely as together they weigh about 5 lbs and are 3 inches thick) of reference materials and forms to fill out.
Amazingly enough, this is after a HUGE paperwork REDUCTION, and moving "most" of the HR, tax, wage, and benefit forms online.
Seriously.
Why exactly I had to go to the office to do this, when all I ended up doing was filling it all in while borrowing someone else's cubicle, then dropping it into interoffice mail, and faxing copies of my homeland security form...
Oh wait....
..Riiiiiight
I have to do it in the office, so they can get a photocopy of my drivers license and social security card, witnessed by another employee for the homeland security form (Oh and the fax is insufficient, they have to have the hardcopy, but it has to be on file within three days, and it may be delayed so we had to fax it).
Remind me again how we make money... and why it is that we have a "homeland security" department, checking up on my work status?
...Riiiiiiight
Ahhh the joys of working for Gigantomegabankcorp North America in America today.
We ARE in America...
Aren't we?
The Random Mumblings of a Disgruntled Muscular Minarchist
Igitur qui desiderat pacem praeparet bellum
Monday, June 30, 2008
Sunday, June 29, 2008
Friday, June 27, 2008
When you really need to stop for a refreshing pause
What are you REALLY voting for?
Yesterday, the supreme court announced that the constitution actually means what it says, and that it's OK if we want to exercise our pre-existing and fundamental rights... at least most of the time, presuming we follow the allowed restrictions...
Don't get me wrong, I'm very happy about Heller, and I think it's a better ruling than many would have you believe (not that it won't require literally decades of litigation to resolve those issues)...
...My problem here is that there had to be a supreme court decision on this; not to determine how much the government could restrict a fundamental right, but whether that right even existed at all.
The even bigger problem I have with this, is that about 30% of the population have convinced themselves that it doesn't; and that among that 30% are a strong minority of our national legislature (there are some pro gun democrats, and some anti-gun republicans), and a not insignificant minority of our state legislatures (about 15% of the state legislatures outright, and presumably anywhere from 15 to 30% of the legislators in the rest of the states).
Even a member of the supreme court, construed the very concept of the limitation of government so obscenely, that he was openly mocked by another; to wit:
Stevens is either a liar, a fool, or disingenuously dissembling to make a fundamental right into nothing more than a hindrance to government.. which is by far the worst interpretation of his actions, and unfortunately I think the correct one. It makes him both craven, and a clear enemy of the core principles of liberty and limited government.
... but 30% of the population agrees with him.
... and that frightens me.
Now, that wouldn't really be an issue, except for one thing: That 30% controls one of the major political parties in this country.
Which also wouldn't be TOO much of a problem, except for one other thing: That 30 percent also controls 4 members of the 9 member supreme court.
Yesterdays decision on Heller was 5-4 in favor of the idea that the government cannot abrogate our fundamental rights by force of law; except in certain strictly limited ways.
5-4...
There were four justices of the supreme court who voted against the very foundation of our limited government.... In fact against the very IDEA of any real limitation on government, as I see it.
And it's not just about guns (though Silveira and Fincher are certainly illustrative), it's also about Angel Raich, and Susette Kelo, and all the other decisions favoring government over the rights of the people.
Those four justices have been reliable votes against freedom, liberty, and limitation of government (they were frequently joined by Anthony Kennedy, and now retired Sandra Day O'Connor. I also don't discount the fact that on occasion even the so called "conservative justices have also voted against liberty)
5-4...
So, at this point, there comes a decision.
In 2008, this country will choose our next president. We have two choices (yes, only two. Don't try and pretend otherwise).
In addition to the veto pen, and the office of commander in chief; the next president is likely to select at least one, and possibly as many as three justices for the supreme court. If they get two terms, an even money shot historically; they may be selecting as many as five justices.
Barack Obama is one of the 30%, and unabashedly so.
John McCain is one of those people who have deluded themselves into thinking there is a balance to be struck between the rights of individuals, and government. He's wrong, in some ways disastrously so (BCRA for example); but he isn't actively promoting the position that individual rights are superseded by "governments rights" (which don't exist).
Obviously, neither are good; but one is clearly worse.
More importantly though, is the realization that indeed we ARE in a two party game; and what that game really is.
One party is controlled by those utterly hostile to the notion of individual rights; the other is controlled by people who believe in individual rights but disregard them when it suits them.
One party is the 30%, the other isn't.
For those of you who say "I don't vote for the party I vote for the man", or "Continuing to vote for the lesser of two evils is rewarding their bad behavior. We should teach them a lesson"...
Let me be blunt: Grow the hell up, wake the hell up, and get your head back into the real world where it belongs.
Let's face it folks, we ARE in a two party system. No matter what the Libertarian party wants to believe about its own relevance (and nominating Bob Barr showed they really don't care so long as they can get enough press to get 4% in the general and qualify for automatic ballot inclusion and matching funding) a vote for anyone other than John McCain, is a vote for Barack Obama.
I'm even tempted to say not voting is the same as voting for Obama.
Welcome back to the real world folks; where there hasn't been someone you could actually vote FOR (as opposed to voting against), since around 1817. All you can do now, is vote against the worse guy (or rather, the worse party).
Of course that's "OK" because you don't actually vote for the president, you're voting for the party; and as much as we are not a parliamentary system and that should NOT be the case, it is.
The president himself has very little to do with how the country is run, except in crises. The party, who fill in all the blanks for appointees and bureaucrats, really chooses who runs things and how.
So, you can vote for the 30%, or you can vote for the other guy, but as the game is right now, there is no third choice.
I'll take the other guy thank you.
I'm not saying I like it, or that you have to like it. I'm saying that's how it is whether you like it or not, and deluding yourself into thinking otherwise is ridiculous and harmful.
So either play the game by the rules, don't play the game, or change the rules.
Don't get me wrong, I'm very happy about Heller, and I think it's a better ruling than many would have you believe (not that it won't require literally decades of litigation to resolve those issues)...
...My problem here is that there had to be a supreme court decision on this; not to determine how much the government could restrict a fundamental right, but whether that right even existed at all.
The even bigger problem I have with this, is that about 30% of the population have convinced themselves that it doesn't; and that among that 30% are a strong minority of our national legislature (there are some pro gun democrats, and some anti-gun republicans), and a not insignificant minority of our state legislatures (about 15% of the state legislatures outright, and presumably anywhere from 15 to 30% of the legislators in the rest of the states).
Even a member of the supreme court, construed the very concept of the limitation of government so obscenely, that he was openly mocked by another; to wit:
"The majority would have us believe that over 200 years ago, the Framers made a choice to limit the tools available to elected officials wishing to regulate civilian uses of weapons." -- Associate Supreme Court Justice John Paul StevensYES, that is EXACTLY what the framers did; that is in fact the entire purpose of the second amendment, and the bill of rights as a whole;. and anyone who in any way does not understand that has no business being a citizen of this country, never mind being a supreme court justice.
Stevens is either a liar, a fool, or disingenuously dissembling to make a fundamental right into nothing more than a hindrance to government.. which is by far the worst interpretation of his actions, and unfortunately I think the correct one. It makes him both craven, and a clear enemy of the core principles of liberty and limited government.
... but 30% of the population agrees with him.
... and that frightens me.
Now, that wouldn't really be an issue, except for one thing: That 30% controls one of the major political parties in this country.
Which also wouldn't be TOO much of a problem, except for one other thing: That 30 percent also controls 4 members of the 9 member supreme court.
Yesterdays decision on Heller was 5-4 in favor of the idea that the government cannot abrogate our fundamental rights by force of law; except in certain strictly limited ways.
5-4...
There were four justices of the supreme court who voted against the very foundation of our limited government.... In fact against the very IDEA of any real limitation on government, as I see it.
And it's not just about guns (though Silveira and Fincher are certainly illustrative), it's also about Angel Raich, and Susette Kelo, and all the other decisions favoring government over the rights of the people.
Those four justices have been reliable votes against freedom, liberty, and limitation of government (they were frequently joined by Anthony Kennedy, and now retired Sandra Day O'Connor. I also don't discount the fact that on occasion even the so called "conservative justices have also voted against liberty)
5-4...
So, at this point, there comes a decision.
In 2008, this country will choose our next president. We have two choices (yes, only two. Don't try and pretend otherwise).
In addition to the veto pen, and the office of commander in chief; the next president is likely to select at least one, and possibly as many as three justices for the supreme court. If they get two terms, an even money shot historically; they may be selecting as many as five justices.
Barack Obama is one of the 30%, and unabashedly so.
John McCain is one of those people who have deluded themselves into thinking there is a balance to be struck between the rights of individuals, and government. He's wrong, in some ways disastrously so (BCRA for example); but he isn't actively promoting the position that individual rights are superseded by "governments rights" (which don't exist).
Obviously, neither are good; but one is clearly worse.
More importantly though, is the realization that indeed we ARE in a two party game; and what that game really is.
One party is controlled by those utterly hostile to the notion of individual rights; the other is controlled by people who believe in individual rights but disregard them when it suits them.
One party is the 30%, the other isn't.
For those of you who say "I don't vote for the party I vote for the man", or "Continuing to vote for the lesser of two evils is rewarding their bad behavior. We should teach them a lesson"...
Let me be blunt: Grow the hell up, wake the hell up, and get your head back into the real world where it belongs.
Let's face it folks, we ARE in a two party system. No matter what the Libertarian party wants to believe about its own relevance (and nominating Bob Barr showed they really don't care so long as they can get enough press to get 4% in the general and qualify for automatic ballot inclusion and matching funding) a vote for anyone other than John McCain, is a vote for Barack Obama.
I'm even tempted to say not voting is the same as voting for Obama.
Welcome back to the real world folks; where there hasn't been someone you could actually vote FOR (as opposed to voting against), since around 1817. All you can do now, is vote against the worse guy (or rather, the worse party).
Of course that's "OK" because you don't actually vote for the president, you're voting for the party; and as much as we are not a parliamentary system and that should NOT be the case, it is.
The president himself has very little to do with how the country is run, except in crises. The party, who fill in all the blanks for appointees and bureaucrats, really chooses who runs things and how.
So, you can vote for the 30%, or you can vote for the other guy, but as the game is right now, there is no third choice.
I'll take the other guy thank you.
I'm not saying I like it, or that you have to like it. I'm saying that's how it is whether you like it or not, and deluding yourself into thinking otherwise is ridiculous and harmful.
So either play the game by the rules, don't play the game, or change the rules.
Thursday, June 26, 2008
A Human Right, A Civil Right: Fundamental, Pre-existing, Strictly Scrutinized, Universal, and Incorporated
This morning, I'm noting a lot of ill informed ...or perhaps just informed by misunderstanding of the text... opinions and statements regarding the historic Heller ruling on the scope and applicability of the 2nd amendment.
This of course is unsurprising when many people of varying levels of knowledge about law, history, and firearms have just a short time to digest a 90 page majority opinion and another 70 pages of dissents and cites.
In the table below, I've selected out the critical passages, and highlighted some of those I consider most instructive or important.
Briefly, I need to specifically address some points:
1. Incorporation: Scalia makes it clear in his majority opinion that the second amendment is a fundamental right, that must be treated the same as other fundamental rights such as the first amendment. He specifically notes it in respect to the 14th amendment NUMEROUS times. This decision will be applied universally within the domain of the court, and should be considered controlling upon the states (this is clarified in the later references by the way).
2. Universality: This decision applies to all within the jurisdiction of the court. Excepting prohibited persons (and there is a clear definition under federal law of who those persons are by the way), all individuals under the jurisdiction of U.S. law, have the right to keep and bear arms.
3. Scrutiny: Again, this issue is clear. Though in the opinion itself Scalia does not explicitly state that second amendment issues should be reviewed with strict scrutiny, this is made clear in the text by equating the 2nd amendment with the first, 4th, 14th etc... Further, Scalia explicitly dismisses Stevens call for a "balance of interests" standard of medium scrutiny. This is in effect strict scrutiny, with certain well defined exceptions (such as for felons, the insane, and weapons of mass destruction).
4. Class III (machine guns and other): This one is mixed. Although the majority expresses that some restrictions are permissible, it also explicitly denies outright bans. It is clear that weapons that are in the common usage and available to citizens, are protected. That includes machine guns (machine guns are not illegal for the general public to own, they are just very expensive and tightly restricted). Although Scalia points out that Miller said it was OK to ban short barreled shotguns, he also noted that the decision is flawed, because it only took judicial notice of what was presented to the court, and the apellant (Miller, though technically he was the respondent for the appeal to the supremes) never presented a case (he died before the date set for arguments, and his attorney didn't bother to show up).
Based on my reading, I would say that the current law prohibiting the new manufacture of machine guns for civilian sale after May of 1986 (actually that's not what it says, but that is how the ATF chose to interpret it) is out; after some long and difficult litigation. However, the door is open for other laws restricting such weapons, if properly written to pass constitutional scrutiny.
This of course applies to other weapon types specifically targeted for bans; for example the requirement that all weapons imported into the United States have a "sporting purpose", and that certain shotguns are considered "destructive devices" simply by arbitrary features; are also disallowed (again with the caveat that new laws could be written to pass a constitutional standard).
5. Scope: I think it is clear, though it will require significant litigation to hash out details; that no outright ban on any type of weapon (including machine guns as currently construed), excepting weapons of mass destruction, can stand muster. This means that all state "Assault weapons bans" will be struck down... eventually; along with magazine capacity bans, hollowpoint bullet bans etc... (though likely the ban on "armor piercing" handgun ammunition will continue).
I also think it is clear that there is significant room for licensing programs, and standards (including standards for weapons features and functionality)to be set, so long as the requirements for licensing are not discriminatory, arbitrary, capricious, or onerous. Of course, again, that is going to require years of litigation to define better.
I do think that clearly this means the end of Chicago gun laws, and most likely the radical reformation of laws in Massachusetts, New York, California, Hawaii, and New Jersey.
I should note that this does not mean universal "shall issue" concealed carry, but it almost certainly DOES mean that all states which allow concealed carry must allow it on a "shall issue" basis; using those standards as a guideline. Unless someone is a prohibited person, as spelled out under law since 1968, you MUST license them (presuming licensing exists).
Additionally, I believe this actually DOES set a requirement for lawful OPEN carry throughout the country; in that self defense is a recognized lawful, and traditional purpose of the bearing of arms.
And of course, this ruling does specifically allow for the restriction of carry of firearms in some ways, and some locations. As Scalia repeatedly says, no constitutionally protected rights are absolute (under the law).
Finally, any legislation that does not EXPLICITLY violate the above prohibitions, but would have the effect of doing so, is certainly disallowed. This means that standards for licensing, firearms design, dealer sale regulations etc... cannot be set so as to constitute an effective ban, or an onerous burden.
Now we just need to spend the next 15 years suing to define what constitutes an onerous burden.
Summary of Impact: So you can't ban guns, or any particular types of guns; you can't keep anyone not a prohibited person from buying, owning, keeping, bearing, and using guns for all lawful purposes (including self defense); you can license and set standards for guns to be sold, and for persons to purchase, own, keep, and bear them; but those standards cannot be discriminatory, arbitrary, capricious, or onerous.
