I need you now, in Utah.
Everyone deserves #healthcare—especially kids. #Taxreform should help the middle class. Women deserve an equal shot. Immigrants deserve our welcome. #Climatechange is REAL.
With @SenOrrinHatch out, let's fight. Join me now: https://t.co/6fpg6tL4HK
— Jenny Wilson for UT (@JennyWilsonUT) January 3, 2018
5th generation Utahn and Democrat @JennyWilsonUT has been taking on Hatch from the start, long before today.
$50k goal starting NOW for the resistance to support her & show her we stand with her. Let's do this!
Chip in here and share far and wide! https://t.co/Pn3iURHcJT pic.twitter.com/swdsGoGwFO
— Adam Parkhomenko (@AdamParkhomenko) January 2, 2018
.
The professionals weigh in…
I think Romney has a chance, you guys. pic.twitter.com/pjN6Xx3zoM
— Guy Benson (@guypbenson) January 2, 2018
The saddest moment for my #nevertrump friends will be when Mitt Romney wins a Senate seat and immediately follows McConnell, Ryan, and Rubio into the deep end of the pool of Trump shame
— Dan Pfeiffer (@danpfeiffer) January 2, 2018
Would Romney really lead the NeverTrump movement? He was willing to be his secretary of state. https://t.co/PsmY6bnup8
— David Corn (@DavidCornDC) January 2, 2018
This is the wrong question. No US Senator from Utah is going to "lead the NeverTrump movement." But would the signer of Romneycare vote to repeal Obamacare? I don't think so. Of course we prefer the Democrat win IN UTAH but let's have a plan B, please. https://t.co/ZPWvDHCaDe
— Al Giordano (@AlGiordano) January 3, 2018
As a fellow Masshole, I concur with Mr. Pierce:
The surest bet on the board is that Willard will get bored of being Mike Lee's junior after about 6 months, basically quit on the job, and then run for president again.
— Charles P. Pierce (@CharlesPPierce) January 3, 2018
.
Wanna-be Breitbrat Jacob Wohl chips in with a cunning plan…
Steve Bannon should run for Orrin Hatch's Senate Seat. That would place him in a good position to run for President in 2024
— Jacob Wohl (@JacobAWohl) January 2, 2018
Securities fraudster asks alcoholic to run for Senate in Mormon state…sounds about right #notright
— Aaron Gershoff (@ajg6882) January 3, 2018
TBH, since the Fusion GPS / Wolff book news dropped this morning, I suspect Steve Bannon’s got quite enough on his plate without an expensive referendum on how much consistent GOP voters don’t like him. But it’s good to know the hardcore racist/sexist/nativist bigots will be harrassing Romney from the right while the Democrats are pushing our “leftist” (humanist) agenda!
Jim, Foolish Literalist
I think this may become a meme
chris
Bannon’s cup runneth over. This makes me happy.
Wapo link
Mike J
Quadrantids tonight. Look under the big dipper.
schrodingers_cat
Mitt Romney is not going to challenge Doll hair.
Adam L Silverman
That Wohl kid really needs to be drug tested.
Another Scott
Jenny Wilson sounds fine, but there’s a primary in Utah that doesn’t happen until late June. Does anyone have strong feelings about her competition?
Cheers,
Scott.
Jim, Foolish Literalist
I agree, if that Senator is named Romney. I think McMullen might do it if eh could win
Does AG explain that thought? I think Romeny would step on Chuck Grassley’s addled pate to cast that vote
Butthurt Jordan Trombone (fka XTPD)
Brick. Damien. Bae. TA. Max Landis. Barista. Pimp. Borat. Super Mario.
eponymous
@Jim, Foolish Literalist: well, sure he would. After all, he removed his own testicles and ate them (“frog legs”).
Steeplejack (phone)
Al Giordano:
How clueless is this mook? Rhetorical question. He seems to forget that “Romneycare” was a Democratic program that Romney couldn’t veto, so he rolled with it. And on Giordano’s Twitter timeline people are justifiably dragging him on this, pointing out that in 2012 Romney said repealing Obamacare was going to be the first thing he would do as president. His response is to yell at everybody to get off his timeline with their ridiculous comments. Good times.
