Hacking the Governator

mytrip writes, "The Democratic rival to California Gov. Arnold Schwarzenegger acknowledged that his aides were responsible for obtaining a controversial audio file, in which the Governator was heard disparaging members of other races, in a move that has led to allegations of Web site hacking. A source close to Angelides told CNET News.com that it was possible to 'chop' off the Web links and visit the higher-level 'http://speeches.gov.ca.gov/dir/' directory, which had the controversial audio recording publicly viewable. No password was needed, the source said." And jchernia notes, "As an aside, the California Highway Patrol is running the investigation — maybe the Internet is a truck after all."

Moo

[Chacham]

So calling someone passionate, but mentioned a way to denote tham as a group is a bad thing?

Am i missing something here?

Re:

[Darth Liberus]

No, that's the way normal human beings interact. Only people who have never really spent much time in a diverse, multiethnic environment get offended by such things... the rest of us tease each other constantly and have a grand old time.

Sure, it's lots of fun.

[Kunta Kinte]

No, that's the way normal human beings interact. Only people who have never really spent much time in a diverse, multiethnic environment get offended by such things... the rest of us tease each other constantly and have a grand old time.

Been in 'multiethnic' evironments all my life too.

Personally, I don't enjoy the stereotype.

These stereotypes are 'cute' if you only run into them once in a while. But what happens when you're trying to communicate at your job or to a customer and the person is intimid

Re:

[Chacham]

And what exactly is wrong with that comment?

Inflection does play a factor. If one is saying that blacks are basketball players, as in women are baby makers, yeah, it's an insult. But if one is saying that blacks are basketball players because they are keenly athletic, that is a compliment, isn't it?

Re:

[Jeremi]

But if one is saying that blacks are basketball players because they are keenly athletic, that is a compliment, isn't it?

Disclaimer: I think this all much ado about nothing.

That said, it's not a question of whether the adjectives used are 'complimentary' or not, but rather the generalization across an entire race that offends (some) people. They feel that racial generalizations (aka stereotypes) are unhelpful and inaccurate, and have a major history of abuse.

Re:

[Chacham]

They feel that racial generalizations (aka stereotypes) are unhelpful and inaccurate, and have a major history of abuse.

The opposite is true as well. Why should negativity win?

Re:

[NoTheory]

grand parent should have added "unnecessary", and "irrelevant" to "unhelpful and inaccurate". Race is really a meaningless fiction, that tends to blend together things about genetics and culture together in a misunderstood ill-concieved mish-mash. If you're going to talk about something cultural, just talk about culture. if you're going to talk about genetic endowment, talk about genetic endowment. Race is a red herring, an anachronistic concept without any use in the modern day.

Re:gross generalizations

[Grym]

That said, it's not a question of whether the adjectives used are 'complimentary' or not, but rather the generalization across an entire race that offends (some) people. They feel that racial generalizations (aka stereotypes) are unhelpful and inaccurate, and have a major history of abuse.

So what? This was an off-hand remark made in private. Have we come to the point where every word one says must be parsed and examined for any trace of anything that might offend the most hypersensative among us lest he or she be branded a racist?

-Grym

Re:

[geminidomino]

Have we come to the point where every word one says must be parsed and examined for any trace of anything that might offend the most hypersensative among us lest he or she be branded a racist?

Yes.

That was easy. Give me another one.

Re:

[flooey]

So what? This was an off-hand remark made in private.

Yeah, but an offhand remark made in private by the chief executive of one of the most powerful states in the union. I think it's reasonable to think that people might be interested in his views on various matters, as those are pretty likely to affect how he governs.