Oh and of course, that doesnt get into the halo effect this has on other cases dealing with fundamental rights issues (remember how many times they state that this is simply protecting a pre-existing right).
Excerpts from the text of the majority decision:
This of course is unsurprising when many people of varying levels of knowledge about law, history, and firearms have just a short time to digest a 90 page majority opinion and another 70 pages of dissents and cites.
In the table below, I've selected out the critical passages, and highlighted some of those I consider most instructive or important.
Briefly, I need to specifically address some points:
1. Incorporation: Scalia makes it clear in his majority opinion that the second amendment is a fundamental right, that must be treated the same as other fundamental rights such as the first amendment. He specifically notes it in respect to the 14th amendment NUMEROUS times. This decision will be applied universally within the domain of the court, and should be considered controlling upon the states (this is clarified in the later references by the way).
2. Universality: This decision applies to all within the jurisdiction of the court. Excepting prohibited persons (and there is a clear definition under federal law of who those persons are by the way), all individuals under the jurisdiction of U.S. law, have the right to keep and bear arms.
3. Scrutiny: Again, this issue is clear. Though in the opinion itself Scalia does not explicitly state that second amendment issues should be reviewed with strict scrutiny, this is made clear in the text by equating the 2nd amendment with the first, 4th, 14th etc... Further, Scalia explicitly dismisses Stevens call for a "balance of interests" standard of medium scrutiny. This is in effect strict scrutiny, with certain well defined exceptions (such as for felons, the insane, and weapons of mass destruction).
4. Class III (machine guns and other): This one is mixed. Although the majority expresses that some restrictions are permissible, it also explicitly denies outright bans. It is clear that weapons that are in the common usage and available to citizens, are protected. That includes machine guns (machine guns are not illegal for the general public to own, they are just very expensive and tightly restricted). Although Scalia points out that Miller said it was OK to ban short barreled shotguns, he also noted that the decision is flawed, because it only took judicial notice of what was presented to the court, and the apellant (Miller, though technically he was the respondent for the appeal to the supremes) never presented a case (he died before the date set for arguments, and his attorney didn't bother to show up).
Based on my reading, I would say that the current law prohibiting the new manufacture of machine guns for civilian sale after May of 1986 (actually that's not what it says, but that is how the ATF chose to interpret it) is out; after some long and difficult litigation. However, the door is open for other laws restricting such weapons, if properly written to pass constitutional scrutiny.
This of course applies to other weapon types specifically targeted for bans; for example the requirement that all weapons imported into the United States have a "sporting purpose", and that certain shotguns are considered "destructive devices" simply by arbitrary features; are also disallowed (again with the caveat that new laws could be written to pass a constitutional standard).
5. Scope: I think it is clear, though it will require significant litigation to hash out details; that no outright ban on any type of weapon (including machine guns as currently construed), excepting weapons of mass destruction, can stand muster. This means that all state "Assault weapons bans" will be struck down... eventually; along with magazine capacity bans, hollowpoint bullet bans etc... (though likely the ban on "armor piercing" handgun ammunition will continue).
I also think it is clear that there is significant room for licensing programs, and standards (including standards for weapons features and functionality)to be set, so long as the requirements for licensing are not discriminatory, arbitrary, capricious, or onerous. Of course, again, that is going to require years of litigation to define better.
I do think that clearly this means the end of Chicago gun laws, and most likely the radical reformation of laws in Massachusetts, New York, California, Hawaii, and New Jersey.
I should note that this does not mean universal "shall issue" concealed carry, but it almost certainly DOES mean that all states which allow concealed carry must allow it on a "shall issue" basis; using those standards as a guideline. Unless someone is a prohibited person, as spelled out under law since 1968, you MUST license them (presuming licensing exists).
Additionally, I believe this actually DOES set a requirement for lawful OPEN carry throughout the country; in that self defense is a recognized lawful, and traditional purpose of the bearing of arms.
And of course, this ruling does specifically allow for the restriction of carry of firearms in some ways, and some locations. As Scalia repeatedly says, no constitutionally protected rights are absolute (under the law).
Finally, any legislation that does not EXPLICITLY violate the above prohibitions, but would have the effect of doing so, is certainly disallowed. This means that standards for licensing, firearms design, dealer sale regulations etc... cannot be set so as to constitute an effective ban, or an onerous burden.
Now we just need to spend the next 15 years suing to define what constitutes an onerous burden.
Summary of Impact: So you can't ban guns, or any particular types of guns; you can't keep anyone not a prohibited person from buying, owning, keeping, bearing, and using guns for all lawful purposes (including self defense); you can license and set standards for guns to be sold, and for persons to purchase, own, keep, and bear them; but those standards cannot be discriminatory, arbitrary, capricious, or onerous.
Oh and of course, that doesnt get into the halo effect this has on other cases dealing with fundamental rights issues (remember how many times they state that this is simply protecting a pre-existing right).
Excerpts from the text of the majority decision:
Held:
1. The Second Amendment protects an individual right to possess a
firearm unconnected with service in a militia, and to use that arm for
traditionally lawful purposes, such as self-defense within the home...
... 2. Like most rights, the Second Amendment right is not unlimited.
It is not a right to keep and carry any weapon whatsoever in any
manner whatsoever and for whatever purpose: For example, concealed
weapons prohibitions have been upheld under the Amendment
or state analogues.
The Court’s opinion should not be taken to cast doubt on longstanding prohibitions on the possession of firearms by felons and the mentally ill, or laws forbidding the carrying of firearms in sensitive places such as schools and government buildings, or laws imposing conditions and qualifications on the commercial sale of arms.
Miller’s holding that the sorts of weapons protected are those
“in common use at the time” finds support in the historical tradition
of prohibiting the carrying of dangerous and unusual weapons.
Pp. 54–56.
3. The handgun ban and the trigger-lock requirement (as applied to
self-defense) violate the Second Amendment.
The District’s total ban on handgun possession in the home amounts to a prohibition on an entire class of “arms” that Americans overwhelmingly choose for the lawful purpose of self-defense.
Under any of the standards of scrutiny the Court has applied to enumerated constitutional rights, prohibition—in the place where the importance of the lawful defense of self, family, and property is most acute—would fail constitutional muster.
Similarly, the requirement that any lawful firearm in the home be disassembled or bound by a trigger lock makes it impossible for citizens to use arms for the core lawful purpose of self-defense and
is hence unconstitutional.
Because Heller conceded at oral argument that the D. C. licensing law is permissible if it is not enforced arbitrarily and capriciously, the Court assumes that a license will satisfy his prayer for relief and does not address the licensing requirement.
Assuming he is not disqualified from exercising Second Amendment rights, the District must permit Heller to register his handgun and must issue him a license to carry it in the home.Affirmed..
* * *
We turn first to the meaning of the Second Amendment.
The Second Amendment provides: “A well regulated
Militia, being necessary to the security of a free State, the
right of the people to keep and bear Arms, shall not be
infringed.”
In interpreting this text, we are guided by the
principle that “The Constitution was written to be understood
by the voters; its words and phrases were used in
their normal and ordinary as distinguished from technical
meaning.”
Normal meaning may of course include an idiomatic
meaning, but it excludes secret or technical meanings that
would not have been known to ordinary citizens in the
founding generation.
* * *
“Right of the People.” The first salient feature of
the operative clause is that it codifies a “right of the people.”
The unamended Constitution and the Bill of Rights
use the phrase “right of the people” two other times, in the
First Amendment’s Assembly-and-Petition Clause and in
the Fourth Amendment’s Search-and-Seizure Clause. The
Ninth Amendment uses very similar terminology (“The
enumeration in the Constitution, of certain rights, shall
not be construed to deny or disparage others retained by
the people”). All three of these instances unambiguously
refer to individual rights, not “collective” rights, or rights
that may be exercised only through participation in some
corporate body...
...This contrasts markedly with the phrase “the militia” in
the prefatory clause. As we will describe below, the “militia”
in colonial America consisted of a subset of “the people”—
those who were male, able bodied, and within a
certain age range.
Reading the Second Amendment as
protecting only the right to “keep and bear Arms” in an
organized militia therefore fits poorly with the operative
clause’s description of the holder of that right as “the
people.”
We start therefore with a strong presumption that the
Second Amendment right is exercised individually and
belongs to all Americans.
* * *
... in the course of analyzing the meaning of
“carries a firearm” in a federal criminal statute, JUSTICE
GINSBURG wrote that “[s]urely a most familiar meaning is,
as the Constitution’s Second Amendment . . . indicate[s]:
‘wear, bear, or carry . . . upon the person or in the clothing
or in a pocket, for the purpose . . . of being armed and
ready for offensive or defensive action in a case of conflict
with another person.’ ”
We think that JUSTICE GINSBURG accurately captured the
natural meaning of “bear arms.” Although the phrase
implies that the carrying of the weapon is for the purpose
of “offensive or defensive action,” it in no way connotes
participation in a structured military organization.
* * *
Putting all of these textual elements together,
we find that they guarantee the individual right to
possess and carry weapons in case of confrontation.
This meaning is strongly confirmed by the historical background
of the Second Amendment.
We look to this because it has always been widely understood
that the Second Amendment, like the First and
Fourth Amendments, codified a pre-existing right.
The very text of the Second Amendment implicitly recognizes
the pre-existence of the right and declares only that it
“shall not be infringed.” As we said in United States v.
Cruikshank, 92 U. S. 542, 553 (1876), “This is not a right
granted by the Constitution. Neither is it in any manner
dependent upon that instrument for its existence. The
Second amendment declares that it shall not be infringed"
* * *
There seems to us no doubt, on the basis of both text
and history, that the Second Amendment conferred an
individual right to keep and bear arms. Of course the
right was not unlimited, just as the First Amendment’s
right of free speech was not, see, e.g., United States v.
Williams, 553 U. S. ___ (2008). Thus, we do not read the
Second Amendment to protect the right of citizens to carry
arms for any sort of confrontation, just as we do not read
the First Amendment to protect the right of citizens to
speak for any purpose.
* * *
We reach the question, then: Does the preface fit with
an operative clause that creates an individual right to
keep and bear arms? It fits perfectly, once one knows the
history that the founding generation knew and that we
have described above.
That history showed that the way
tyrants had eliminated a militia consisting of all the ablebodied
men was not by banning the militia but simply by
taking away the people’s arms, enabling a select militia or
standing army to suppress political opponents. This is
what had occurred in England that prompted codification
of the right to have arms in the English Bill of Rights.
The debate with respect to the right to keep and bear
arms, as with other guarantees in the Bill of Rights, was
not over whether it was desirable (all agreed that it was)
but over whether it needed to be codified in the Constitution.
* * *
We may as well consider at this point (for we will have
to consider eventually) what types of weapons Miller
permits.
Read in isolation, Miller’s phrase “part of ordinary
military equipment” could mean that only those
weapons useful in warfare are protected. That would be a
startling reading of the opinion, since it would mean that
the National Firearms Act’s restrictions on machineguns
(not challenged in Miller) might be unconstitutional,
machineguns being useful in warfare in 1939.
We think that Miller’s “ordinary military equipment” language must
be read in tandem with what comes after: “[O]rdinarily
when called for [militia] service [able-bodied] men were
expected to appear bearing arms supplied by themselves
and of the kind in common use at the time.” 307 U. S., at
179. The traditional militia was formed from a pool of
men bringing arms “in common use at the time” for lawful
purposes like self-defense. “In the colonial and revolutionary
war era, [small-arms] weapons used by militiamen
and weapons used in defense of person and home were one
and the same.”
As for the “hundreds of judges,” who have relied on the
view of the Second Amendment JUSTICE STEVENS claims we endorsed in
Miller: If so, they overread Miller. And their erroneous reliance upon
an uncontested and virtually unreasoned case cannot nullify the
reliance of millions of Americans (as our historical analysis has shown) upon the true meaning of the right to keep and bear arms.
In any event, it should not be thought that the cases decided by these judges
would necessarily have come out differently under a proper interpretation
of the right.
The amendment’s operative clause furthers the purpose announced
in its preface. We therefore read Miller to say
only that the Second Amendment does not protect those
weapons not typically possessed by law-abiding citizens
for lawful purposes, such as short-barreled shotguns.
* * *
It should be unsurprising that such a significant
matter has been for so long judicially unresolved.
For most of our history, the Bill of Rights was not thought
applicable to the States, and the Federal Government did
not significantly regulate the possession of firearms by
law-abiding citizens.
Other provisions of the Bill of Rights
have similarly remained unilluminated for lengthy periods.
This Court first held a law to violate the First
Amendment’s guarantee of freedom of speech in 1931,
almost 150 years after the Amendment was ratified, see
Near v. Minnesota ex rel. Olson, 283 U. S. 697 (1931), and
it was not until after World War II that we held a law
invalid under the Establishment Clause, see Illinois ex rel.
McCollum v. Board of Ed. of School Dist. No. 71, Champaign
Cty., 333 U. S. 203 (1948).
Even a question as basic
as the scope of proscribable libel was not addressed by this
Court until 1964, nearly two centuries after the founding.
See New York Times Co. v. Sullivan, 376 U. S. 254 (1964).
It is demonstrably not true that, as JUSTICE STEVENS
claims, post, at 41–42, “for most of our history, the invalidity
of Second-Amendment-based objections to firearms
regulations has been well settled and uncontroversial.”
For most of our history the question did not present itself.
* * *
Like most rights, the right secured by the Second
Amendment is not unlimited. From Blackstone through
the 19th-century cases, commentators and courts routinely
explained that the right was not a right to keep and
carry any weapon whatsoever in any manner whatsoever
and for whatever purpose...
...Although we do not undertake an
exhaustive historical analysis today of the full scope of the
Second Amendment, nothing in our opinion should be
taken to cast doubt on longstanding prohibitions on the
possession of firearms by felons and the mentally ill, or
laws forbidding the carrying of firearms in sensitive places
such as schools and government buildings, or laws imposing
conditions and qualifications on the commercial sale ofarms.26
We also recognize another important limitation on the
right to keep and carry arms.
Miller said, as we have explained, that the sorts of weapons protected were those
“in common use at the time.” 307 U. S., at 179. We think
that limitation is fairly supported by the historical tradition
of prohibiting the carrying of “dangerous and unusual
weapons.”
It may be objected that if weapons that are most useful
in military service—M-16 rifles and the like—may be
banned, then the Second Amendment right is completely
detached from the prefatory clause. But as we have said,
the conception of the militia at the time of the Second
Amendment’s ratification was the body of all citizens
capable of military service, who would bring the sorts of
lawful weapons that they possessed at home to militia
duty.
It may well be true today that a militia, to be as
effective as militias in the 18th century, would require
sophisticated arms that are highly unusual in society at
large. Indeed, it may be true that no amount of small
arms could be useful against modern-day bombers and
tanks. But the fact that modern developments have limited
the degree of fit between the prefatory clause and the
protected right cannot change our interpretation of the amendment
* * *
We turn finally to the law at issue here.