Schlemazel
Given how hard Willard ran against ‘Romneycare’ in ’12 I am betting he will vote to kill ACA just as soon as is possible. He sees that as his shot at redemption and a path to the White Hors . . . er House
Calouste
@chris: Bannon is a vindictive, nihilistic piece of work who likes to (metaphorically) blow stuff up. See today’s book for an example. The Mercers might be somewhat unpleasantly surprised by future Bannon actions.
Betsy
@Mike J: Translated, does that say Bannon is sitting on four balls, or four turds?
SgrAstar
@Another Scott: Jenny Wilson can not beat Mittens. Period. She could step up from the county council- perhaps run for SLC mayor- and try to develop an image that could convince the mormon majority down the line. If the initiative for non-partisan redistricting in 2020 succeeds, she might be able to mount a successful run for Congress. Right now I just don’t see her as having much of a constituency, beyond admirers of her father, former SLC mayor Ted Wilson. Her political future really depends on her adopting a much higher profile, with appeals to issues that have broad-based support: homelessness, clean air, economic growth, better schools.
Jager
I would have like to have heard the conversation between Corey Lewandowski and his wife Alison about the fact his boss thinks Hope Hicks is “the best piece of tail he’s ever had”
chris
@Calouste: Agreed. I assume that money won’t really be a problem for Bannon, dog knows there’s more than one deranged billionaire out there although more deranged than Rebekah might be a high bar to clear.
Oh I hope so!
Butthurt Jordan Trombone (fka XTPD)
Adam L Silverman
@Jager: I’m guessing divorce papers are being prepared.
Yarrow
@Jager: The rumor of their sleeping together has been out there for months. I would imagine that discussion has already taken place, but I bet his wife doesn’t like it being published in a book. And Lewandowski is known to hit women so that conversation could turn ugly.
Le Comte de Monte Cristo, fka Edmund Dantes
Enforce the Trump NDA – bring it the fuck on, LOL. Once shattered, all are broken forever.
I hate Trump. I should be packing to leave for Hanoi Friday morning, but I’m hammered and looking for more goodies in this.
Le Comte de Monte Cristo, fka Edmund Dantes
On another note, I’ve drawn yet my zillionth suspension from twitter for using the word “fuck”.
I think I’m inclined to escalate…
hellslittlestangel
I’m sure a Senator Romney would stand up to Trump. In quiet rooms, of course.
Adam L Silverman
@Butthurt Jordan Trombone (fka XTPD): That’s funny!
Another Scott
@SgrAstar: Thanks.
Wikipedia says she ran for Mayor in 2007, but lost in the primary.
She may be great, and maybe lightning will strike and she’ll have a chance against Rmoney, but don’t see the reason to donate to her campaign so early. She needs to prove she can win the primary first, IMHO. Unless she’s running against a Democratic version of Cliven Bundy or something…
Cheers,
Scott.
Jim, Foolish Literalist
@Butthurt Jordan Trombone (fka XTPD): @Le Comte de Monte Cristo, fka Edmund Dantes: I hope he’s angry enough that they can’t talk him into backing down before it’s too late
gene108
@Jager:
Corey’s boss would be Trump, unless I am reading this wrongly.
Tenar Arha
OT & repeat (from the likely dead thread on fundraising)
General question, because I just got an appeal. What’s the deal with the Democratic Governors Association? Are they useful? Do they disburse funds and assistance, or are they more set up for incumbents?
Ken
@chris:
Of course not, but I’ll bet he plans to fundraise for his run…
Adam L Silverman
Any of our techy folks know anything about this?
Quinerly
@Yarrow: I read earlier today that Corey and wife have known each other since 9th and 8th grades. Her first husband died on 9/11. 4 children, ages 9 and under (think I have those ages correct) I feel badly for her.
randy khan
@Butthurt Jordan Trombone (fka XTPD):
Ha ha ha ha ha ha ha ha.
