A choice of disasters

The list of candidates in the upcoming New Hampshire primary is enough to make one cry.

Romney is a pathological liar.

Huckabee is a would-be theocrat.

Giuliani is war-crazy.

McCain says America is a "Christian nation" and is the co-author of an outrageous political censorship law.

Ron Paul has abandoned libertarianism for conservatism and "states' rights." He's better than the leading candidates (that isn't hard) but makes a poor protest vote.

Clinton is a paranoid leftist.

Edwards wants forced medical examinations.

Obama believes in government involvement in just about everything. He claims that the right to vote is the most fundamental right, which implies that he puts majority rule ahead of individual rights. Yet by default he may be the least bad of the candidates with a chance.

You can dig through the minor candidates if you want, and perhaps find some unintentional humor there. There's even someone called O. Savior, who wants to cut gas prices to 99 cents a gallon while reducing oil usage.

Simon and Garfunkel had it right: "Laugh about it, shout about it, when you've got to choose, any way you look at it you lose."

Rotenberg Center computer issues

OK, I've already blogged three times in the past week on the Rotenberg Center. But now I've learned that its website has issues, and that's an area on which I can say something not just with indignation, but with professional knowledge.

The staff login page has a pulldown menu of all the people who are allowed to log in through that page. A password is required, but this is still very bad from a security standpoint. Knowing user names is half the battle in breaking into a system. If any of the 876 users listed in that menu has an easily guessed password, an outsider could gain access to the staff site. I don't know what's there, but it's likely to have confidential information on children which shouldn't be exposed to the public. To avoid making life too easy, I've declined to link to the staff page, but I'm afraid it isn't hard to find.

There is heavy repetition of last names in the list, including some very unusual last names. Unless the Rotenberg Center relies heavily on recruiting of employees' relatives, this suggests that it might be giving staff access to employees' family members. If that's the case, it sounds like a serious violation of confidentiality. This is speculation; it's also possible that the site is seeded with many fake names as traps for intruders or that there really is a valid reason for giving these people access. But just making people type their own names seems much more sensible.

Kevin Leitch claims to have discovered another flaw in the Rotenberg site. He doesn't give details on the exploit which he found; perhaps it's an elaboration from the one I found, though he implies he didn't attempt password guessing. He writes:

Anyway, I’ve been taking a long hard look at the JRC website and received a bit of information which led to what I believe is a breach of US law governing personal data and data protection issues.
 
I’m going to have to talk broadly here as I don’t think it would be ethical for me to show you exactly what steps I took to stumble across this data. However, not only are the full names of all current staff members on public display, there are documents I’ve found which contain a full listing of all current students, represented by initials, together with details about which schools/units they’ve attended prior to JRC. There are also documents which mention at least 4 students full names, together with photographs of these students.
 
Let’s also be clear that the method I utilised to get to the data under discussion did not in any way reflect any hacking, cracking, injecting or otherwise any unethical practices. It came from a chance mouse click and some really dreadful .NET coding on behalf of the JRC’s web developer(s).

I'm not able to confirm this, but reportedly an official complaint is being issued about it.

Finally, this isn't a computer security issue as such, but it's perhaps the scariest of all. Go to the Rotenberg homepage and click on "Jobs." At the bottom of the page, you'll see this:

We consider applicants for all positions without regard to age, race, color, religious creed, national origin, sex, sexual orientation, age, criminal record, mental illness, handicap/disability, or any other legally protected status pursuant to Massachusetts Fair Employment Practices Act, and other relevant federal, state and local laws.

Some states do have crazy anti-discrimination laws, and it would take a lawyer to know for sure, but as far as I can tell from a quick web search, Massachusetts employers aren't forbidden from discriminating on the basis of criminal record. Certain information -- arrests without conviction, some minor offenses, and old convictions -- is out of bounds, but I can't find anything that suggests a blanket prohibition on taking convictions into account. It's horrifying that an institution with such power over children welcomes applications from convicted criminals.