As we have
said, the law totally bans handgun possession in the home.
It also requires that any lawful firearm in the home be
disassembled or bound by a trigger lock at all times, rendering
it inoperable. As the quotations earlier in this opinion demonstrate,
the inherent right of self-defense has been central to the
Second Amendment right. The handgun ban amounts to a
prohibition of an entire class of “arms” that is overwhelmingly
chosen by American society for that lawful purpose.
The prohibition extends, moreover, to the home, where the
need for defense of self, family, and property is most acute.
Under any of the standards of scrutiny that we have applied
to enumerated constitutional rights,27 banning from the home “the most preferred firearm in the nation to ‘keep’ and use for protection of one’s home and family,” 478 F. 3d, at 400, would fail constitutional muster....
... See also State v. Reid, 1 Ala. 612, 616–617 (1840) (“A
statute which, under the pretence of regulating, amounts
to a destruction of the right, or which requires arms to be
so borne as to render them wholly useless for the purpose
of defence, would be clearly unconstitutional”).
It is no answer to say, as petitioners do, that it is permissible
to ban the possession of handguns so long as the
possession of other firearms (i.e., long guns) is allowed. It
is enough to note, as we have observed, that the American
people have considered the handgun to be the quintessential
self-defense weapon.
There are many reasons that a
citizen may prefer a handgun for home defense: It is easier
to store in a location that is readily accessible in an emergency;
it cannot easily be redirected or wrestled away by
an attacker; it is easier to use for those without the upperbody
strength to lift and aim a long gun; it can be pointed
at a burglar with one hand while the other hand dials the
police. Whatever the reason, handguns are the most popular weapon chosen by Americans for self-defense in the home, and a complete prohibition of their use is invalid.
* * *
After an exhaustive discussion of the arguments for and against
gun control, JUSTICE BREYER arrives at his interest balanced
answer: because handgun violence is a problem,
because the law is limited to an urban area, and because
there were somewhat similar restrictions in the founding
period (a false proposition that we have already discussed),
the interest-balancing inquiry results in the
constitutionality of the handgun ban. QED
We know of no other enumerated constitutional right
whose core protection has been subjected to a freestanding
“interest-balancing” approach. The very enumeration of
the right takes out of the hands of government—even the
Third Branch of Government—the power to decide on a
case-by-case basis whether the right is really worth insisting
upon.
A constitutional guarantee subject to future judges’ assessments
of its usefulness is no constitutional guarantee at all.
Constitutional rights are enshrined with the scope they
were understood to have when the people adopted them,
whether or not future legislatures or (yes)even future
judges think that scope too broad.
We would not apply an “interest-balancing” approach to the prohibition
of a peaceful neo-Nazi march through Skokie. See
National Socialist Party of America v. Skokie, 432 U. S. 43
(1977) (per curiam).
The First Amendment contains the freedom-of-speech guarantee
that the people ratified,which included exceptions for
obscenity, libel, and disclosure of state secrets,
but not for the expression of extremely unpopular and wrong-headed views.
The Second Amendment is no different.
Like the First, it is the very product of an interest-balancing
by the people—which JUSTICE BREYER would now conduct for them anew.
And whatever else it leaves to future evaluation, it surely
elevates above all other interests the right of law-abiding,
responsible citizens to use arms in defense of hearth and
home.
* * *
In sum, we hold that the District’s ban on handgun
possession in the home violates the Second Amendment,
as does its prohibition against rendering any lawful firearm
in the home operable for the purpose of immediate
self-defense. Assuming that Heller is not disqualified
from the exercise of Second Amendment rights, the District
must permit him to register his handgun and must
issue him a license to carry it in the home.
* * *
We are aware of the problem of handgun violence in this
country, and we take seriously the concerns raised by the
many amici who believe that prohibition of handgun
ownership is a solution.
The Constitution leaves the District of Columbia a variety
of tools for combating that problem, including some measures
regulating handguns,see supra, at 54–55, and n. 26.
But the enshrinement of constitutional rights necessarily
takes certain policy choices off the table.
These include the absolute prohibition of handguns held
and used for self-defense in the home.
Undoubtedly some think that the Second Amendment
is outmoded in a society where our standing army is
the pride of our Nation, where well-trained police forces
provide personal security, and where gun violence is a
serious problem. That is perhaps debatable, but what is
not debatable is that it is not the role of this Court to
pronounce the Second Amendment extinct.
We affirm the judgment of the Court of Appeals.
--It is so ordered.
Heller is Affirmed
The highest court of the land admitted that the RKBA is indeed an individual right.
Wednesday, June 25, 2008
Local Usage Details
Though the term is most popular in the northeast (the term originated with Bell Telephone nee' AT&T, and continued on through Nynex, the RBOC -aka babybell- for New York and New England), and is falling into disuse as the distinction between local exchanges and long distance has become generally meaningless (especially with cell phones now outnumbering land lines).
...Of course with Law and Order playing 40 times a day, I think everyone has heard it.
If
“ If ”
If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about, don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
If you can dream - and not make dreams your master;
If you can think - and not make thoughts your aim;
If you can meet with triumph and disaster
And treat those two imposters just the same;
If you can bear to hear the truth you've spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to broken,
And stoop and build 'em up with wornout tools;
If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: "Hold on";
If you can talk with crowds and keep your virtue,
Or walk with kings - nor lose the common touch;
If neither foes nor loving friends can hurt you;
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds' worth of distance run -
Yours is the Earth and everything that's in it,
And - which is more - you'll be a Man my son!--Rudyard Kipling
Tuesday, June 24, 2008
And we haven't been there yet because???
I am a big fan of the blog Feasting in Phoenix.
Correction. Chris, JohnOC, and I are big fans of Feasting in Phoenix. Seth has a lot of the same tastes that we do, and like Chris he has an allergy (avocado) that can be a problem in area restaurants. I always take note when he writes of area restaurants messing up his orders for this reason, and any other service issues. Plus, while he doesn't work terribly close to where we live, he eats at a lot of restaurants near where we live (Old Town Scottsdale and Arcadia).
We've found his reviews to be spot-on for what we like so whenever he does a favorable review of a place we haven't been, I tend to add that restaurant to our "must go" list.
So when he did today's review I could not believe we'd missed this particular gem.
Okay, I admit, I have a particular prejudice against restaurants in Old Town, despite the extreme proximity to the house. For one thing, parking in Old Town is horrid, and on the weekend you might as well forget about parking yourself (most restaurants have valets due to idiotic city regulations). For another, the people who frequent Old Town restaurants tend to be either a.) young and trendy, and therefore annoying, or b.) tourists. Both types like style without substance, and for us food is all about substance.
So since I knew Cowboy Ciao is a fusion/nouveau restaurant and the trenders and tourists just LOVE anything "new" (and I generally hate fusion as a concept all by itself) I'd been avoiding giving the restaurant a try.
That was until Seth did his review, and until I took a good long look at the menu.
A few favorable examples:
And our personal favorites and on the MUST TRY list:
Mel
Correction. Chris, JohnOC, and I are big fans of Feasting in Phoenix. Seth has a lot of the same tastes that we do, and like Chris he has an allergy (avocado) that can be a problem in area restaurants. I always take note when he writes of area restaurants messing up his orders for this reason, and any other service issues. Plus, while he doesn't work terribly close to where we live, he eats at a lot of restaurants near where we live (Old Town Scottsdale and Arcadia).
We've found his reviews to be spot-on for what we like so whenever he does a favorable review of a place we haven't been, I tend to add that restaurant to our "must go" list.
So when he did today's review I could not believe we'd missed this particular gem.
Okay, I admit, I have a particular prejudice against restaurants in Old Town, despite the extreme proximity to the house. For one thing, parking in Old Town is horrid, and on the weekend you might as well forget about parking yourself (most restaurants have valets due to idiotic city regulations). For another, the people who frequent Old Town restaurants tend to be either a.) young and trendy, and therefore annoying, or b.) tourists. Both types like style without substance, and for us food is all about substance.
So since I knew Cowboy Ciao is a fusion/nouveau restaurant and the trenders and tourists just LOVE anything "new" (and I generally hate fusion as a concept all by itself) I'd been avoiding giving the restaurant a try.
That was until Seth did his review, and until I took a good long look at the menu.
A few favorable examples:
Maple Leaf Farms Duck Breast * ............................. 28
pan-roasted, served with ancho/orange demi-glace, spiced pecans, sweet corn grits
Espresso-Rubbed Filet Mignon * .............................. 32
with cabernet demi-glace, tortilla-smashed Yukon gold potatoes, chipotle aioli
Boda-licious Bread Pudding …………………………………..….. 10
brioche with dried cherries, craisins & pine nuts, with brown sugar/pecan streusel, honey/orange ice cream,
compote of dried cherries & craisins, finished with praline sauce, served warm (and I luv-oola making up words)
And our personal favorites and on the MUST TRY list:
original bacon/pecan brittle three ounces .. 5 half pound ..12 full pound .. 20Anyone else hungry?
bacon cookies? Bacon Cookies! (with chocolate chips, cherries & pecans, for here or home)
single .. 11/2 trio .. 4 six-pack .. 8 twelve-pack .. 15
Mel
Monday, June 23, 2008
Shit, piss, cunt, fuck, cocksucker, motherfucker, and tits
We disagreed on almost everything political, but I would still see him live whenever I could (5 times if I remember right). When it came to fundamental principles of self expression, and opposition to hypocrisy, bullshit, doubletalk, and political correctness; nobody said it better, louder, or harder.
Lenny Bruce might have cleared the road, but Carlin paved it, and put up the signs for everyone else to follow.
Father, Air Force veteran (discharged as unsuitable for military service),
author, comedian, artistic pioneer, commentator,
and worlds biggest asshole (and proud of it).
author, comedian, artistic pioneer, commentator,
and worlds biggest asshole (and proud of it).
Rest In Peace
George Carlin -- 1937-2008
George Carlin -- 1937-2008
The Mac I want
I want a Mac.
Not for any particular reason, I just want one, because I want one.
Of course I do have other reasons:
The problem is though, Apple doesn't make the Mac I want; and I think there's a LOT of folks out there who could say the same.
For years, Apple followed the strategy of having three desktop Mac model lines; a low end home/kid/housewife/grandma model, a midrange model, and a high end model for power users and professionals.
When the iMac came out, Steve Jobs switched them over to a "Four Corners" model, where they had a low and high end lines for desktops and laptops. These positions were covered by the iMac and the PowerMac (now MacPro) on the desktop side; and the iBook (now MacBook), and PowerBook (now MacBook pro) on the laptop side.
At the same time, Apple experimented with bridging the gap with various products; but they did it kind of half heartedly.
First they put out the PowerMac cube, which although gorgeous, was mis-marketed and had heat problems. Those issues were solvable however, if Apple had been serious about it; or is Steve Jobs could ever once accept that he screwed up in product conception.
They weren't, and he wasn't.
The real problem with the cube, was that it was neither fish, nor fowl, nor good red meat. It mid-range computing power, but almost no expansion; and yet it was priced as an upper midrange machine (where people expect higher power, and expansion capabilities).
Yes, style sells computers, but it doesn't sell mid-range computers unless there is a fair bit of substance behind them. Basically, the people who wanted midrange machines, also wanted expansion. They wanted to be able to tinker, and they wanted to be able to extend the life of their machines with upgrades.
After the cube, Apple decided they'd figured out where they went wrong. Unfortunately, they were wrong there again.
By this time, iMac sales had slowed dramatically. In fact, with the "sunflower" iMacs (the iMac with the LCD on an upside down flowerpot base), they had started moving the features out of the low end, and the price had climbed to match. This basically took the bottom out of iMac sales entirely; because once again, you were buying a mid range priced machine, with just barely midrange specs, and no expandability.
Given this market situation, Apple did something which puzzles me to this day. Rather than refocus the iMac back to its low end roots, they they moved the iMac upmarket, turning it into a true midrange machine (at mid range prices) and a "lifestyle accessory".
To make up for the low end, they introduced the eMac (supposedly for educational sales, but they mostly went to former iMac buyers), which was basically an updated version of the 1998 iMac. This left Apple without a REAL system for the low end market position; because the eMac was never really a serious product, more of a placeholder.
Finally, in '06 Apple introduced the MacMini, with roughly similar specs to where the iMac would have been before the change to mid-range had it been release that year; except of course without a display, keyboard, mouse, or speakers. Most importantly though, they did it at the lowest price ever for a mac, at $499.
The only problem with that is, they went TOO low end. Not that the price wasn't great, but they shot very low on the specs; and they had spent the previous two years marketing Macs as midrange lifestyle accessories, and high end "supercomputers".
Honestly though Apple wasn't really interested in selling the MacMini. They barely marketed it at all, and when they did, they didn't know how to sell it. They didn't want to compete with the supercheap walmart PCs, though with their pricing and support and upsell opportunities, this would be ideal position to be in; "Look, you can buy that cheap piece of crap, or you can spend $100 more and get this beautiful tiny little box that's better, and has real support". They didn't want to try and sell it upmarket any either though, because that might hurt iMac sales.
The reason for targeting the mini this way puzzles me, because they don't want to sell to the super-low end; but yet they STILL don't have a real midrange machine, that has any expansion or tinkering capabilities.
If you're going to do a desktop Mac, why not just make the Mini 3 or 4 times the height (it would still be smaller and prettier than anything that sold with Windows on it), use cheaper but faster desktop components rather than the slower and more expensive laptop components, leave room for a PCIe slot or two, and an extra hard drive bay. It would actually cost LESS to make than the mini does currently, and you cuold sell it for more.
Or hell, if you're really committed to the mini, sell both; and rename them the Mini (for the medium sized one), and the Nano (for the current mini).
Even better, if you're REALLY committed to the Mini, put a faster processor and a bit more RAM in there, the biggest laptop hard drive they make, make the onboard sound decent (with an optical output), replace the cheezy integrated video with something that will do on board video compression and decompression, and add HDMI video input and output. You'd sell one to every home theater enthusiast in the world, and to half the videographers, SFX people, multimedia show presneters etc... (as a portable video workstation).
...Oh wait a sec, they already did half that with the Apple TV; why not just go all the way with the Mini and sell it as the natural big brother?
Seriously, once they've captured all the "lifestyle accessory" sales they're going to get for the iMac; they're still selling a midrange priced and powered machine, without the features that a midrange buyer wants (unless they specifically want an all in one machine). For the MacMini, they've pretty much marketed themselves out of the supposedly intended market position by making people think of the Mac as either a lifestyle thing, or a supercomputer.
So who bought the mini? Mostly PC users who wanted to mess around with Macs, and Mac laptop owners who wanted a desktop too.
So as far as I'm concerned, right now Apple is aiming too low with the Mini, too high with the iMac, and WAY too high with the MacPro.