Gin & Tonic
@Le Comte de Monte Cristo, fka Edmund Dantes: Ooh, I love Hanoi. Are you going out to Ha Long Bay?
danielx
C’mon, work with me here, Aaron!
— Jacob Wohl
Gin & Tonic
@Adam L Silverman: Yes.
Tenar Arha
@Adam L Silverman: A Twitter thread that starts here seems credible
Another Scott
@Adam L Silverman: TheReg broke the original story. They have more about Intel’s attempt to spin the issue.
Basically, Intel (used in most desktop computers) and ARM processors (used in just about every cell phone and tablet) have a memory access flaw that has to be worked around via changes to the operating system (until new chips with fixes are available) or malware can poke around in memory that they should be forbidden from accessing. Such poking around is the way viruses and malware are able to do their magic, and their damage.
AMD processors aren’t affected.
That’s my understanding, anyway.
Cheers,
Scott.
Adam L Silverman
@Gin & Tonic: And?
mattH
@SgrAstar: Wilson had a chance, slim though it was, against Hatch, what with the majority of the state wanting him not to run again. I could see her riding that dissatisfaction to an extremely narrow win if she could have gotten some debates with him showing just how senile he is, compounding enough to push her over the line with a narrow win. With him out, it’s unlikely she could be any Republican in the state, regardless of who it is.
In some ways Mittens is the least bad choice we could end up with. I think a lot of what he is doing right this moment is gauging who his caucus challengers are and if he goes that route or tries for a primary run, and from a larger point of view, “does being Senator make me a better Presidential candidate”? We aren’t guaranteed that he’ll run, but I still think he’s slightly better than another Mike Lee.
I hate the politics in this state.
Another Scott
@Another Scott: Looking at TheReg article more carefully, Intel processors are affected by both vulnerabilities, some ARM processors are affected by both, some AMD processors are affected by one.
Cheers,
Scott.
Mike J
@Le Comte de Monte Cristo, fka Edmund Dantes: Do I follow you? Many of the people I follow are from here but I can’t always match names up.
Mary G
@Tenar Arha: That is an excellent thread with explanation for people like me, as well as completely terrifying. It’s funny, the publishers and editors at the NYT suck, the political reporters suck, but some of the individual reporters are really professional and knowledgeable, like Nicole Perlroth there.
Gin & Tonic
@Adam L Silverman: You’ve gotten more useful responses from others. The article in El Reg is pretty good.
Mike J
@Adam L Silverman: It’s the real deal. Patch stuff that you can. Browsers, OSs, refrigerators, marital aids.
Google says the webview component in android should update automagically to keep your phone safe.
Adam L Silverman
@Mike J:
I’m not married.
mai naem mobile
@Butthurt Jordan Trombone (fka XTPD): Dolt45 is a fucking moron. I wonder if Obama ever considered suing Dolt45’s orange ass for saying disparaging crap about him. Shit, Obama could sue his ass right now and have Michelle represent him as his lawyer.
Gin & Tonic
@Adam L Silverman: They’re not just for married people.
Le Comte de Monte Cristo, fka Edmund Dantes
@Gin & Tonic: Yup! Looking forward to it!
Adam L Silverman
@Gin & Tonic: That’s poor marketing then.
Le Comte de Monte Cristo, fka Edmund Dantes
@Mike J:
If you follow Betty Cracker, we’ve got a regular set of exchanges.
Another Scott
@Tenar Arha: I got a letter from them recently. I don’t recall ever giving to them before. I dunno how effective they are, etc.
But we know that politics takes resources.
Virginia just had it’s gubernatorial election in November, so I’m not paying much attention to those races at the moment. Maybe later in the year.
My $0.02.
Cheers,
Scott.
Butthurt Jordan Trombone (fka XTPD)
Lmao
Aimai
@Jim, Foolish Literalist: yes.
Omnes Omnibus
OT: Apparently, my downstairs neighbor was trying to drive somewhere and collapsed behind the wheel, parking someone else in. The police showed up and were treating it as a drunk/drug pass out. I just went out and talked to them and explained that she had some sort of degenerative disease (we have never been close enough to talk about what it was. although she had asked me about disability attorneys) The cops then changed their approach and treated it as an casualty response. An ambulance showed up quickly. White guy privilege can help.
