I am not getting it: what is wrong with spy agency expoliting flaws per se?
Not much, actually, prima facie.
Except for the fact that the NSA is not supposed to be a spy agency.
The NSA is supposed to play a defensive role, not an offensive one. The true harm is not, as you say, the act of exploiting the Heartbleed flaw per se, but rather it would be the inaction of not informing the general public of this widespread vulnerability.
Indeed, if the NSA knew about Heartbleed for even a few days before the general public, then by not informing those United States Citizens (who they are ostensibly protecting) affected by this vulnerability, they not only have failed in their mission of defense, but have implicitly harmed the vital infrastructure of this Nation.
I'd say the NSA are best likened to an Autoimmune Disease. They were once an entity that protected the body against foreign threats. However, after a particularly virulent infection (i.e. 9/11), they began to confuse ordinary, healthy cells with potential threats. In an attempt to cure this perceived infection, the distinction between healthy and diseased cells was lost, and the immune system began indiscriminately attacking cells, ironically becoming a larger threat to the body than the infection which provoked the autoimmune response to begin with.
Not sure exactly what method the NSA is using, but you can't just look at people who have a shallow connection to a known criminal and expect to get any meaningful results.
Even direct in person connections are usually completely innocuous, e.g. a neighbor, college roommate, brother or sister, etc.
At best you may find a "potential" criminal by cross-checking connectivity maps of two or more known criminals (especially those who aren't directly connected to each other). Someone who is closely connected (within 2 jumps, not 3) to multiple known criminals would be rather suspect, and may warrant further (non-intrusive) investigation. I say non-intrusive because we do not (ostensibly) believe in guilt by association. Innocent until proven guilty, and all that good stuff.
Then again, I'm not sure I should be giving the NSA tips on how to use the mountains of data they've illegally (or, at least, unethically) obtained. I've always had a fascination with large data sets, though. In another reality, it's possible I could have been working for the NSA on just that sort of thing (and hopefully have had the courage to pull a Snowden).
Which is incalculably better than just authorizing military action without congressional approval. Which is normally what Obama does. Congress is supposed to decide whether we should or should not take military action. By choosing representatives who are (ostensibly) better informed than we are to decide on these matters, we are exercising control. That's how it works. My concern is whether or not he'd listen if they say Nay.
No, I have my fair share of gripes against Obama, but this is certainly not one of them.
I actually think the opposite. "Pure" democracy often ends in disaster even in small scales. On a nation-scale, such an attempt would be utterly suicidal.
It is rather relevant, because a society is democratic if its populace is self-governed. The US is not self-governed, we have chosen individuals to govern us. Just because the Romans chose their emperor doesn't make them a democracy either.
A state can be considered democratic if every citizen has a full and equal part in every governing decision. I don't know enough about UK government to comment more than anecdotally, but the US sure doesn't work that way.
Ostensibly, we choose representatives to act in government on our behalf. In reality, however, there are no systems in place that guarantee (guarantee, not incentivize, as in re-election) that elected officials accurately reflect their constituents.
Anyone who seriously thinks that the US is truly a democratic state (or, indeed, ever was), needs to have a long hard think about the state of our government. We're closer to a plutocracy than a democracy.
Congress alone cannot pass an amendment to the Constitution, it can only propose them. After proposal the amendment must then be ratified by 75% of States.
Fun fact: It's possible to pass an amendment without any involvement of Congress at all. 2/3 of States have to apply to hold a National Constitutional Convention. It's never happened, but maybe we need to start seriously considering it.
Are you in all seriousness asking why those who spearheaded rampant government encroachment on civil liberties such as the PATRIOT act, which were hastily and surreptitiously passed with a distracted and overly emotional public, are showing no inclination towards repealing the acts which gave them so much power, just because the blindfold around the public's eyes named "terrorism" has slipped a little?
I'm inclined to give you the benefit of the doubt and assume your post was rhetorical sarcasm, but I have to be sure.
One could easily make the argument that "draining the swamp" is an overly aggressive move and results in the creation of more terrorists. That kind of interference with sovereign nations is the main source of the US hate abroad. (Not any of that BS about hating us for our freedoms.) I don't have the domain knowledge or data to argue this one way or the other, but if both inaction and action lead to the same result, then inaction is the preferred choice.