As of right now, there are three basic Mac models in the product line:
Frankly, the MacPro is overkill. It's far more than anyone but the most hardcore users would need; and costs far more than anyone but a complete mac fanatic, or a professional working in sound, video, or graphics production could justify. They don't call it the "Mac Pro" for nothing.
The MacMini has been a market failure; but I think it's a good little box, and for an Apple, it's at a good price. It is a reasonably capable machine for what it is, which is basically a low-midrange laptop, crammed into a very tiny little case. It's gorgeous, and tiny; but it's only got a small hard drive, limited RAM capacity (the motherboard and processor could support 4gb but Apple deliberately limts it to 2), integrated video, and nothing can be upgraded. Your sum total expansion possibilites consist of 4 usb and a single firewire port.
At $499 and $599 for the two models, the Mini would still be a great deal actually, but at $599 base, and $950 optioned up, with no expansion or upgrade capability... and like the cube, it's neither fish, nor fowl, nor good red meat.
Clearly, the iMac is a midrange machine in terms of equipment specification; and it is an excellent system (though I think overpriced), but it's all integrated everything, including the display. No expansion, no upgrade, you get what you get.
This is a machine for people who want a sleek, and compact form factor (it's essentially a flat panel LCD with a thick case); and don't care about expansion. That makes it great for moms, and office workers, and students in non science/engineering fields etc... but once again, where's the true midrange offering.
Do you see the holes in market position?
Why can't Apple?
I go back to my previous statement; the people who want and need midrange machine also need expansion and upgrade capabilities; and they want to tinker.
Look back to what I want to use my Mac for and think about what I want and need.
Very specifically, here's what I want in my Mac:
Why isn't Apple doing this? It wouldn't cost them anything, except maybe a bit of pride.
Given the marketing position it wouldn't hurt MacMini sales, and I doubt it would cannibalize the bottom end of MacPro sales. You could sell them for $1000 to $2000, capture a huge market segment, and not lose a dime off the iMac or MacPro
Seriously, if Apple offered something like that, I'd buy it up in a heartbeat. In fact, as of today, I can buy a generic PC configured as above; and presuming I choose the right components (for driver support) put OSX Leopard on it with the help of the hackintosh community. I can even pay a company called Psystar to do it for me at a base price of $1000, and fully optioned up price with a quad core, and 8 gigs of RAM, at about $1500 (they also offer low end models starting at $399).
The only reason I don't do this, is because at any moment, Apple could decide to change their software to completely break all of these unsupported hacks, and then I'd be up the creek (of course I could still use the hardware for windows or Linux, I'd only be out the cash I ponied up for Mac software).
... Well, not quite the only reason. I also want a REAL MAC. I want the excellent support, and I want the well designed case, and I want the "EVERYTHING JUST WORKS" factor going for me.
Until Steve sees the light and gives me what I need though, at best I'm going to use a hackintosh to play with, or maybe ebay a cheap MacMini.
Not for any particular reason, I just want one, because I want one.
Of course I do have other reasons:
- I want one, because I pride myself in being proficient and current in most common operating systems, and I have barely used OSX at all.
- I want one because I want to play with various other Apple technologies (like the iPhone SDK, which might actually get me interested in writing code again for the first time in years), and in many ways a Mac is the best way to do that (or in some cases, the only way).
- I want one, because they are very well designed, and have excellent support.
- I want one, so I can teach the kids Mac, Linux, and Windows; so they know all the major computing platforms (if you learn Linux, the other UNIXen are an easy pickup).
- I want one so that if I have Mac people over to the house, they'll have a comfortable environment to work and play on.
- I want one for photo, video, and sound editing.
Although Windows and Linux do a good job with it (now), Macs are still the standard platform for most professionals, and it's always useful to be able to do work on the same platform as the guy sending you files to review.
Oh and I'd really like to be able to do BluRay authoring on it. - I want to be able to do recovery, analysis, forensics, and security work on Macs.
Though I have Windows, Linux, BSD, and Solaris to do it with (and I do, mostly on Linux), I don't have any Macs to do that sort of work with. There's a lot you can (and should) do on a platform other than the one where the drive came from; but for some things, you really need to do the work on the native platform.
The problem is though, Apple doesn't make the Mac I want; and I think there's a LOT of folks out there who could say the same.
For years, Apple followed the strategy of having three desktop Mac model lines; a low end home/kid/housewife/grandma model, a midrange model, and a high end model for power users and professionals.
When the iMac came out, Steve Jobs switched them over to a "Four Corners" model, where they had a low and high end lines for desktops and laptops. These positions were covered by the iMac and the PowerMac (now MacPro) on the desktop side; and the iBook (now MacBook), and PowerBook (now MacBook pro) on the laptop side.
At the same time, Apple experimented with bridging the gap with various products; but they did it kind of half heartedly.
First they put out the PowerMac cube, which although gorgeous, was mis-marketed and had heat problems. Those issues were solvable however, if Apple had been serious about it; or is Steve Jobs could ever once accept that he screwed up in product conception.
They weren't, and he wasn't.
The real problem with the cube, was that it was neither fish, nor fowl, nor good red meat. It mid-range computing power, but almost no expansion; and yet it was priced as an upper midrange machine (where people expect higher power, and expansion capabilities).
Yes, style sells computers, but it doesn't sell mid-range computers unless there is a fair bit of substance behind them. Basically, the people who wanted midrange machines, also wanted expansion. They wanted to be able to tinker, and they wanted to be able to extend the life of their machines with upgrades.
After the cube, Apple decided they'd figured out where they went wrong. Unfortunately, they were wrong there again.
By this time, iMac sales had slowed dramatically. In fact, with the "sunflower" iMacs (the iMac with the LCD on an upside down flowerpot base), they had started moving the features out of the low end, and the price had climbed to match. This basically took the bottom out of iMac sales entirely; because once again, you were buying a mid range priced machine, with just barely midrange specs, and no expandability.
Given this market situation, Apple did something which puzzles me to this day. Rather than refocus the iMac back to its low end roots, they they moved the iMac upmarket, turning it into a true midrange machine (at mid range prices) and a "lifestyle accessory".
To make up for the low end, they introduced the eMac (supposedly for educational sales, but they mostly went to former iMac buyers), which was basically an updated version of the 1998 iMac. This left Apple without a REAL system for the low end market position; because the eMac was never really a serious product, more of a placeholder.
Finally, in '06 Apple introduced the MacMini, with roughly similar specs to where the iMac would have been before the change to mid-range had it been release that year; except of course without a display, keyboard, mouse, or speakers. Most importantly though, they did it at the lowest price ever for a mac, at $499.
The only problem with that is, they went TOO low end. Not that the price wasn't great, but they shot very low on the specs; and they had spent the previous two years marketing Macs as midrange lifestyle accessories, and high end "supercomputers".
Honestly though Apple wasn't really interested in selling the MacMini. They barely marketed it at all, and when they did, they didn't know how to sell it. They didn't want to compete with the supercheap walmart PCs, though with their pricing and support and upsell opportunities, this would be ideal position to be in; "Look, you can buy that cheap piece of crap, or you can spend $100 more and get this beautiful tiny little box that's better, and has real support". They didn't want to try and sell it upmarket any either though, because that might hurt iMac sales.
The reason for targeting the mini this way puzzles me, because they don't want to sell to the super-low end; but yet they STILL don't have a real midrange machine, that has any expansion or tinkering capabilities.
If you're going to do a desktop Mac, why not just make the Mini 3 or 4 times the height (it would still be smaller and prettier than anything that sold with Windows on it), use cheaper but faster desktop components rather than the slower and more expensive laptop components, leave room for a PCIe slot or two, and an extra hard drive bay. It would actually cost LESS to make than the mini does currently, and you cuold sell it for more.
Or hell, if you're really committed to the mini, sell both; and rename them the Mini (for the medium sized one), and the Nano (for the current mini).
Even better, if you're REALLY committed to the Mini, put a faster processor and a bit more RAM in there, the biggest laptop hard drive they make, make the onboard sound decent (with an optical output), replace the cheezy integrated video with something that will do on board video compression and decompression, and add HDMI video input and output. You'd sell one to every home theater enthusiast in the world, and to half the videographers, SFX people, multimedia show presneters etc... (as a portable video workstation).
...Oh wait a sec, they already did half that with the Apple TV; why not just go all the way with the Mini and sell it as the natural big brother?
Seriously, once they've captured all the "lifestyle accessory" sales they're going to get for the iMac; they're still selling a midrange priced and powered machine, without the features that a midrange buyer wants (unless they specifically want an all in one machine). For the MacMini, they've pretty much marketed themselves out of the supposedly intended market position by making people think of the Mac as either a lifestyle thing, or a supercomputer.
So who bought the mini? Mostly PC users who wanted to mess around with Macs, and Mac laptop owners who wanted a desktop too.
So as far as I'm concerned, right now Apple is aiming too low with the Mini, too high with the iMac, and WAY too high with the MacPro.
As of right now, there are three basic Mac models in the product line:
- The Mac Mini, with up to a 2ghz dual core processor (1.8 base), a max of 2 gb RAM (1gb base), integrated video, integrated DVD burner, and a max of 120gb hard drive. The only upgradeable or changeable component (in theory) is the memory; though people not concerned with Apple warranties have put in larger hard drives, and faster processors. Base price is $599, fully optioned up, it's about $950.
- The iMac, with up to a 3ghz dual core processor (2.4 base), up to 4gb ram (1gb base), up to a 1tb hard drive, integrated DVD burner, decent discrete video; and of course a 20" or 24" LCD. Again, theoretically the only thing upgradeable is the ram, but actually you can upgrade everything but the video card pretty easily. Base price is $1199, fully optioned up, it's about $2700.
- The Mac Pro, with up to 2, 3.2ghz quad core processors (yes, 8 cores. A single quad core 2.8 is base), up to 32gb of ram (2gb is base), up to 4, 1tb hard drives (a single 320gb is base), and a decent industry standard PCIe video card (or as many as 4). Expansion is virtually unlimited. Base price is $2299, up to about $20,000 fully optioned up ($9,100 of that is ram, and $2100 of that is to go to dual 3.2ghz processors).
Frankly, the MacPro is overkill. It's far more than anyone but the most hardcore users would need; and costs far more than anyone but a complete mac fanatic, or a professional working in sound, video, or graphics production could justify. They don't call it the "Mac Pro" for nothing.
The MacMini has been a market failure; but I think it's a good little box, and for an Apple, it's at a good price. It is a reasonably capable machine for what it is, which is basically a low-midrange laptop, crammed into a very tiny little case. It's gorgeous, and tiny; but it's only got a small hard drive, limited RAM capacity (the motherboard and processor could support 4gb but Apple deliberately limts it to 2), integrated video, and nothing can be upgraded. Your sum total expansion possibilites consist of 4 usb and a single firewire port.
At $499 and $599 for the two models, the Mini would still be a great deal actually, but at $599 base, and $950 optioned up, with no expansion or upgrade capability... and like the cube, it's neither fish, nor fowl, nor good red meat.
Clearly, the iMac is a midrange machine in terms of equipment specification; and it is an excellent system (though I think overpriced), but it's all integrated everything, including the display. No expansion, no upgrade, you get what you get.
This is a machine for people who want a sleek, and compact form factor (it's essentially a flat panel LCD with a thick case); and don't care about expansion. That makes it great for moms, and office workers, and students in non science/engineering fields etc... but once again, where's the true midrange offering.
Do you see the holes in market position?
Why can't Apple?
I go back to my previous statement; the people who want and need midrange machine also need expansion and upgrade capabilities; and they want to tinker.
Look back to what I want to use my Mac for and think about what I want and need.
- A fast processor, but not high end server class, that I can upgrade
- A fair bit of memory, that I can upgrade
- A lot of storage, thats reasonable fast
- Great video
- Great audio
- The ability to add and change hard drives
- The ability to add and change optical drives
- The ability to add and change primary video cards
- The ability to add and change other PCI cards, like video capture cards, and HDTV tuners
Very specifically, here's what I want in my Mac:
- 1x processor socket, with support for up to Core 2 Quad, and several processor options
- 4x RAM slots, with support for 2gb dimms, and maximum of 8gb ram
- 2x PCIe x16 slots, for hardcore video if I want it
- 1x PCIe x8 or x4 slot for other PCIe cards
- 2x PCI slots (because most IO cards are still PCI)
- 2x 3.5" hard drive bays
- 2x 5" external bays for optical drives
- A good looking (or concealed) media card reader,; and front panel audio, USB, and firewire
- Either the cheapest possible PCIe card, or cheap onboard video
- Onboard surround sound, with analog and digital inputs and outputs
- I'd love a BluRay option, but a DVD burner standard is a minimum
- I'd love an HDTV tuner and video in/DVR option; and an HDMI output
- Integrated bluetooth
- Integrated 802.11n wireless
- Integrated Gigabit ethernet
- A really nice toolless case, with good cooling, and excellent sound insulation
Why isn't Apple doing this? It wouldn't cost them anything, except maybe a bit of pride.
Given the marketing position it wouldn't hurt MacMini sales, and I doubt it would cannibalize the bottom end of MacPro sales. You could sell them for $1000 to $2000, capture a huge market segment, and not lose a dime off the iMac or MacPro
Seriously, if Apple offered something like that, I'd buy it up in a heartbeat. In fact, as of today, I can buy a generic PC configured as above; and presuming I choose the right components (for driver support) put OSX Leopard on it with the help of the hackintosh community. I can even pay a company called Psystar to do it for me at a base price of $1000, and fully optioned up price with a quad core, and 8 gigs of RAM, at about $1500 (they also offer low end models starting at $399).
The only reason I don't do this, is because at any moment, Apple could decide to change their software to completely break all of these unsupported hacks, and then I'd be up the creek (of course I could still use the hardware for windows or Linux, I'd only be out the cash I ponied up for Mac software).
... Well, not quite the only reason. I also want a REAL MAC. I want the excellent support, and I want the well designed case, and I want the "EVERYTHING JUST WORKS" factor going for me.
Until Steve sees the light and gives me what I need though, at best I'm going to use a hackintosh to play with, or maybe ebay a cheap MacMini.
Sunday, June 22, 2008
Thursday, June 19, 2008
Why I buy HP
Hewlett Packard is the number one vendor of printers and scanners in the world; the number two vendor of desktops (behind Dell), the number two vendor of servers (also behind Dell)...
They're big stuff so to speak.
They also do a lot of trading on their name, and reputation; and as such, they charge a bit more than say Dell... which is why they are number two, to be honest.
Now, in terms of desktops and laptops; and sadly to an extent servers (since Carly Fiorina took over, HP service went WAY down hill); I don't think the superior reputation is entirely deserved, at least not anymore; but if there is one area of business where HP is still the top, is printers.
Honestly, I just won't bother buying a printer other than an HP, and here's why.
I've got this $499 super duper HP top of the line all-in-one printer, fax, scanner, and copier...
It's a great printer
... and it's a great copier
... and its a great scanner
Thing is though, I already have a great HP printer and a great HP scanner; and between the two, I have a half decent copier.