Chet Murthy
@Adam L Silverman: The basic flaw here is that there’s a (very clever) way for malicious code to access (read) memory that normally is off-limits due to memory-access-protections. And versions of the bug are present in Intel, AMD, and ARM processors. So basically, all computers. BUT …. from my reading, it doesn’t appear to be so severe on things like desktops and laptops. I could be wrong, but:
(1) the exploit here requires malicious code. If malicious code makes it onto your laptop or desktop, you’re dead already — all your files are accessible and the sorts of protection (containerization) that seems standard on phones, sure won’t be there on your laptop.
–> on desktops/laptops, there’s an old saying: “every local exploit is a root exploit”. That is, if you can get malicious binary code running on the machine in any way then the machine is considered fully-compromised. Of course, that “malicious binary code” doesn’t mean “malicious javascript” or “malicious flash”. it means malicious native code.
(2) sure, on phones, it’s hard to know when you install an app, that the code is safe, and we have ample evidence that people install apps with all sorts of malevolent code. So it’s a big problem for phones
(3) of course, for cloud computing, this is a big-ass problem — cloud vendors (amazon) run arbitrary code from customers, and now that arbitrary code could read memory it ought not have access to.
So yeah, this is a big, big deal on phones&tablets. And sure, we should patch everything. But for devices that never download untrusted binary code, it doesn’t seem to be earth-shattering.
Maybe I’m missing something.
JGabriel
UtahPolicy.com via Chart @ Top:
Utah, where the 28% are the sane ones.
dmsilev
@Adam L Silverman: Good article, albeit somewhat technical, on Ars Technica.
Short version: there are two major potential security issues that have come to light today. One is primarily applicable to CPUs made by Intel (nicknamed “Meltdown”), and the other is applicable to pretty much any high-performance processor designed in the last 15 or 20 years (“Spectre”). Meltdown has the more serious potential for exposure of privileged information (passwords, for instance) to malware. There’s a software patch for that issue which will roll out for Windows and Linux shortly, at the cost of some CPU performance (how much depends on the workload; I’ve seen numbers ranging from a 5 to 35 percent hit). Spectre is, at least as far as we know, unpatchable by software and will require new, redesigned hardware, to fully fix, so that’s …not good.
Jim, Foolish Literalist
Interesting Stuart Rothenburg column (and I think he’s an R-leaning asshole) on possibly vulnerable seats next November
Yutsano
@Mike J: Huh.Maybe that was the update last night.
danielx
@dmsilev:
Damn, I thought that for once being an AMD fanboy was going to be a good thing.
Obviously begs the question of how AMD will fix the issue, in addition to a host of other questions. I am certain that any number of high powered people are conversing this evening over one of two questions:
– how can we limit our exposure on this?
– how can we make money on this?
How you or I get any satisfaction, like new fucking hardware, is entirely a secondary concern. Perhaps I should put it more like NEW FUCKING HARDWARE, in case AMD’s social network/blog monitoring systems missed my point. Insecure systems that cannot be fixed short of hardware-level replacement with next generation processors that haven’t even been released yet?
I foresee a boom in paper accounting forms and the like, since…come to think of it, a boom in just about every unhackable* widget, electronic or otherwise, in existence. How many intel and AMD processors are in use by the armed forces for all kinds of things?
Jeebus, if you want to be totally secure you’re going back to 1940s security measures. Which were, come to think of it, about the best available at the time after centuries of refinement.
*…oops. Anything is hackable under the right circumstances, through accident or intent. But if certain things are absolutely crucial to have clearly communicated, cutting down the odds by use of not one but two officer couriers, for example, will become mandatory. Or should, anyway.
amygdala
@Omnes Omnibus: Thank you for doing the right thing. If she gets through this ok, I hope one of her docs brings up getting a Medic-Alert bracelet or necklace.
Omnes Omnibus
@amygdala: Thanks, but it was weird. I had a few drinks but the cops were all “yes, sir.” A combo of privilege and my ability to maintain.
