This guy is one of my heros:

This is why:

Remember that? That's a DC-10 with 285 passengers on board, cartwheeling across the runway.

This aircraft suffered a catastrophic control failure while in-flight. With no stick, no rudder, and no flaps, Captain Haynes and his crew had nothing left to work with except for the engine throttles. They miraculously managed to turn their craft around and line it up, and even made an incredible landing approach right down the center of the runway. They literally did all that was humanly possible, and their efforts saved 185 lives.

Subsequent simulator tests showed that other DC-10 crews were unable to repeat the effort of the crew of 232. Investigators concluded that, in its damaged condition, it was not possible to land the aircraft on a runway.

In the years following the accident, Captain Haynes has made some money on the talk circuit and he's donated most, if not all of it, to charity. This is an honest to god stand-up guy.

Now he needs our help. His daughter is dying, and he is collecting money for the bone marrow transplant that can save her life.

He's already lost his son to a careless driver and his wife to a sudden illness. This man deserves a break. He's earned it.

Go here, select "Arguello (Haynes), Laurie" from the pulldown menu and donate a couple of bucks. How often do you have a chance to say "thank you" to a guy like this, in a way that really matters?

comment

Abdullah al-Muhajir, aka "Dirty Bomber" Jose Padilla, is an American citizen who has been held for over a year without charges. A federal appeals court just ordered his release within 30 days.

I have mixed feelings about this.

On the one hand, obviously, every citizen is entitled to due process. However, I believe that wartime does provide for some appropriate wiggle room in cases like this.

For example, if we suspected that Bin Laden was riding, right now, in a particular car, we'd blow it to pieces. If we could take him alive we would, and we'd interrogate him for as long as we saw fit.

Would this change if we were to discover, to our horror, that Osama was actually an American citizen? Would this mean we couldn't kill him on sight, that he could demand a lawyer and simply refuse to talk when captured?

I'd hope not.

Now, the law here is vague and I honestly have no idea what the precedents are. I suppose we'll see this issue sorted out by both sides in the coming days.

I don't know how I feel about it right now.

comment

Longtime readers know that I'm a big Clay Shirky fan. He offers some typically excellent insights in his latest article, The RIAA Succeeds Where the Cypherpunks Failed. It seems that after years of neglect, the public has finally begun to embrace encryption because an emerging threat - fear of music-downloading lawsuits - has finally motivated them to do it.

Until now, it seems, nobody really seemed to care. I'd bet that not one in ten of my readers even has a personal encryption key.

This is something that used to bother me a lot. I don't know anyone who would care to see the contents of their email folder made public, yet virtually all of us exchange email across what is essentially an open network. Anybody with a mail server can read the traffic going by. Even worse, many of us use email at work on locally-networked computers, which are often left logged in and unattended on our desks. Anybody can come by and copy off that single directory which contains all our secrets. Yet somehow, nobody really seems to mind.

Shirky suggests apathy as the prime reason for this, and I think he's mostly right. "[T]he average user", he says, "has little to hide, and so hides little". The other side of this equation is the effort demanded of the average user in order to use encryption properly. Even the simplest of the good encryption programs have a real learning curve. When the perceived costs are high and the benefits are low, it's no surprise that people will find other things to do with their time.

Effort, I believe, is an unavoidable aspect of good security. Security is work, and people generally don't do work without good motivation.

---

Why can't a secure system be easy to use? Why can't it just be transparent and effortless?

I'll answer those questions with a few of my own:

When I lock myself out of my house and need help to get back in, why can't that process be transparent and effortless, too? Why do I need to identify myself first, which requires that I carry around that damn drivers license, which required all that annoying paperwork there at the DMV? Why do the policeman and the locksmith always have to ask all those personal questions before they let me in?

The thing is, you really don't want it to be too easy to get the keys to your house. If it's too easy for you, it's too easy for a bad guy to take advantage of it.

People don't like it if they have to type passwords a lot. They don't want to know the details about weird things like trusted third parties and signed keys. So, sure, we can make it so you only have to log in once, but then anybody can impersonate you if when your machine is left unattended. We can hide the details of who you trust and why, but then bad people can abuse that trust and slip in under the radar. You can't automate the whole process and hide it from view, because the system demands good human judgement in order to properly work.