Unfortunately, what I don't have, is a working fax machine; because there's some kind of firmware problem on this particular printer; and you CAN'T FLASH THE FIRMWARE IN ANY WAY.
Seriously, it's a $500 network printer with its own Linux based print, fax, and web server(which is why I bought the thing by the way, so I could use network faxing) but you can't flash the firmware.
That makes absolutely no sense to me. It's insane; and with most vendors this is where I'd be telling you that it's the reason I won't be buying from them again.
From HP though, it leads directly to the reason I prefer to buy HP.
They're sending me out a new one, tomorrow morning, fed-ex, for free, with no hassle or argument.
That right there, is the reason I buy HP.
Even though I called at 9pm; I was on the phone with the support guy within minutes (actually, less than a minute after choosing printer support; but it took me maybe 2 minutes of IVR navigation to get there), and he was a native English speaker, talking to me from Portland.
The support engineer understood my problem immediately, and understood what steps I had already taken to attempt to resolve it. He agreed right off the bat, that the problem was almost certainly the firmware, and that he would probably have to replace the box; but just to get authorization he had me try one single maintenance procedure. When that one procedure didn't work, he immediately shipped me out a new printer, fed-ex.
It would be here Friday, but for the fact that I called after 6pm (I actually called them at 9pm); so instead it will be here Monday (though for an additional $30 I could have had it overnighted).
Note, I don't have to ship them the printer first, or drop it off at the depot; they're shipping me a new printer (ok, factory refurbished, but I don't care), and I'm sending the bad one back in the box they sent the new one out in.
Note also, that I didn't have to buy a special extended warranty to get this level of service; this is HP's standard "TotalCare" warranty for their printers (at least the ones that cost more than $100 anyway; I don't bother buying cheap printers, they aren't worth replacing the ink cartridges on).
Any other company, I would have been on hold for 30 minutes, only to be transferred to "Jeff", out in Bangalore...
... an aside to all those companies who offshore customer support like that: Telling the Indian guy to lie to us and say his name is "Jeff", when we KNOW he's an Indian guy in Bangalore who statistically is likely to actually be named Sunil, Rajesh, Kumar, or Muhammad (1/3 of all Indian males have one of those as part of their name. I work with a half dozen Sunils on a day to day basis); it doesn't make us feel better about talking to them, it just insults our intelligence...
Once I finally got to talk to "Jeff", he would completely ignore everything I had done, and my description of the problem, and eh would take me through his script. This isn't actually designed to SOLVE my problem, but to get rid of me in the most expeditious way possible. After being led through at least a half hour of useless BS, he would then fight me for 30 minutes, trying to get me to accept some solution other than replacing the box; or perhaps to accept that it wasn't their problem at all.
Instead, I spoke with a pleasant man in Portland, actually named Jeff; who sent me a new printer right away without arguing.
Personally, I'd say that's worth the extra few bucks.
They're big stuff so to speak.
They also do a lot of trading on their name, and reputation; and as such, they charge a bit more than say Dell... which is why they are number two, to be honest.
Now, in terms of desktops and laptops; and sadly to an extent servers (since Carly Fiorina took over, HP service went WAY down hill); I don't think the superior reputation is entirely deserved, at least not anymore; but if there is one area of business where HP is still the top, is printers.
Honestly, I just won't bother buying a printer other than an HP, and here's why.
I've got this $499 super duper HP top of the line all-in-one printer, fax, scanner, and copier...
It's a great printer
... and it's a great copier
... and its a great scanner
Thing is though, I already have a great HP printer and a great HP scanner; and between the two, I have a half decent copier.
Unfortunately, what I don't have, is a working fax machine; because there's some kind of firmware problem on this particular printer; and you CAN'T FLASH THE FIRMWARE IN ANY WAY.
Seriously, it's a $500 network printer with its own Linux based print, fax, and web server(which is why I bought the thing by the way, so I could use network faxing) but you can't flash the firmware.
That makes absolutely no sense to me. It's insane; and with most vendors this is where I'd be telling you that it's the reason I won't be buying from them again.
From HP though, it leads directly to the reason I prefer to buy HP.
They're sending me out a new one, tomorrow morning, fed-ex, for free, with no hassle or argument.
That right there, is the reason I buy HP.
Even though I called at 9pm; I was on the phone with the support guy within minutes (actually, less than a minute after choosing printer support; but it took me maybe 2 minutes of IVR navigation to get there), and he was a native English speaker, talking to me from Portland.
The support engineer understood my problem immediately, and understood what steps I had already taken to attempt to resolve it. He agreed right off the bat, that the problem was almost certainly the firmware, and that he would probably have to replace the box; but just to get authorization he had me try one single maintenance procedure. When that one procedure didn't work, he immediately shipped me out a new printer, fed-ex.
It would be here Friday, but for the fact that I called after 6pm (I actually called them at 9pm); so instead it will be here Monday (though for an additional $30 I could have had it overnighted).
Note, I don't have to ship them the printer first, or drop it off at the depot; they're shipping me a new printer (ok, factory refurbished, but I don't care), and I'm sending the bad one back in the box they sent the new one out in.
Note also, that I didn't have to buy a special extended warranty to get this level of service; this is HP's standard "TotalCare" warranty for their printers (at least the ones that cost more than $100 anyway; I don't bother buying cheap printers, they aren't worth replacing the ink cartridges on).
Any other company, I would have been on hold for 30 minutes, only to be transferred to "Jeff", out in Bangalore...
... an aside to all those companies who offshore customer support like that: Telling the Indian guy to lie to us and say his name is "Jeff", when we KNOW he's an Indian guy in Bangalore who statistically is likely to actually be named Sunil, Rajesh, Kumar, or Muhammad (1/3 of all Indian males have one of those as part of their name. I work with a half dozen Sunils on a day to day basis); it doesn't make us feel better about talking to them, it just insults our intelligence...
Once I finally got to talk to "Jeff", he would completely ignore everything I had done, and my description of the problem, and eh would take me through his script. This isn't actually designed to SOLVE my problem, but to get rid of me in the most expeditious way possible. After being led through at least a half hour of useless BS, he would then fight me for 30 minutes, trying to get me to accept some solution other than replacing the box; or perhaps to accept that it wasn't their problem at all.
Instead, I spoke with a pleasant man in Portland, actually named Jeff; who sent me a new printer right away without arguing.
Personally, I'd say that's worth the extra few bucks.
Wednesday, June 18, 2008
The Hero With a Thousand Virgins
From the UK Telegraph:
The primary motivation these idiots have is to be known as an epic hero. Luke skywalker is a modern iconic representation of the Campbellian "hero with a thousand faces".
You have to remember that Islam, especially Arabic Islam, is a storyteller culture; where the iconic hero is the central figure. All of Arabic, and Islamic cultural history revolves around these central figures; be they conquerors or martyrs.
On the one side of things, their lives are utter garbage. Poverty, crime, corruption, no societal mobility, no opportunity for advancement or personal fulfillment, no opportunity to express themselves personally or sexually (never underestimate that power and frustration, especially in young men) and an overall excess of young males, and shortage of young females.
On the other side, is this opportunity to be revered as a hero. To end your pain and suffering, and be rewarded for it beyond compare in paradise, by the direct will of god.
It's no wonder that so many prefer blowing themselves up, to living their real lives.
Mulsim terrorists want to be known as Saladin, or Charlegmagne, or Henry V, or Achilles; rather than as Achmed, the man who died of dysentery in a "refugee camp".
The reason why westerners don't "get it", is because to us, legends and myths are just that. To a Muslim, the legend is as real as if he was standing there in the room with you.
To us, the Greeks and Romans are off in antiquity; to the Muslims, Mohammad and Saladin are yesterday, today, and tomorrow.
They really believe their own bull.
This is why liberals are always so sympathetic to the muslims, who so clearly state that they want to kill all the homosexuals, and adulterers and blasphemers. The liberals don't understand that THE MUSLIMS ACTUALLY MEAN WHAT THEY ARE SAYING, AND THEY ACTUALLY BELIEVE IT.
It honestly does not compute in the liberals brain that these statements could be serious. They dismiss them as nothing but posturing and rhetoric, because after all, no-one could actually MEAN those things, or REALLY believe in that enough to die for right?
Of course the same mis-understanding applies between liberals and conservatives; especially those of us who served.
We couldn't possibly actually believe that stuff about honor, duty, and country right? I mean why on earth would anyone risk their life for an idea? You must be doing it because you don't have any other choice, or because you're stupid, or you've been deluded by the propaganda machine or something... because no-body really does that, nobody believes that... right? It's just rhetoric, and you're all just hypocrites.
Except that most of us aren't.
That simply does not compute. Their belief system does not allow for the fact that someone could hold such strongly and deeply held beliefs contrary to their own, that once the offending parties were "convinced of the truth", they wouldn't come around; unless those people already knew that they were wrong, and were just pretending to disagree to gain advantage.
No, I'm serious, this is actually what they believe... and that folks, is just as dangerous in the long run as what the Muslims really believe.
Richard Danzig, who served as Navy Secretary under President Clinton and is tipped to become National Security Adviser in an Obama White House, told a major foreign policy conference in Washington ...Actually, though the presentation of the idea is ridiculous, he is in fact entirely correct.
.. how American troops, spies and anti-terrorist officials could learn key lessons by understanding the desire of terrorists to emulate superheroes like Luke Skywalker, and the lust for violence of violent football fans.
The primary motivation these idiots have is to be known as an epic hero. Luke skywalker is a modern iconic representation of the Campbellian "hero with a thousand faces".
You have to remember that Islam, especially Arabic Islam, is a storyteller culture; where the iconic hero is the central figure. All of Arabic, and Islamic cultural history revolves around these central figures; be they conquerors or martyrs.
On the one side of things, their lives are utter garbage. Poverty, crime, corruption, no societal mobility, no opportunity for advancement or personal fulfillment, no opportunity to express themselves personally or sexually (never underestimate that power and frustration, especially in young men) and an overall excess of young males, and shortage of young females.
On the other side, is this opportunity to be revered as a hero. To end your pain and suffering, and be rewarded for it beyond compare in paradise, by the direct will of god.
It's no wonder that so many prefer blowing themselves up, to living their real lives.
Mulsim terrorists want to be known as Saladin, or Charlegmagne, or Henry V, or Achilles; rather than as Achmed, the man who died of dysentery in a "refugee camp".
The reason why westerners don't "get it", is because to us, legends and myths are just that. To a Muslim, the legend is as real as if he was standing there in the room with you.
To us, the Greeks and Romans are off in antiquity; to the Muslims, Mohammad and Saladin are yesterday, today, and tomorrow.
They really believe their own bull.
This is why liberals are always so sympathetic to the muslims, who so clearly state that they want to kill all the homosexuals, and adulterers and blasphemers. The liberals don't understand that THE MUSLIMS ACTUALLY MEAN WHAT THEY ARE SAYING, AND THEY ACTUALLY BELIEVE IT.
It honestly does not compute in the liberals brain that these statements could be serious. They dismiss them as nothing but posturing and rhetoric, because after all, no-one could actually MEAN those things, or REALLY believe in that enough to die for right?
Of course the same mis-understanding applies between liberals and conservatives; especially those of us who served.
We couldn't possibly actually believe that stuff about honor, duty, and country right? I mean why on earth would anyone risk their life for an idea? You must be doing it because you don't have any other choice, or because you're stupid, or you've been deluded by the propaganda machine or something... because no-body really does that, nobody believes that... right? It's just rhetoric, and you're all just hypocrites.
Except that most of us aren't.
That simply does not compute. Their belief system does not allow for the fact that someone could hold such strongly and deeply held beliefs contrary to their own, that once the offending parties were "convinced of the truth", they wouldn't come around; unless those people already knew that they were wrong, and were just pretending to disagree to gain advantage.
No, I'm serious, this is actually what they believe... and that folks, is just as dangerous in the long run as what the Muslims really believe.
My PGP Public Key
In keeping with the previous post on cryptography, here's my PGP public key.