Yarrow
@Omnes Omnibus: That was good of you to do. Hope everything turns out okay.
?BillinGlendaleCA
@danielx:
That was Trump’s idea.
ETA: Of course, couriers are how we found OBL.
Adam L Silverman
I want to thank everyone that got back to my question about this processor flaw/vulnerability. I greatly appreciate it.
amygdala
@Omnes Omnibus: And a willingness to leverage those to help someone. This is a good thing.
danielx
@?BillinGlendaleCA:
True dat, but it took some years to do it. Besides, do i really sound like i know what i’m talking about? I just started thinking my way through this, i don’t know shit. But if communication takes place through intel processors and can be attacked at hardware level, or amd processors, etc…it sounds like a problem that just gets bigger the more you think about it.
danielx
@Omnes Omnibus:
Privilege or not….a good deed, and well done.
Yes, you may go purchase a larger hat tomorrow.
Jim, Foolish Literalist
actual correction in Politico story about the rift between Bannon and the trmps
which raises the question, what nicknames does Bannon have for the trump boys?
Another Scott
@danielx: All software has bugs. All hardware has bugs. It’s part of life.
These bugs are being addressed with OS updates (at the cost of decreased performance). Don’t panic.
:-)
Cheers,
Scott.
?BillinGlendaleCA
@Another Scott: Of course a few weeks back it was Apple that shipped High Sierra with no root password.
Another Scott
@Another Scott: More info is here: https://meltdownattack.com/
Cheers,
Scott.
Yarrow
@Jim, Foolish Literalist: Wouldn’t surprise me if he calls them Uday and Qusay like most people do.
Another Scott
@?BillinGlendaleCA: Kinda-sorta.
Cribbing from another site:
They fixed it pretty quickly (though their first patch apparently broke some things).
Cheers,
Scott.
danielx
@Another Scott:
Am I reading incorrectly that the Spectre problem cannot be fixed with a software patch?
Chet Murthy
@danielx: Apparently (correctly) so. Only patches for specific instances, as they arise. Nuts.
?BillinGlendaleCA
@Another Scott: I think they’re up to 10.13.2 in a couple of months.
Another Scott
@danielx: I’m no expert, but remember that CPUs are basically machines that run software. The software tells them what to do, so if we don’t want them to do something, we change the software.
From the MeltdownAttack.com link above:
Note that Google has patches and protections out already, as outlined here.
There is a cost to using these software patches – it bypasses the problematic (faster) hardware and makes the CPU work harder, slowing things down.
HTH.
Cheers,
Scott.
Aleta
Looking at windy.com. Why are we having a hurricane this time of year? Because the water is warm?
30ft waves offshore. Then a huge burp of Canadian air is coming in.
And then Fri a huge storm comes from the west.
Manxome Bromide
Delurking for this one – hi, jackals.
My understanding is that Spectre is in some sense an intrinsic side effect of an optimization we introduced to basically all processors in the mid-1990s: computer instructions that don’t have anything to do with one another can be made to run faster because you can run them at the same time. The issue with Spectre is that an attacker can set things up so that their code will run faster if and only if one of the bits in somebody else’s code is a 1 or a 0. By setting this up a bunch of different ways, it can make a series of deductions and ultimately work out what your memory contents must be. It never actually looks at anyone else’s memory; it can deduce what must be in it by how its own performance changes.
The defense is to, at appropriate times, wipe out all evidence that anyone else ever existed, which basically means “you never get to do this optimization” and that means performance penalties. That’s easy to set up for Meltdown – the case there is “asking the OS to do something on your behalf” – but Spectre seems to be unpriviliged, ordinary applications deducing things about each other by spinning away within what are supposed to be their sandboxes. That’s a harder nut to crack, and the worst case may be like cryptography; you have to write software in a special way to make it unreadable. (Example there include working out your crypto key by looking at variations in your laptop’s power draw as you do something that required encryption.)