Re:gross generalizations

[Sylver Dragon]

You do realize that he is up for re-election in November, and that his major opponent is none other than the person who passed the information on to the LA Times? And that the LA Times went on to quote Phil Angeledies as being very outraged, in the same article that they broke the story. Those of us in California, with more than half a brain (which does eliminate a large portion of the state's population), realized it for what it was: election year mud-slinging. The LA Times is generally expected to be a left slanted newspaper, and they do what they can to attack Schwarzenegger at any possible time. So, running a story, on the front page, about an off-color comment, made in a closed door meeting, (which didn't even offend the person who was being talked about. She actually took it as a point of pride, being called "hot blooded.") is absolutly no suprise.

Re:gross generalizations

[crashcodesdotcom]

Generalizations or stereo-types exist for a reason. If I look at an electric range and one of the burners is red, I am going to try to avoid touching it. It is possible however that the burners are simply painted or dyed red and not currently dangerous. Now when I get closer to the range and I'm able to tell no heat is being emmitted and it's not really glowing, I probably wont be as cautious. Generalizations and stereo-types are useful in filling in some gaps of unknown information until better data is availabe; but ultimately should be treated as unreliable. People shouldn't take serious action just based on a stereo-type. Forget offensive. That's just dumb.

Taking offense at someone voicing or defining their own stereo-type. Bah! Sounds kinda silly to me. How bout I get really pissed the next time someone offers me sunblock? "OMG, they assume because I have white skin that I'm prone to sunburns! How dare them!" Hehe, yeah that would be pretty silly.

So, I think I get what your saying about history of abuse and all; but it's the abusers that should be punished not the concept of stereo-types.

My two cents.

Re:

[Jeremi]

Taking offense at someone voicing or defining their own stereo-type. Bah! Sounds kinda silly to me. How bout I get really pissed the next time someone offers me sunblock? "OMG, they assume because I have white skin that I'm prone to sunburns! How dare them!" Hehe, yeah that would be pretty silly.

I think there's a distinction to be made between traits that are in fact genetically/racially derived (as in your example above) and ones that aren't. A better example might be if someone bought you a case of whis

Re:

[metallic]

Being a person of Irish descent, I would say thank you for the whiskey!

correlation does not denote a casual relationship

[Kunta Kinte]

Generalizations or stereo-types exist for a reason.

The reason is that people are lazy.

We do not want to have to evaluate everyone we meet on their own merits, so we group them together and apply a label.

Not because 10 out of 10 of the latino people you've met in your life are all hot-blooded does it mean that latino people are predisposed to aggression. There can be a third, independent factor, held by those 10 people that you've met that explain their personality. Maybe there are social factors

Re:

[Fulcrum of Evil]

But if one is saying that blacks are basketball players because they are keenly athletic, that is a compliment, isn't it?

Back in the 20's it was the Jews that were naturally good at basketball due to their scientifically proven craftiness.

Re:gross generalizations

[mordors9]

I never hear about them complaining about the large penis stereotype though...

Re:

[snuf23]

Which is why I always feel bad for the black guys out there with small dicks. On the flip side thanks to the reverse stereotype for Asian's I bet girls think "Wow not bad for an Asian" when they find an average weiner.

Re:gross generalizations

[Pantero Blanco]

"They all are very hot," the governor says of Cubans and Puerto Ricans. "They have the, you know, part of the black blood in them and part of the Latino blood in them that together makes it." See: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2 [sfgate.com] 006/09/09/GUV.TMP

Yeah, that's right up there with all black people can play basketball, cuz you know, it's in their blood man!

I suppose all the anime fans that keep telling me how hot Japanese women are are racists too, then. If this is considered racism, I don't have any problem with racists. I guess we'll need a new word for the serious sort.

I mean, if the word "murder" could mean accidentally stepping on a cricket, I wouldn't care if I lived next door to someone described as a "murderer".

Re:

[UbuntuDupe]

Please, someone, restore my faith in /. by modding parent back down -- or at the very least, funny.