Presuming you trust me to be the actual Chris Byrne, and a published entry on my blog to be a verified means of transmission, you should be able to sign this as a valid and trusted key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEhYcQ8RBACVF1gUAU90+OUu7UswLM1aCJ4/tCBKahiu+wX29U4vC47PstqW
Cw4MkbboqTTQgipXHx/JJYqiEMhna0HRqj/8ueRxMFx/lL5UAAavcLcX8jNexc+Q
AWuJR6GwfJ85mO8FE7F4YP7kwnby7JWqDyOOmbb9zFFz7niIxe3FrvBCVwCg3PDs
2Pz0Vln0j4QtJfg3DyimiYEEAJIqwzj05uULn2+NEAoCOQpC0+x0SVCiD0AKQZFD
VOkOIKBaA7tguU9gjzhbkfAM3xyYPTsZj6vmheP+/IQOtxUDsUGBDCWFHYznt1gh
/hDKSzozFfPePomLrwoC8bu4SblDpZbqvzMr20M78vOBiz8hYNUptjaqQ1poDmn2
YOQ+A/9U/RyTNpm2ftdfa4fQM686AdIBCb7YJ47P+Wln2I6mPl8f/aELPkmqDoQ/
/bwz5kkw0sQkUPLg88viEkKVzj9jMoz5djGPN/LReAzkG+QHhNlm/NPzXmy2+VS+
62dNfTw9pld9EvZFJMSUzUGs542B7u7eDfgAR4VbBVqE2+0x2bQuQ2hyaXN0b3Bo
ZXIgSi4gQnlybmUgSVYgPGNieXJuZWl2QGhvdG1haWwuY29tPohgBBMRAgAgBQJI
WHR4AhsjBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ6vkNwN2ltGdJqACeI+TF
T4u8UFu2kCwRvQ6sTZRptosAoNa/45xQcHDOB382vzEohUzEUFS/tC5DaHJpc3Rv
cGhlciBKLiBCeXJuZSBJViA8Y2hyaXNAY2hyaXNieXJuZS5jb20+iGAEExECACAF
AkhYcQ8CGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDq+Q3A3aW0Z0B7AJ9v
CswUv/aDR6vXGMOD5hbfYPtOLQCcC6rBlucu7SxvnySieGNmcRg6oKq0LENocmlz
dG9waGVyIEouIEJ5cm5lIElWIDxjYnlybmVpdkBnbWFpbC5jb20+iGAEExECACAF
AkhYdI0CGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDq+Q3A3aW0Z/iDAJwN
rCErtf/7dk/uoxUj4gUaneZFjgCgriTuXXSsZ/MTdtLGZ0m/P3cedLW5AQ0ESFhx
DxAEAMHBo+j3KrC7Xng1JMe7ksTJQcU7Y/9nhCB0K4RgQlALxVXHvwFmxJS9nLTl
rF6WdRw9Y7ZtDRCqAwhIkih+KQ8hnpleIjetXfQw7onU88oBtqmLRwzfNV4zEMDn
1bA59Nn1/eAJWqoKy0CMQ7S/gSQ5oJIJDsRYUIApJ0FV1X+zAAMFA/0XX+b74xIX
UbV+yaqdqoAerNU7lMoQ/1bPFHpPOlz+XQJQZ/OS32R0qGIiXOcgIxLFc6ykU3K+
nfpPRjsjYC6xliYutC9Mlw+UB4vzWNeBnwhvaV1U3A6NrecT68VCByLgN5rx089N
dxvFnOVvIMBTjCMDUy5xptgU9ujqwLQfZIhJBBgRAgAJBQJIWHEPAhsMAAoJEOr5
DcDdpbRnJ2sAmwYecSBN1BxcObDZ54PjtQAwBvUhAKCJqjqogyU1IaG69KFBQ7Gu
PSSlHA==
=a8FN
-----END PGP PUBLIC KEY BLOCK-----
Presuming you trust me to be the actual Chris Byrne, and a published entry on my blog to be a verified means of transmission, you should be able to sign this as a valid and trusted key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEhYcQ8RBACVF1gUAU90+OUu7UswLM1aCJ4/tCBKahiu+wX29U4vC47PstqW
Cw4MkbboqTTQgipXHx/JJYqiEMhna0HRqj/8ueRxMFx/lL5UAAavcLcX8jNexc+Q
AWuJR6GwfJ85mO8FE7F4YP7kwnby7JWqDyOOmbb9zFFz7niIxe3FrvBCVwCg3PDs
2Pz0Vln0j4QtJfg3DyimiYEEAJIqwzj05uULn2+NEAoCOQpC0+x0SVCiD0AKQZFD
VOkOIKBaA7tguU9gjzhbkfAM3xyYPTsZj6vmheP+/IQOtxUDsUGBDCWFHYznt1gh
/hDKSzozFfPePomLrwoC8bu4SblDpZbqvzMr20M78vOBiz8hYNUptjaqQ1poDmn2
YOQ+A/9U/RyTNpm2ftdfa4fQM686AdIBCb7YJ47P+Wln2I6mPl8f/aELPkmqDoQ/
/bwz5kkw0sQkUPLg88viEkKVzj9jMoz5djGPN/LReAzkG+QHhNlm/NPzXmy2+VS+
62dNfTw9pld9EvZFJMSUzUGs542B7u7eDfgAR4VbBVqE2+0x2bQuQ2hyaXN0b3Bo
ZXIgSi4gQnlybmUgSVYgPGNieXJuZWl2QGhvdG1haWwuY29tPohgBBMRAgAgBQJI
WHR4AhsjBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ6vkNwN2ltGdJqACeI+TF
T4u8UFu2kCwRvQ6sTZRptosAoNa/45xQcHDOB382vzEohUzEUFS/tC5DaHJpc3Rv
cGhlciBKLiBCeXJuZSBJViA8Y2hyaXNAY2hyaXNieXJuZS5jb20+iGAEExECACAF
AkhYcQ8CGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDq+Q3A3aW0Z0B7AJ9v
CswUv/aDR6vXGMOD5hbfYPtOLQCcC6rBlucu7SxvnySieGNmcRg6oKq0LENocmlz
dG9waGVyIEouIEJ5cm5lIElWIDxjYnlybmVpdkBnbWFpbC5jb20+iGAEExECACAF
AkhYdI0CGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDq+Q3A3aW0Z/iDAJwN
rCErtf/7dk/uoxUj4gUaneZFjgCgriTuXXSsZ/MTdtLGZ0m/P3cedLW5AQ0ESFhx
DxAEAMHBo+j3KrC7Xng1JMe7ksTJQcU7Y/9nhCB0K4RgQlALxVXHvwFmxJS9nLTl
rF6WdRw9Y7ZtDRCqAwhIkih+KQ8hnpleIjetXfQw7onU88oBtqmLRwzfNV4zEMDn
1bA59Nn1/eAJWqoKy0CMQ7S/gSQ5oJIJDsRYUIApJ0FV1X+zAAMFA/0XX+b74xIX
UbV+yaqdqoAerNU7lMoQ/1bPFHpPOlz+XQJQZ/OS32R0qGIiXOcgIxLFc6ykU3K+
nfpPRjsjYC6xliYutC9Mlw+UB4vzWNeBnwhvaV1U3A6NrecT68VCByLgN5rx089N
dxvFnOVvIMBTjCMDUy5xptgU9ujqwLQfZIhJBBgRAgAJBQJIWHEPAhsMAAoJEOr5
DcDdpbRnJ2sAmwYecSBN1BxcObDZ54PjtQAwBvUhAKCJqjqogyU1IaG69KFBQ7Gu
PSSlHA==
=a8FN
-----END PGP PUBLIC KEY BLOCK-----
Cryptonomicon - Part I
So, I mentioned in an earlier post, that I'd lost my PGP private key and keyring; and that this was kind of a major irritation for me. Now it's time to explain, in excruciating detail, what that is, and why it's important.
First things first, what the heck is PGP?
PGP stands for "Pretty Good Privacy", an encryption and key management scheme (and associated utilities) written by Phil Zimmerman (A.K.A. PRZ); based on the earlier work of Whitfield Diffie, Martin Hellman, and Ralph Merkle, on something called "public key cryptography".
PGP was published over government objections in 1991. It's a great story really. The feds spent 5 years trying to put PRZ in jail for exporting controlled weapons (which is what they classified encryption as), failed miserably, and he eventually moved to Ireland (I think he's back in the U.S. now).
It's safe to say that PGP, in one implementation or another, is the most used interactive encryption software in the world. I say "interactive", because just about every web browser has SSL encryption software built in (which is a similar, but different encryption scheme), but most people never interact with it specifically; they just know that when they type in HTTPS instead of HTTP, and the little key or lock shows up in the browser, that they are "secure".
In my particular case I use GPG, the free and open source GNU implementation of PGP; both because it's free and open source, and because there are versions of it for every operating system I use (and pretty much every OS I don't use as well).
There is also a commercial implementation of the PGP standard, called simply enough, PGP (though the fact that they named the software after the standard confuses people as to whether they "really have PGP" if they don't use the "Official" commercial version); as well as numerous other implementations, both free and commercial, and plugins for other applications etc...
Theoretically, all of these different implementations should work together, because they all implement the same standard; though sometimes (frequently?) incompatibilities can pop up; especially between the open source and commercial implementations.
As I mentioned in passing above, PGP is what is called a "public key cryptography" scheme; and it works pretty simply in concept (though the math behind it is complicated).
The basic idea behind it, is that when two people want to talk to each other securely, they shouldn't have to know or trust each other first.
... Now there's a logical leap that many people seem to have a problem making; and in order to talk about it, we need to talk about what exactly cryptography is, and a bit about how it works.
At it's most basic, cryptography is (literally, from the greek), "secret writing". It's any means of writing a message in a way that is meaningful to those with the knowledge to understand it, but meaningless to all others.
Now, there are a heck of a lot of ways of doing that, but they almost all break down into two basic categories, ciphers and codes.
A code is a way of making writing secret by using symbols. A red Octagon is a way of writing "stop" in code for example, as is the sequence ... - --- .--.
The symbols of a code can be anything, pictures, shapes, sounds, even numbers or letters. The most well known code (at least that we explicitly think of as a code) in the world is probably Morse code (as above) where dots and dashes represent number and letters. Another one that is commonly known, is the admiralty radio code, also called the "Q code", where entire paragraphs can be expressed as groups of three letters, (that are convenient to tap out in morse code).
The important part is that each symbol has meaning, but that meaning isn't understood by someone who doesn't know the code. So in Q code, the letters "QRN" aren't spelling any meaningful word; but if you know the code, you know they mean "I'm having trouble understanding you because of radio interference".
Of course most people don't think of these as codes in the cryptographic sense (and in fact there is an entire academic field of study about symbology and the representation of meaning, that has very little to do with cryptography, called semiotics); I'm just using them as an example to illustrate the point.
Generally, when people think of cryptographic codes, they are thinking more along the lines of codebooks; which are kept secret, and which usually have groups of letters and numbers which are used to represent other words, letter, numbers etc...
Again, the important part here is that each symbol has a distinct meaning that it represents, which is not apparent to someone who doesn't know the code. So the code 999 doesn't mean nine hundred and ninety nine; it actually means "Oh god, Oh god, we're all gonna die".
Ciphers are a completely different way of making writing secret. Instead of using symbols to make things secret, they use math.
Putting the difference more simply, if a bit obscurely, code is representational, ciphers are transformational... or perhaps more clearly, codes translate, ciphers transform.
Huh?
Codes translate symbols; like from one language to another. In a code, the meaning is there in the symbols, you just can't understand it without the code book; much as you can't understand Urdu without a phrasebook. If I say salgirah mubarak, you don't know that it means "Happy Birthday" in Urdu.
Critical to understanding the difference between codes and ciphers though, is understanding that just because you don't know the meaning, doesn't mean the symbols have no meaning.
Ciphers TRANSFORM, not translate; so each individual symbol of the enciphered text (actually called ciphertext) has no actual meaning, without the cipher, and the ciphers key.
The ASCII octal code sequence 062060060070 always means "2008", even if you don't know the code and can't read it; whereas the ciphertext 062060060070 is completely meaningless without the math.
I realize that the distinction there is lost on some, but trust me, it's important.
From a strictly practical standpoint there is a huge difference: A code has to have symbols representing everything you want to say, or a way of making up new symbols built into it; a cipher doesn't, because there is no meaning to any particular symbol, it's all just math in and math out.
Ok, so that's what cryptography is, and what ciphers are specifically. Now, how does it work?
Well, there's a couple elements here:
First, you need a cipher; which is any algorithm (an algorithm is any process of applying structured transformation to any set of information) designed to make information secret.
Second, in what most people think of as "conventional" cryptography, there has to be what is known as a pre-shared secret, or pre-shared key, often referred to by the acronym PSK.
So, let's say two parties want to communicate securely. Those two people decide to communicate using a cipher, they decide on the cipher, and they decide on the key for the cipher.
Remember, the cipher is the math itself; the bit that actually makes the writing secret. The key, is that part that lets two people use the same cipher that other people are using, without anyone else who knows the cipher being able to read what you wrote. I can tell the whole world I'm using AES encryption, and not worry that they'll be able to read my messages; because the key is secret, the cipher doesn't have to be.
There are of course ciphers without keys, but they are far less secure; and far less convenient.
To illustrate the difference, think of the simplest cipher everyone learns as a kid, the alphabet transposition cipher (also called a simple substitution cipher). You know, that's the one where A is 1, B is 2 and so on (in fact, this is so simple that it's almost a code, but in reality it is a mathematical transform, therefore a cipher).
Now with a simple cipher, anyone can read the message as soon as they know the cipher. With a keyed cipher though, you add in a unique element, so that someone who knows the cipher can't read your message, unless they know the key as well.
For example, knowing that I'm using a simple alphabet transposition, you know that "3,1,20" is "cat".
Let's use the same simple alphabetic substitution, but we'll add what's called an "offset vector", and that will be our key.
An offset vector is just a fancy way of saying "add or subtract this number to your result to get the real number"; so your key, is the number you add to each digit, to get the real message. In this case we'll add it to encrypt, which means we subtract it to decrypt. This is the simplest type of keyed cipher, and has been in use for thousands of years (the romans and greeks both used similar keyed ciphers).
So, for this example I'm going to use 3 as our key. Given the transposition cipher, and the key "3", you can decrypt the digits 7,18,10, as "dog"; by taking each number, and subtracting 3 from it, then transposing back from numbers to letters.
Importantly, you can't know what I've written, unless you know both the cipher, and the key; and in order for you to decrypt the ciphertext, I had to share the key "3" with you beforehand.
This is called "symmetric cryptography", because both parties are using the same cipher, and the same key to encrypt and decrypt it.
The problem with internet communications (or really any communications over a distance) is how do two parties agree to a pre-shared key, if they can't talk to each other in person? A phone could be tapped, someone could be reading the mail etc... (that's called a "man in the middle" attack, which I'll explain deeper later)
What about if one person wants to send secure communications to someone they don't know yet?
Well, the way around it, is not to actually send the keys over the wire; or for that matter, to ever communicate the decryption keys to each other at all.
Okay, but how can I decrypt what you send to me, if I don't have the key you used to encrypt it?
This is where what is called "asymmetric cryptography" is applied.
In asymmetric cryptography, we both agree on an encryption scheme, and a cipher, but we don't share decryption keys in advance.
Again this is where people start to say "huh?".
What we do is, we both come up with a pair of keys; which are mathematically related, but which can't be derived from each other (so if I know one of your keys I can't figure out the other one), . Then we use a cipher that lets you encrypt with one key, and let's me decrypt with the other key.
Remember, the keys are mathematically related, but you can't figure out one from the other. That's why this works... it's also why I said the math is complicated.
Ok, next part is, because of that split key thing, you can encrypt messages to me by having half of my key pair, and I can decrypt with the other half; and vice versa, I can encrypt to you using half of your keypair, and you can decrypt using the other half.
Different keys are used to encrypt and decrypt, thus "asymmetric cryptography".
So, it takes four keys instead of one; but now, I never have to send the key I'm using to decrypt your messages to me over the wire, and you never need to send the key you're using to decrypt messages sent to you.
Pretty neat eh?
Just one more step though. What if we don't know each other beforehand?
This is where what is called "Public Key Cryptography" comes into play.
So I explained that in asymmetric cryptography, each person generated two keys, and that messages were encrypted and sent to you using one key, and that you decrypted those messages using the other one.
Well, since you never have to send the decryption key to anyone, you can keep that secret; but you can give ANYONE your encryption key, because they can't decrypt your messages with it.
The "public" part comes in when you don't want to have to pre-share your encryption key. Again, because you don't need to keep your ENCRYPTION key secret (just your decryption key), and anyone can use it without contacting you first, presuming they can get it. If you want unknown parties to be able to send you encrypted messages without your prior knowledge, you can just publish your encryption key out to the world. That way any time anyone wanted to send you secured info, they can just look up your encryption key.
Of course the system works, because you have a public key that you publish to the world, and a private key that you keep secret. If you ever lost the private key, you wouldn't be able to decrypt messages people sent you with the public key; and if the private key is exposed, ANYONE can decrypt messages sent to you.
Now, that covers my public and private key, but what the heck is a keyring?
... and we're back to PGP again.
Put simply, a keyring is a list of, and copy of, all the keys you know and trust; formatted in a way that PGP can use them.
It's important to understand that PGP isn't the encryption keys, or the algorithms themselves; it's the scheme for how you use them all together.
What PGP does, is provide an agreed upon framework (a language and format if you will) for people to generate and manage keypairs; store, retrieve, and manage public keys in trusted way; as well as a standard way of negotiating encryption algorithms, and presenting data and keys to those algorithms, for encryption or decryption.
The whole thing forms what is called a Public Key Infrastructure, or PKI; which you may have heard somethign (possibly quite a lot) about; and which I will explain in a later post.
Part of that key management framework... in fact, just about the most important part; is a concept called "the web of trust".