Only you know who to trust. No machine can sort that out for you.

Microsoft Outlook Express has encryption built right in. In typical Microsoft fashion, it is laughably insecure and primarily designed to raise money for their business partners, who put themselves in the business of selling "certificates" to prove that users are trustworthy. The certificates, of course, are not worth the imaginary paper they are printed on. The whole system is based on a lie. It is, however, fairly easy to use... once you pay your fee, of course.

PGP represents the other end of the spectrum. It's free, and quite secure, but you'll need to take the time to read the manual and understand it. You'll also need to convince others to take that time, too, or else you won't have anyone to send encrypted messages to.

Shirky suggests that secure networks are now emerging which require less effort to use. I suppose we could see some real improvement, a fair middle ground where ease of use and acceptable security can co-exist. That'd be nice, but I don't have my hopes up. Easy-to-use systems have generally not survived for very long.

The worst-case outcome is that these file-sharing networks can become traps. People sign on, expecting privacy, only to find that the security is one day broken and all their misdeeds are laid bare. There is a grave risk in making things too easy to use. There is grave risk in misplacing your trust.

If you want practical security, PGP is still your best choice. Suck it up, and take the time to learn what you need to know, and it will serve your needs well. If you cannot motivate your partners to put the effort in, perhaps you really don't need that level of security after all. It's OK to fall back on unsecured communication, just so long as you remember that it is unsecured, and you always behave accordingly.

comment

Ho Ho Ho!

Maybe we can ask him about this:

Terrorist behind September 11 strike was trained by Saddam

Iraq's coalition government claims that it has uncovered documentary proof that Mohammed Atta, the al-Qaeda mastermind of the September 11 attacks against the US, was trained in Baghdad by Abu Nidal, the notorious Palestinian terrorist.

Details of Atta's visit to the Iraqi capital in the summer of 2001, just weeks before he launched the most devastating terrorist attack in US history, are contained in a top secret memo written to Saddam Hussein, the then Iraqi president, by Tahir Jalil Habbush al-Tikriti, the former head of the Iraqi Intelligence Service.

comment

Think I'm kidding? Check this out:

Click here to go to Amazon.com!

Most recent versions of IE are probably compromised. Heads up.

comment

Campaign finance law is complicated, and easy to misunderstand. That doesn't stop me from getting all pissed off about it, though.

The court decided today to uphold virtually all of McCain-Feingold. One of the more galling aspects of this law is a prohibition against running political ads for 60 days(!) prior to an election. If you are an official "media outlet" - say, a newspaper, or a magazine, or a television station - you can say whatever you want about the candidates, whenever you want to say it. But if you are just an ordinary citizen, you may no longer buy television time or ad space in your local paper to offer your opinion about the election. You just lost your right to do that sometime early this morning.

So, here's my question: suppose you were to make a nice little poster expressing your political views. Suppose you paid me a dollar to print out a few copies and hand them to passersby on the street just a few weeks before the election. That sounds a lot like a paid political advertisement, doesn't it? That'd be illegal now.

I'd bet it would even be illegal if you did it yourself, with your own money, and handed the posters out personally. Just because you pay for the media yourself, and distribute it yourself, doesn't mean it's not a political advertisement. Hell, I bet that telemarketing for that purpose would count, too. Personally call a hundred strangers on the phone, say "Please vote for George Bush", and you've broken the law, haven't you?

It's not only candidates, but issues as well. Your poster might just say "Repeal Campaign Finance Reform" and you'd still be in trouble.

Well, I'll tell you what. If the law really does mean what I think it means, this is what I'm going to do. I'm going to make a nice poster that says "Repeal Campaign Finance Reform" over an image of the First Amendment of the Bill Of Rights, and I'm going print that motherfucker out and hand it to as many people as I can the day before the election.

I'm a citizen, not a subject. These people can go fuck themselves, is what.

If any of you know where I can get a definitive answer to my questions I'd appreciate it.

comment

A friend forwarded the following message. I'm satisfied that it's true:

Damn straight. They've done the right thing by standing up for our soldiers, and we can do the right thing by seeing that they are richly rewarded for their effort. Don't forget to let them know why you stopped by.

comment