The relevance of religion

It's generally accepted that a candidate's religious affiliation shouldn't be a consideration when judging his suitability for office. Candidates should be judged on their political positions, not their theological ones. But this doesn't mean that a candidate's personal beliefs are always irrelevant. Here are some of the cases where a candidate's religious views can and should be marks against him:

• Does the candidate use his religion to promote himself? (Huckabee, at the top of his website: "Faith. Family. Freedom.")
• Will the candidate use his position to advance his religion? (Huckabee: "I will use the Bully Pulpit to change hearts and minds, to move this country from a culture of death to a culture of life.")
• Does the candidate's religion lead him to advocate harmful policies? (Huckabee: "With respect to stem cells, I am opposed to research on embryonic stem cells.")
• Does the candidate lie in the cause of his religion? (Huckabee: "When our founding fathers put their signatures on the Declaration of Independence, those 56 brave people, most of whom, by the way, were clergymen...")
• Does the candidate publicly express disdain for people outside his religion? (Huckabee: "The great truth of Christmas is that no matter how good we are, we're not good enough to know God without the Christ.")

Huckabee is useful as an illustration, but my point is more general. Choosing a candidate should depend only on what he is expected to do in office, and any idiosyncrasies which don't bear on that should be ignored. But if a candidate's religion-based views can reasonably be expected to affect what he'll do in office, he can't hide behind demands for religious tolerance or pretend that (Huckabee again) people are objecting merely because he "mention[ed] the name of Jesus."

Greed trumps religion in Bethlehem

So far (crossing fingers), Christmas in Bethlehem is a peaceful affair, with Palestinians welcoming crowds of tourists. This isn't because of "the love of Christ," as a person quoted in the article claims. The town is predominantly Muslim. What is bringing peace and good will is greed for the tourists' money. (And lots of well-armed police.)

Religion spreads enmity among Christians, Muslims, and Jews, but the recognition that trade leads to mutual benefit has proven a stronger force this time. Trade leads not only to welcoming tourists for the money, but to coming in contact with them. Many will wonder why they should wage a holy war against these people. Murdering the innocent may get you into Heaven, but it doesn't get you fed on Earth.

Meanwhile, back in America...

The Commonwealth of Massachusetts has extended the Rotenberg Center's authorization to torture students. To show its toughness, the Office of Health and Human Services has only given a one-year extension instead of a two-year one.

Shock "therapy" was once widely practiced in the US. As a kid, I remember hearing stories from my uncle, who worked at the New Hampshire State Hospital, and "Dr. Tang," who administered the shocks there. He served as an amusing bogeyman; I was too young to think seriously about the moral implications, but knew what the "therapy" meant: if you were subjected to enough pain, you'd pretend you were "cured" of whatever aberrant thoughts you had. The Rotenberg center is one of the last refuges of this barbaric excuse for a treatment, but it has apparently been able to convince some parents that believe in such "treatment" -- probably the kind who would use lower-tech equivalents, such as fists and straps, at home.

The Rotenberg Center obviously has friends in the state government.

Some links:

• Judge Rotenberg Center -- Close it down!
• New York's Investigations of the Rotenberg Center
• School of Shock
• Susan Senator
• Report from Massachusetts Department of Early Education and Care (PDF)

Borders open in Europe

In 1991, as the Soviet empire was falling apart, I wrote these words:

America, they say, brought freedom unto man,
But we’ve wasted and destroyed it since our history began.
Now of all the major nations, we may soon possess the least,
For there’s a thunder ’cross the sea, and a sunrise in the East.

Things haven't gone as well as I had hoped, but there has just been an exciting new development.

Passport checks between most of eastern and western Europe disappeared at midnight, a symbolic step toward a united continent that will make European trips more like travel between American states.
 
Eight eastern European countries and Malta joined 15 western countries in the no-passport system, initially for travelers by land and sea. Eastern airports will become part of the passport-free zone in March.

In America, passports will soon be required to drive or walk across what we once proudly called the longest unguarded border in the world. But in Europe, you can now cross what was once the Iron Curtain without a passport.

There's something appropriately symbolic about the timing of this change at the winter solstice. While everything keeps getting darker for America, this is a much-needed bit of light. There may yet be a "sunrise in the east" for freedom.

Spock: Social networking by blackmail

Quick-buck social networking sites that hope to take advantage of people's gullibility pop up every so often. One of the latest, spock.com, has an especially nasty twist.

Spock puts up unverified and sometimes slanderous information about people in computer-generated profiles. Wired reports that Spock circulated a Mad Libs-type game to lure people into making false statements about themselves. Whatever information it gathers, it represents as factual assertions, not as information gathered from harvesting other sites.

When people join, Spock tricks them into thinking these people have already joined so that they will send out invitations to these people to join their network. They also apparently use the trick of asking for password access to people's online address books -- a request which screams of intent to defraud, but which many people remain willing to grant.

The final hook is that to get false information removed, you have to "claim your profile" by signing up with Spock. In other words, Spock is engaging in mass blackmail.