The problem with a public key infrastructure, is that in order for it to be useful, everyones encryption keys have to be made public; and when you do that, someone can impersonate you by publishing an encryption key in your name. Unless you know who to trust, and what keys are valid; you can't send anything securely without first verifying the key with the person you want to send information to. The whole point of having the PKI, was so that you wouldn't have to do that.
That's where the "web of trust" comes in.
This is basically the idea that you may not know and trust that a key you got off the internet is valid for the real person you want to talk to; but you do know that your friends keys are valid, and they know that THEIR friends keys are valid and so on.
Ok, how does that solve the problem?
In the web of trust, each person designates any keys he knows are good, by cryptographically "signing" them with their own key (sign as in signature, not as in "detour"). Then, when you download a key off the net, you know it's good because you've signed the key, of a guy who signed the key you downloaded; and you trust the guy who signed the key.
Basically I trust Bob and Bob trusts Steve, so I trust Steve. Trust becomes a transitive property of the keyweb.
Yes, it's like VD. You're not just trusting your friends, you're also trusting everyone they trust, and everyone they trust and so on and so forth; so be careful who you trust.
Remember, one poison key that you sign as trusted, can poison hundreds or thousands(or in the case of important signers that LOTS of people trust, like public certificate authorities, millions) of other trust relationships, and make an entire portion of the web untrustworthy.
It all sounds much more complicated than it really is; and for the most part the system works; but those key relationships can get complicated.
This is why the keyring files are important. It's essentially a record of who I trust, and who trusts me; in the form of a copy of all the keys I've signed, a copy of the keys of everyone who has signed mine, and a copy of all the keys of people I've communicated with; as well as a list of keys I know to be bad or invalid.
All pretty important stuff.
Of course, if you lose your keys, you can always generate new ones; but that means you won't be able to decrypt communications sent using the old ones. More importantly from a web of trust standpoint, you won't know whose keys to trust unless you got the key directly from them, and no-one will be able to trust your key, unless they got it directly from you; because you wont have signed any keys as being valid, and no-one will have signed your key as being valid.
Cascading further, keys signed using your OLD key can no longer use that signature as part of their trust metric; but because you can't revoke a key without first having that key, no other member of the web can be notified that your old signature is invalid, except by manually updating them all individually.
This by the way is why personal keys should always include an expiration date; and then should be renewed and refreshed periodically. My old keys have all expired now; which means they are still usable to encrypt and decrypt, but the web of trust knows that they are not to be trusted.
For a serious user of encryption, this loss of a keyring is devastating. Losing the private key is a major inconvenience; but if it's got an expiration, it doesn't corrupt the trust web too badly; and it's usually acceptable to be unable to decrypt a message, because you can usually tell the person who sent it that you have new keys. What is NOT acceptable, is not knowing what keys to trust.
You can't simply assume that keys are valid and trustworthy; so when you lose your keyring, you have to rebuild your portion of the web. This means you have to go back and manually fetch, and verify all the keys of everyone you communicate with, then sign them again; and get everyone to sign your key again etc... etc...
Ok, so that was a bit obscure, and probably mreo than most of you ever wanted to know about encryption... and yet it was barely a thumbnail sketch. For purposes of length and clairty, I've GROSSLY oversimplified this, left out... oooh about 90% of even the absolute basics; and deliberately used technically incorrect but logically correct illustrations.
In fact I based this post off a greatly condensed and simplified version of the introductory chapter of some training materials I wrote a few years ago, when I was teaching a basics of encryption class.
Just to let you know what a "basic" course is, the class covered a full five days, 6 hours a day, with a maximum of 12 students per instructor; and over 200 slides of material, with several hundred pages of supporting materials.
Yes, that's the basic introductory course. The advanced course was another 5 days, required the intro course as a pre-requisite; involved passing a certification test on the introductory course, as well as pre-reading a rather long and obscure text book before taking it.
I do this for a living; and let me tell you, the reality of encryption tends to be a lot more complicated and messy than what I've described above. If you thought this last bit was hard to understand, you should see how confused and messy things get out in the world.
Update: Because there seems to be interest (and a lot of confusion) about this topic, I think I'll make it into a series, and expand and clarify in later posts. Go ahead and leave comments about specific questiosn or issues you'd like to see me address.
First things first, what the heck is PGP?
PGP stands for "Pretty Good Privacy", an encryption and key management scheme (and associated utilities) written by Phil Zimmerman (A.K.A. PRZ); based on the earlier work of Whitfield Diffie, Martin Hellman, and Ralph Merkle, on something called "public key cryptography".
PGP was published over government objections in 1991. It's a great story really. The feds spent 5 years trying to put PRZ in jail for exporting controlled weapons (which is what they classified encryption as), failed miserably, and he eventually moved to Ireland (I think he's back in the U.S. now).
It's safe to say that PGP, in one implementation or another, is the most used interactive encryption software in the world. I say "interactive", because just about every web browser has SSL encryption software built in (which is a similar, but different encryption scheme), but most people never interact with it specifically; they just know that when they type in HTTPS instead of HTTP, and the little key or lock shows up in the browser, that they are "secure".
In my particular case I use GPG, the free and open source GNU implementation of PGP; both because it's free and open source, and because there are versions of it for every operating system I use (and pretty much every OS I don't use as well).
There is also a commercial implementation of the PGP standard, called simply enough, PGP (though the fact that they named the software after the standard confuses people as to whether they "really have PGP" if they don't use the "Official" commercial version); as well as numerous other implementations, both free and commercial, and plugins for other applications etc...
Theoretically, all of these different implementations should work together, because they all implement the same standard; though sometimes (frequently?) incompatibilities can pop up; especially between the open source and commercial implementations.
As I mentioned in passing above, PGP is what is called a "public key cryptography" scheme; and it works pretty simply in concept (though the math behind it is complicated).
The basic idea behind it, is that when two people want to talk to each other securely, they shouldn't have to know or trust each other first.
... Now there's a logical leap that many people seem to have a problem making; and in order to talk about it, we need to talk about what exactly cryptography is, and a bit about how it works.
At it's most basic, cryptography is (literally, from the greek), "secret writing". It's any means of writing a message in a way that is meaningful to those with the knowledge to understand it, but meaningless to all others.
Now, there are a heck of a lot of ways of doing that, but they almost all break down into two basic categories, ciphers and codes.
A code is a way of making writing secret by using symbols. A red Octagon is a way of writing "stop" in code for example, as is the sequence ... - --- .--.
The symbols of a code can be anything, pictures, shapes, sounds, even numbers or letters. The most well known code (at least that we explicitly think of as a code) in the world is probably Morse code (as above) where dots and dashes represent number and letters. Another one that is commonly known, is the admiralty radio code, also called the "Q code", where entire paragraphs can be expressed as groups of three letters, (that are convenient to tap out in morse code).
The important part is that each symbol has meaning, but that meaning isn't understood by someone who doesn't know the code. So in Q code, the letters "QRN" aren't spelling any meaningful word; but if you know the code, you know they mean "I'm having trouble understanding you because of radio interference".
Of course most people don't think of these as codes in the cryptographic sense (and in fact there is an entire academic field of study about symbology and the representation of meaning, that has very little to do with cryptography, called semiotics); I'm just using them as an example to illustrate the point.
Generally, when people think of cryptographic codes, they are thinking more along the lines of codebooks; which are kept secret, and which usually have groups of letters and numbers which are used to represent other words, letter, numbers etc...
Again, the important part here is that each symbol has a distinct meaning that it represents, which is not apparent to someone who doesn't know the code. So the code 999 doesn't mean nine hundred and ninety nine; it actually means "Oh god, Oh god, we're all gonna die".
Ciphers are a completely different way of making writing secret. Instead of using symbols to make things secret, they use math.
Putting the difference more simply, if a bit obscurely, code is representational, ciphers are transformational... or perhaps more clearly, codes translate, ciphers transform.
Huh?
Codes translate symbols; like from one language to another. In a code, the meaning is there in the symbols, you just can't understand it without the code book; much as you can't understand Urdu without a phrasebook. If I say salgirah mubarak, you don't know that it means "Happy Birthday" in Urdu.
Critical to understanding the difference between codes and ciphers though, is understanding that just because you don't know the meaning, doesn't mean the symbols have no meaning.
Ciphers TRANSFORM, not translate; so each individual symbol of the enciphered text (actually called ciphertext) has no actual meaning, without the cipher, and the ciphers key.
The ASCII octal code sequence 062060060070 always means "2008", even if you don't know the code and can't read it; whereas the ciphertext 062060060070 is completely meaningless without the math.
I realize that the distinction there is lost on some, but trust me, it's important.
From a strictly practical standpoint there is a huge difference: A code has to have symbols representing everything you want to say, or a way of making up new symbols built into it; a cipher doesn't, because there is no meaning to any particular symbol, it's all just math in and math out.
Ok, so that's what cryptography is, and what ciphers are specifically. Now, how does it work?
Well, there's a couple elements here:
First, you need a cipher; which is any algorithm (an algorithm is any process of applying structured transformation to any set of information) designed to make information secret.
Second, in what most people think of as "conventional" cryptography, there has to be what is known as a pre-shared secret, or pre-shared key, often referred to by the acronym PSK.
So, let's say two parties want to communicate securely. Those two people decide to communicate using a cipher, they decide on the cipher, and they decide on the key for the cipher.
Remember, the cipher is the math itself; the bit that actually makes the writing secret. The key, is that part that lets two people use the same cipher that other people are using, without anyone else who knows the cipher being able to read what you wrote. I can tell the whole world I'm using AES encryption, and not worry that they'll be able to read my messages; because the key is secret, the cipher doesn't have to be.
There are of course ciphers without keys, but they are far less secure; and far less convenient.
To illustrate the difference, think of the simplest cipher everyone learns as a kid, the alphabet transposition cipher (also called a simple substitution cipher). You know, that's the one where A is 1, B is 2 and so on (in fact, this is so simple that it's almost a code, but in reality it is a mathematical transform, therefore a cipher).
Now with a simple cipher, anyone can read the message as soon as they know the cipher. With a keyed cipher though, you add in a unique element, so that someone who knows the cipher can't read your message, unless they know the key as well.
For example, knowing that I'm using a simple alphabet transposition, you know that "3,1,20" is "cat".
Let's use the same simple alphabetic substitution, but we'll add what's called an "offset vector", and that will be our key.
An offset vector is just a fancy way of saying "add or subtract this number to your result to get the real number"; so your key, is the number you add to each digit, to get the real message. In this case we'll add it to encrypt, which means we subtract it to decrypt. This is the simplest type of keyed cipher, and has been in use for thousands of years (the romans and greeks both used similar keyed ciphers).
So, for this example I'm going to use 3 as our key. Given the transposition cipher, and the key "3", you can decrypt the digits 7,18,10, as "dog"; by taking each number, and subtracting 3 from it, then transposing back from numbers to letters.
Importantly, you can't know what I've written, unless you know both the cipher, and the key; and in order for you to decrypt the ciphertext, I had to share the key "3" with you beforehand.
This is called "symmetric cryptography", because both parties are using the same cipher, and the same key to encrypt and decrypt it.
The problem with internet communications (or really any communications over a distance) is how do two parties agree to a pre-shared key, if they can't talk to each other in person? A phone could be tapped, someone could be reading the mail etc... (that's called a "man in the middle" attack, which I'll explain deeper later)
What about if one person wants to send secure communications to someone they don't know yet?
Well, the way around it, is not to actually send the keys over the wire; or for that matter, to ever communicate the decryption keys to each other at all.
Okay, but how can I decrypt what you send to me, if I don't have the key you used to encrypt it?
This is where what is called "asymmetric cryptography" is applied.
In asymmetric cryptography, we both agree on an encryption scheme, and a cipher, but we don't share decryption keys in advance.
Again this is where people start to say "huh?".
What we do is, we both come up with a pair of keys; which are mathematically related, but which can't be derived from each other (so if I know one of your keys I can't figure out the other one), . Then we use a cipher that lets you encrypt with one key, and let's me decrypt with the other key.
Remember, the keys are mathematically related, but you can't figure out one from the other. That's why this works... it's also why I said the math is complicated.
Ok, next part is, because of that split key thing, you can encrypt messages to me by having half of my key pair, and I can decrypt with the other half; and vice versa, I can encrypt to you using half of your keypair, and you can decrypt using the other half.
Different keys are used to encrypt and decrypt, thus "asymmetric cryptography".
So, it takes four keys instead of one; but now, I never have to send the key I'm using to decrypt your messages to me over the wire, and you never need to send the key you're using to decrypt messages sent to you.
Pretty neat eh?
Just one more step though. What if we don't know each other beforehand?
This is where what is called "Public Key Cryptography" comes into play.
So I explained that in asymmetric cryptography, each person generated two keys, and that messages were encrypted and sent to you using one key, and that you decrypted those messages using the other one.
Well, since you never have to send the decryption key to anyone, you can keep that secret; but you can give ANYONE your encryption key, because they can't decrypt your messages with it.
The "public" part comes in when you don't want to have to pre-share your encryption key. Again, because you don't need to keep your ENCRYPTION key secret (just your decryption key), and anyone can use it without contacting you first, presuming they can get it. If you want unknown parties to be able to send you encrypted messages without your prior knowledge, you can just publish your encryption key out to the world. That way any time anyone wanted to send you secured info, they can just look up your encryption key.
Of course the system works, because you have a public key that you publish to the world, and a private key that you keep secret. If you ever lost the private key, you wouldn't be able to decrypt messages people sent you with the public key; and if the private key is exposed, ANYONE can decrypt messages sent to you.
Now, that covers my public and private key, but what the heck is a keyring?
... and we're back to PGP again.
Put simply, a keyring is a list of, and copy of, all the keys you know and trust; formatted in a way that PGP can use them.
It's important to understand that PGP isn't the encryption keys, or the algorithms themselves; it's the scheme for how you use them all together.
What PGP does, is provide an agreed upon framework (a language and format if you will) for people to generate and manage keypairs; store, retrieve, and manage public keys in trusted way; as well as a standard way of negotiating encryption algorithms, and presenting data and keys to those algorithms, for encryption or decryption.
The whole thing forms what is called a Public Key Infrastructure, or PKI; which you may have heard somethign (possibly quite a lot) about; and which I will explain in a later post.
Part of that key management framework... in fact, just about the most important part; is a concept called "the web of trust".
The problem with a public key infrastructure, is that in order for it to be useful, everyones encryption keys have to be made public; and when you do that, someone can impersonate you by publishing an encryption key in your name. Unless you know who to trust, and what keys are valid; you can't send anything securely without first verifying the key with the person you want to send information to. The whole point of having the PKI, was so that you wouldn't have to do that.
That's where the "web of trust" comes in.
This is basically the idea that you may not know and trust that a key you got off the internet is valid for the real person you want to talk to; but you do know that your friends keys are valid, and they know that THEIR friends keys are valid and so on.
Ok, how does that solve the problem?
In the web of trust, each person designates any keys he knows are good, by cryptographically "signing" them with their own key (sign as in signature, not as in "detour"). Then, when you download a key off the net, you know it's good because you've signed the key, of a guy who signed the key you downloaded; and you trust the guy who signed the key.
