Posts by SamC
Hard News: Just quietly, this is a big deal,
It will be very interesting to see how the debate (in parliament and in the public) goes. It seems like any attempt at sensible drug reform in this country leads to mass hysteria.
Nice post. One minor nit-pick:
No party has led a governing coalition without the comfort of a plurality.
I thought that too, but the Liberals in 1911 formed government without a plurality (though it didn’t last the term). link
Also, the Cannabis referendum will be very interesting. Has any other country had a binding referendum on drug legalisation?
Hard News: About last night's medical…,
It seems like a good policy "win" that Labour can give to Greens in coalition talks. Greens supporters will be happy, Labour don't have to spend too long on creating their own policy, and most of the public will probably be happy.
Speaker: Compulsory voting and election turnout,
What are the effects on enrolment though? If people know they may get fined if they enrol, it will just encourage them not to. It's harder to get people to enrol than to check if they have voted once they're enrolled. I'm sure the ~300k people not enrolled in NZ won't get fined, even though it's compulsory to enrol. This also gives the appearance of turnout being higher than it really is. Are there stats from Australia on this?
Weirdly, most of the correspondence seems to be Facebook chats, which I can’t quite see how would possibly be hacked using a DDOS attack on the WhaleOil site.
Could be that passwords were obtained by hacking into his web server, which were used to access Facebook, etc. Lots of people use the same password on every site.
Hard News: Dirty Politics, in reply to
There is no sensible reason for correspondence to have ever been anywhere near the site. I can't see a connection between "site hacked" and "access to emails".
The scenario I would imagine is that to save money, everything was put on one server (it's possible it was multiple virtual machines on a single physical host, or just one big host). The email server was not publicly accessible under normal circumstances, but once the server was compromised, it was simple to get a hold of them. Slater was using it has his personal email host, and hadn't deleted/archived for some time.
You might think "how could anyone be so stupid?" but presumably it wasn't Slater's call (he probably just skimped on the IT consultants). But such security setups are ridiculously common, particularly for people doing it on the cheap. If they were really doing it right, they would've encrypted all emails anyway.
The worrying thing is, what happens when these sort of people wise up and use some pretty trivial measures, like properly secured servers and encrypted emails. This sort of leak just won't be possible, so we'll only have suspicions to go on.