The, uh, good news, such as it is, is that this information leak appears to be one-way. You can steal secrets with it, but because the whole trick involves seeing how your own behavior is modified, you can’t actually modify anyone else’s state.
cthulhu
@SgrAstar:
Exactly. Dems are not going to win any statewide races in Utah for the foreseeable future but you also indicate why there is some upside for her to do this: more recognition which might benefit her in a more winnable future race.
danielx
@Another Scott:
True…also sorta obviates the need for new processors until such time as intel/AMD/whomever produces new ones which eliminate a known major flaw.
I see plots for a couple of suspense/thriller novels here –
1. The team shown on video are assassinated one by one until only one is left, who is also the only one who can fix the problem(s), who has to be saved by somebody, leading to…something.
2. The flaw is exploited to …what?
– wipe out all electronic financial records everywhere, simultaneously
– randomly distribute the financial holdings of anyone with a net worth in excess of, say, fifty million dollars
– used to corrupt electronic communications in coordination with an attack of hundreds of thousands of swarms of self directed drones, programmed towards specific targets and people….
Can i get a witness!
Amir Khalid
@danielx:
Never mind a witness. Get you a movie deal!
danielx
@Amir Khalid:
That’s what I’m thinking. Whatever I come up with – whenever somebody says no, that’s too crazy, I can always say: hey, look who’s sitting in the Oval Office. Then get back with me about that crazy business you speak of.
Shalimar
@Adam L Silverman: If spouse didn’t divorce Lewandowski last year when the affair was widely reported, not sure why should would now just because Trump thinks Hicks is hotter than she is.
Shalimar
@Adam L Silverman: The history of sex toy marketing is rife with legal restrictions on what they could be used for. Laws prohibiting anything to be sold for sexual purposes were common, which led manufacturers and retailers to come up with creative alternative purposes they could claim. More relevant here, there were also laws in various jurisdictions including Alabama which restricted them to use by married couples. Sex was supposed to be only for procreative purposes. Thus, the phrase “marital aids”. It wasn’t poorly chosen. It was literally the only thing they could say to avoid getting arrested.
Chris T.
@dmsilev: In security terms, both (Meltdown and Spectre) use performance as a covert channel. That’s not great. However, Meltdown also allows you, via Intel-specific prefetch instructions (that don’t work this way on AMD), to read the actual values out of nominally-protected memory. You can then combine that with an attack called Rowhammer that uses weak (non-ECC-protected) hardware to somewhat predictably flip bits in other programs running on the machine, including privileged ones and including the kernel itself. It takes a while—a lot of real time and a lot of CPU power—but this lets you do pretty much anything.
That’s pretty damn bad.
The performance-dragging patches (which drag anywhere from “barely noticeable” to about 30% in the stats someone gathered) prevent you from reading bits. This means you can still use Rowhammer to flip bits but you can no longer target the bit-flipping.
Computers with ECC (some larger servers on Intel, and newer Ryzen offers ECC) can, but don’t necessarily do (some BIOSes are just broken), protect against bit-flipping. DRAM hardware could be designed so that it doesn’t break when hammered by Rowhammer techniques. Most home computers don’t have ECC: it was abandoned even by the server guys for a while for price and speed reasons. (ECC, at least in this application, is a hardware system to detect and correct memory errors. Typically one can detect and correct a single flipped bit, and detect two flipped bits, in any machine word. The Rowhammer trick will usually only flip one or two bits in a word. There are other error detection and correction codes used in other applications, such as Reed-Solomon codes—look that phrase up on Wikipedia.)
Spectre seems a lot harder to use for anything useful. Covert channels exist in most systems; the security concern is limiting their bandwidth. Spectre’s is low; Meltdown’s is much higher and, on Intel systems, far broader. (Note: I’m not a security expert, just somewhat versed in it.)
Spanky
Woke up by the snow plow going by
Looked outside and we have less than 2 inches. Still, vommute is going to be a mess.
Don’t want to get outta bed ….
Van Buren
@Spanky: vommute is pure genius, whether intentional or not. It describes my feelings about my daily trek perfectly
J R in WV
@Omnes Omnibus:
Thanks for helping your neighbor out. Sick people don’t thrive in the justice system.
Cops don’t seem to be attuned to the fact that illness can cause erratic behavior, probably more often than drugs/drink.