Basically I trust Bob and Bob trusts Steve, so I trust Steve. Trust becomes a transitive property of the keyweb.
Yes, it's like VD. You're not just trusting your friends, you're also trusting everyone they trust, and everyone they trust and so on and so forth; so be careful who you trust.
Remember, one poison key that you sign as trusted, can poison hundreds or thousands(or in the case of important signers that LOTS of people trust, like public certificate authorities, millions) of other trust relationships, and make an entire portion of the web untrustworthy.
It all sounds much more complicated than it really is; and for the most part the system works; but those key relationships can get complicated.
This is why the keyring files are important. It's essentially a record of who I trust, and who trusts me; in the form of a copy of all the keys I've signed, a copy of the keys of everyone who has signed mine, and a copy of all the keys of people I've communicated with; as well as a list of keys I know to be bad or invalid.
All pretty important stuff.
Of course, if you lose your keys, you can always generate new ones; but that means you won't be able to decrypt communications sent using the old ones. More importantly from a web of trust standpoint, you won't know whose keys to trust unless you got the key directly from them, and no-one will be able to trust your key, unless they got it directly from you; because you wont have signed any keys as being valid, and no-one will have signed your key as being valid.
Cascading further, keys signed using your OLD key can no longer use that signature as part of their trust metric; but because you can't revoke a key without first having that key, no other member of the web can be notified that your old signature is invalid, except by manually updating them all individually.
This by the way is why personal keys should always include an expiration date; and then should be renewed and refreshed periodically. My old keys have all expired now; which means they are still usable to encrypt and decrypt, but the web of trust knows that they are not to be trusted.
For a serious user of encryption, this loss of a keyring is devastating. Losing the private key is a major inconvenience; but if it's got an expiration, it doesn't corrupt the trust web too badly; and it's usually acceptable to be unable to decrypt a message, because you can usually tell the person who sent it that you have new keys. What is NOT acceptable, is not knowing what keys to trust.
You can't simply assume that keys are valid and trustworthy; so when you lose your keyring, you have to rebuild your portion of the web. This means you have to go back and manually fetch, and verify all the keys of everyone you communicate with, then sign them again; and get everyone to sign your key again etc... etc...
Ok, so that was a bit obscure, and probably mreo than most of you ever wanted to know about encryption... and yet it was barely a thumbnail sketch. For purposes of length and clairty, I've GROSSLY oversimplified this, left out... oooh about 90% of even the absolute basics; and deliberately used technically incorrect but logically correct illustrations.
In fact I based this post off a greatly condensed and simplified version of the introductory chapter of some training materials I wrote a few years ago, when I was teaching a basics of encryption class.
Just to let you know what a "basic" course is, the class covered a full five days, 6 hours a day, with a maximum of 12 students per instructor; and over 200 slides of material, with several hundred pages of supporting materials.
Yes, that's the basic introductory course. The advanced course was another 5 days, required the intro course as a pre-requisite; involved passing a certification test on the introductory course, as well as pre-reading a rather long and obscure text book before taking it.
I do this for a living; and let me tell you, the reality of encryption tends to be a lot more complicated and messy than what I've described above. If you thought this last bit was hard to understand, you should see how confused and messy things get out in the world.
Update: Because there seems to be interest (and a lot of confusion) about this topic, I think I'll make it into a series, and expand and clarify in later posts. Go ahead and leave comments about specific questiosn or issues you'd like to see me address.
Trust, but Verify
I've said this before, and I'll say it again: The most intelligent thing Ronald Reagan ever said was
"Trust, but verify".
Expanding on that, it is silly to just say "never assume anything" because we're human beings, we have to make assumptions to get by. If I could give you just one piece of advice in this life though, it would be this:
What follows is a classic example of Making an Ass of U and ME... or at Least ME Anyway.
I've lost my keyring.
No, not my car and house keys (securely 'binered to my belt loops thankyouverymuch); my PGP keyring, along with my private key files.
I have a lot of encrypted communications and other files archived, and generaly, I conduct a fair amount of encrypted communications; though I haven't been doing much of it recently (which is part of the problem).
Flat out, I don't send anything containing PII, PCI, PHI, PLI, or PFI over public networks without encrypting it; and I won't do business or communicate with anyone who doesn't follow the same policy (those stand for Private "X" Information - "X" being Identity/Identifiable, Confidential, Health, Legal, and Financial respectively, in the acronyms above. You may also see them as CII, CPI, CHI, CLI, and CFI; meaning Confidential "X" Information, depending on what auditing and security standards are in use in an organization)
Also, as a matter of security, and in some cases personal preference and/or eccentricity; I customarily exchange correspondence with certain people in an encrypted manner.
This is a pretty big deal, because it means that I can't decrypt my old archived files or communications that use those keys; and because people might try and send me new stuff that I can't decrypt either.
So, how did that happen? You'd think after all that I'd take care to make sure something that important was never lost right?
Well, I've had to completely replace all of my computers over the past few months; starting first with my primary desktop, then my secondary desktop, and most recently my laptop. In the process, I hadn't bothered installing PGP yet on any of the new boxes; until today that is. I was copying a bunch of my archived files over to my laptop, and though "Hey, I should install PGP again".
Thus begins my story of assumptions creating failures.
So, before I stop using a computer (presuming the hard drives are functional of course) I copy all of my files off the drives, onto a backup drive. Usually I also make a backup image of the drive just to be safe, but because I ASSUMED I HAD GOOD COPIES OF ALL MY FILES, I didn't bother this time.
I assumed this, because I did a bulk copy, didn't see any failures, and verified a couple of my files. I ASSUMED THIS WAS SUFFICIENT.
So I wiped my old computers, one by one; each time ASSUMING I HAD A VALID COPY of my keys, on my backup drive, and on my NAS box.
Then, because they were my old computers, no longer in use, I also wiped my backups of them; and destroyed the backup media; because I ASSUMED I HAD GOOD COPIES OF ALL THE FILES, on my backup drive and on my NAS.
Well...
I installed GPG on my new laptop, and went to import my keyring... and it wasn't there on the backup drive. Oh the directory was there, but my secring, pubring, seckey, and pubkey files were not.
Ummm... ok don't panic, I've got backups. I ASSUME THE NAS COPY IS GOOD.
NAS box, same problem.
Ok, don't panic, I alway keep an encrypted archive file of my keyrings and keyfiles; and I ASSUME THE FILE IS GOOD, AND UNCORRUPTED.
Uhhh oh.... The archive file on the backup drive is damaged and unrecoverable.
Uhh oh two, the NAS copy is the same file.
Not to worry, I also keep a copy of the archive file on my thumb drive; and I know those keys are good because I used them a few months ago...
Only I replaced my thumb drive a little while after I had last used the crypto stuff on it; and didn't bother copying the file over at the time, because I had copies of it on my laptop, my desktop, my backup drive, and my NAS drive; and I ASSUMED THEY WOULD ALL BE GOOD, AND I'D BE ABLE TO COPY THINGS OVER LATER.
Now remember, I had every reason to believe everything was good. My PGP was functioning on my laptop and the other computers, right up to the day I wiped them. My problem was that I assumed that keeping a straight backup copy from one of those computers was sufficient, and I never verified the validity of my assumption.
See you have to remember, that a copy is a copy; and it may be imperfect. Just because the source is good doesn't mean the copy is.
I THEN MADE A CASCADING SERIES OF DEPENDENT ASSUMPTIONS, WITHOUT EVER ONCE VERIFYING THE FIRST ASSUMPTION WAS VALID.
What I presume happened is that my backup copy didn't copy those files, because they were in use and locked at the time; and I probably just suppressed the error (some bulk copy command lines don't output error messages).
I verified several of the files from the copy, but I didn't do a file for file verify, because I was just copying, not using backup software.
Then I wiped my completely functioning PGP keyrings off those boxes when I decommissioned them.; without ever verifying that I had a valid copy.
Then I compounded my error, and overwrote the copy on my NAS box with the bad copy from the backup drive; without ever verifying.
Then I wiped my old thumb drive, because I assumed all the other copies were good, without ever verifying.
Now some might ask, "why did you wipe all those files. Even the backups"
That's simple, every copy you have increases the chance of compromise; so keeping as few copies as possible is just good security practice. Four is a standard; one online (the active copy), one in online backup (the backup drive), one in near line (the NAS copy) and one in physical archive...
Wait a sec, what about physical archive?
Unfortunately, no; all my physical archives for my working set files (the non machine specific files that I share across all the machines I work on) are done off the NAS or nearline backup, and rotated out periodically; or are of full system images, which I destroyed after I wiped those machines.
I checked them anyway, and finally found an OOOOLD key archive that has the private key... only one problem...
I've changed the passphrase a couple times in the last few years; and I forgot the old passphrase that I originally used when I generated that key. I've cycled through my usual metric for creating passphrases, and it isn't any of them; so I can import my keyring, but I can't use my own private key, and since I never set a revoker, I can't revoke it either (you can't revoke an invalid key without the passphrase).
So my friends, remember, an unverified backup, is WORSE than no backup at all; because when you have no backups, you are careful about making sure copies of critical data exist before you delete things; whereas with a bad backup, you might be just a bit careless, as I was, and end up losing your data.
"Trust, but verify".
Expanding on that, it is silly to just say "never assume anything" because we're human beings, we have to make assumptions to get by. If I could give you just one piece of advice in this life though, it would be this:
Never trust your in your assumptions; always verify them.
What follows is a classic example of Making an Ass of U and ME... or at Least ME Anyway.
I've lost my keyring.
No, not my car and house keys (securely 'binered to my belt loops thankyouverymuch); my PGP keyring, along with my private key files.
I have a lot of encrypted communications and other files archived, and generaly, I conduct a fair amount of encrypted communications; though I haven't been doing much of it recently (which is part of the problem).
Flat out, I don't send anything containing PII, PCI, PHI, PLI, or PFI over public networks without encrypting it; and I won't do business or communicate with anyone who doesn't follow the same policy (those stand for Private "X" Information - "X" being Identity/Identifiable, Confidential, Health, Legal, and Financial respectively, in the acronyms above. You may also see them as CII, CPI, CHI, CLI, and CFI; meaning Confidential "X" Information, depending on what auditing and security standards are in use in an organization)
Also, as a matter of security, and in some cases personal preference and/or eccentricity; I customarily exchange correspondence with certain people in an encrypted manner.
This is a pretty big deal, because it means that I can't decrypt my old archived files or communications that use those keys; and because people might try and send me new stuff that I can't decrypt either.
So, how did that happen? You'd think after all that I'd take care to make sure something that important was never lost right?
Well, I've had to completely replace all of my computers over the past few months; starting first with my primary desktop, then my secondary desktop, and most recently my laptop. In the process, I hadn't bothered installing PGP yet on any of the new boxes; until today that is. I was copying a bunch of my archived files over to my laptop, and though "Hey, I should install PGP again".
Thus begins my story of assumptions creating failures.
So, before I stop using a computer (presuming the hard drives are functional of course) I copy all of my files off the drives, onto a backup drive. Usually I also make a backup image of the drive just to be safe, but because I ASSUMED I HAD GOOD COPIES OF ALL MY FILES, I didn't bother this time.
I assumed this, because I did a bulk copy, didn't see any failures, and verified a couple of my files. I ASSUMED THIS WAS SUFFICIENT.
So I wiped my old computers, one by one; each time ASSUMING I HAD A VALID COPY of my keys, on my backup drive, and on my NAS box.
Then, because they were my old computers, no longer in use, I also wiped my backups of them; and destroyed the backup media; because I ASSUMED I HAD GOOD COPIES OF ALL THE FILES, on my backup drive and on my NAS.
Well...
I installed GPG on my new laptop, and went to import my keyring... and it wasn't there on the backup drive. Oh the directory was there, but my secring, pubring, seckey, and pubkey files were not.
Ummm... ok don't panic, I've got backups. I ASSUME THE NAS COPY IS GOOD.
NAS box, same problem.
Ok, don't panic, I alway keep an encrypted archive file of my keyrings and keyfiles; and I ASSUME THE FILE IS GOOD, AND UNCORRUPTED.
Uhhh oh.... The archive file on the backup drive is damaged and unrecoverable.
Uhh oh two, the NAS copy is the same file.
Not to worry, I also keep a copy of the archive file on my thumb drive; and I know those keys are good because I used them a few months ago...
Only I replaced my thumb drive a little while after I had last used the crypto stuff on it; and didn't bother copying the file over at the time, because I had copies of it on my laptop, my desktop, my backup drive, and my NAS drive; and I ASSUMED THEY WOULD ALL BE GOOD, AND I'D BE ABLE TO COPY THINGS OVER LATER.
Now remember, I had every reason to believe everything was good. My PGP was functioning on my laptop and the other computers, right up to the day I wiped them. My problem was that I assumed that keeping a straight backup copy from one of those computers was sufficient, and I never verified the validity of my assumption.
See you have to remember, that a copy is a copy; and it may be imperfect. Just because the source is good doesn't mean the copy is.
I THEN MADE A CASCADING SERIES OF DEPENDENT ASSUMPTIONS, WITHOUT EVER ONCE VERIFYING THE FIRST ASSUMPTION WAS VALID.
What I presume happened is that my backup copy didn't copy those files, because they were in use and locked at the time; and I probably just suppressed the error (some bulk copy command lines don't output error messages).
I verified several of the files from the copy, but I didn't do a file for file verify, because I was just copying, not using backup software.
Then I wiped my completely functioning PGP keyrings off those boxes when I decommissioned them.; without ever verifying that I had a valid copy.
Then I compounded my error, and overwrote the copy on my NAS box with the bad copy from the backup drive; without ever verifying.
Then I wiped my old thumb drive, because I assumed all the other copies were good, without ever verifying.
Now some might ask, "why did you wipe all those files. Even the backups"
That's simple, every copy you have increases the chance of compromise; so keeping as few copies as possible is just good security practice. Four is a standard; one online (the active copy), one in online backup (the backup drive), one in near line (the NAS copy) and one in physical archive...
Wait a sec, what about physical archive?
Unfortunately, no; all my physical archives for my working set files (the non machine specific files that I share across all the machines I work on) are done off the NAS or nearline backup, and rotated out periodically; or are of full system images, which I destroyed after I wiped those machines.
I checked them anyway, and finally found an OOOOLD key archive that has the private key... only one problem...
I've changed the passphrase a couple times in the last few years; and I forgot the old passphrase that I originally used when I generated that key. I've cycled through my usual metric for creating passphrases, and it isn't any of them; so I can import my keyring, but I can't use my own private key, and since I never set a revoker, I can't revoke it either (you can't revoke an invalid key without the passphrase).
So my friends, remember, an unverified backup, is WORSE than no backup at all; because when you have no backups, you are careful about making sure copies of critical data exist before you delete things; whereas with a bad backup, you might be just a bit careless, as I was, and end up losing your data.
Subscribe to:
Posts (Atom)