As you said, it was our interference with bin Laden, that we "would not leave him alone to impose Sharia law", that resulted (at least in part) in terrorist action. The vitriol cruxes on the interference, not the abstract ideology.
Any increase in technology that makes asymmetrical attacks easier is irrelevant. We need to decide, as a nation, via a level-headed analysis, what we are (or are not) willing to sacrifice in order to protect ourselves. There is no perfect security. That is a hard fact that people need to deal with. Once they get past that, then it all becomes a matter of "acceptable risk". Reducing risk is a game of diminishing returns; once we have reached a level we deem acceptable, then, despite any emotional overreactions to one-off events, we need to maintain that level of risk.
While true that predicting future incidents of a non-correlative event (such as a terrorist attack) from past data is a logical fallacy (the gambler's fallacy, to be specific), the statement of "odds" in the article was a rhetorical tool, and was not intended (so far as I can see) to be taken as either mathematical nor logical fact.
It was simply an attention getting means of indicating that terrorist attacks, while not an independent event, have a historically low frequency. While early deterrence of the event brought by a preventative measure does count as a success, due to the overwhelmingly low (relative to preventative expenditures) economic impact of terrorist events the cost of preventative measures must necessarily be proportional.
A simplified equation of equitable expenditure for prevention of terrorist attacks would be:
(Note that this equation does not take into account changes in attack severity (and hence cost) by actions taken, as that would be too complicated for this simplistic example.)
Unfortunately, this equation is rather hard to solve due to the difficulty of pricing the impact of the average event (mainly due to difficulty of pricing human lives), and the fact that the attacks per year is not an independent variable, but fluctuates based on actions taken. Because of the interdependent nature of the equation, it's difficult to predict beforehand whether an action taken will have net cost or benefit.
However, once an action is taken, and data on its effects is gathered, it can then be determined if it was "successful", in that it prevented more in losses than it cost to implement. For actions which are grossly in the red as given by this cost/benefit analysis, there is a clear need of discontinuation.
These broad surveillance programs have a clearly established and demonstrably high cost associated with them, but very little in the way of verifiable success. From a purely economic view, they have been a colossal failure, doing more harm than the events they purport to stop.
Well, if money literally "buys votes", then every representative who received a significant contribution regarding this case would have voted no. However, because only 9 of the top 10 contributed politicians voted no, it's clear that it's a bit more complicated than "money buys votes". That's what Mike was trying to point out in that phrase.
However, it is abundantly clear that money "influences" votes, and while it is not the sole determining factor (as it would be in cases of "bought" votes), it plays an egregiously large role in politics, as the reported document makes clear. I for one would like to see a ban on all campaign contributions, both from companies and citizens. Make it so that no candidate can spend any money to advance their campaign; no ads of any kind would be a huge start. Take away the uses for campaign contributions and you take away the impetus for giving them. Politicians would only be able to influence voters through public debates with their opponents, giving everyone a level playing field regardless of funding. Further, without the constant blasting of attack ads and emotional appeals, one might hope that voters will be more inclined to actually research the candidates before voting.
Once the need for funding is gone, you cut the power of lobbying groups considerably. There will still be those instances of "favors" for voting certain ways, but those are risky to both entities, and will never be as pervasive as influencing through election contributions.
It wouldn't fix everything overnight, but banning campaign advertising of any kind would be a huge first step.
Well, if they can force you to hand over the hashes, they can force you to divulge your salting practices, so salts probably won't help much in this case. A cryptographically secure hashing mechanism is your best bet to protect user passwords, in all cases. Salts protect against rainbow tables, not individual cracking attempts. (Though it's still a good idea to salt in a unique way, as this prevents someone from using a password hash leaked from another site to login to a user with the same email via bypassing the hashing mechanism.)
I'm more interested in why the NSA wants passwords in the first place, when they've proven they can get FISA warrants (which are almost never denied, or even examined thoroughly) to sap data up directly from inside any company's datacenter. To try to login to a user's accounts on a foreign site? Am I the only person who thinks that this behavior is more reminiscent of a criminal hacker ring, than a "Security" agency?
Sidenote: I just looked up the PA's 7th district on a map. It's shape is insane. Gerrymandering, anybody? I can count at least 4 spots where major sections of the district are connected by areas no longer than a city block.