Re:

[Maxo-Texas]

As a white male just after the baby boomers,

I've felt my point of view, my chances of promotion, my entire standing in society has been suppressed my entire life to make up for the sins of the people 10 years older than I am. It was worse in the past- they were very blatant about even promoting imcompetant people to balance the percentages. Today, there are plenty of competant people of all races and sexes- I'm one of them- but they still need to get up to 50% female, 12% black, etc. I've seen females bl

If that's hacking

[Anonymous Coward]

then my grandma is a copyright violator. Oh, wait ...

Wow, they must be really good...

[Anonymous Coward]

Chopping off URLs.... oh my, these h4x0rz are scary as shit! Hide your megabytes, kids!

beware the internet chop shop

[User 956]

Chopping off URLs.... oh my, these h4x0rz are scary as shit!

Why do you think they've got the CHP involved? Someone obviously stole Governor Schwarzenegger's internets and took it to an internet chop-shop, where it's dismantled and sold for parts.

You'd be surprised

[Moraelin]

I've seen big corporation programming consultants for which changing a URL was an unheard of concept, so I'm less surprised that a layperson considers it elite hacking.

Seriously. Being as generic as I can for NDA reasons, let's just say that the corporation I work for paid good bucks to a BIG corporation's consultants to write a web application for them. Well, not even the whole app, but think more or less just the part where you register and set your data and preferences, with a bit of a hierarchy thrown in. (Some users could be, basically, managing others and giving or revoking rights to them.)

The thing ended up years overdue, and needing a whole server farm just to support a modest number of users. (The joys of clueless Buzzword Driven Architecture at its finest, really.) They had to be started and shutdown in a given sequence too, as the modules on one machine depended on those on a second, which depended on those on a third, and so on. As a result, shutting down and restarting the whole system (e.g., for maintenance) took almost a whole day. But that's not the important part. The important part were the endless security issues, such as:

1. yes, failure to account for URL editing. Rights were checked when generating the URLs on a page (e.g., which products, messages, whatever, you can click on), but not when actually accessing the linked page. So you could literally access any data in the database by just typing in its ID in one of those URLs.

2. rights escalation. Did I mention editing URLs? The same went for the "change your password" page. You could just type in another user's id, change their password, and log in as that user. The "super-user" had id 0. 'Nuff said.

3. wide open to cross-site scripting exploits. They hadn't figured out how to quote strings when displaying them on a web page. (Then when they "fixed" that, it encoded them twice and displayed them broken. So they disabled the fix again and tried to downplay the risks of anyone injecting JavaScript.)

4. had obviously never heard of non-repudiation. (Security isn't just about who you let in, but also making reasonably sure who signed that contract or generally did what.) While in the old system a deleted user was just, basically, flagged as disabled, their clever system just deleted the user and his data. And because of foreign key constraints, it cascaded through the tables and erased any data connected to that user. Messages they posted or sent, contracts they signed, everything. Users could delete themselves too. (If anyone has trouble understanding why this is dangerous, think what you could do if your bank had something like that. Take a big loan, move the money somewhere else, delete your user.)

And so on, and so forth.

So, well, if "experts" hadn't heard of such elementary stuff, I can't be that surprised that the governor or a couple of journalists consider them advanced hacking.

Deep linking, move alone

[kherr]

Gee, content freely accessible via URLs on the WWW? What a novel concept.

This is simply a matter of deep linking. Just because there's no page with a link to a URL doesn't magically make the accessible URL off-limits. Security through obscurity isn't. If the governator didn't want people to get it they shouldn't have posted it on their web site. Or at least put some form of authentication on it.

Re:

[garcia]

Security through obscurity isn't.

You are even making it seem more exciting than this was. It wasn't security by anything. It was a public webserver without *any* standard protections enabled.

I wonder how soon there will be a draft of a bill to make any "unwanted intrusions" into a webserver illegal in CA.

Re:

[Dachannien]

Security from a technical perspective may be different from security from a legal perspective.

Analogies are usually less apt than the author claims them to be, but I'll use one anyway: Saying that security through obscurity doesn't offer legal protection against intrusions is like saying that if I hide my house key under the door mat, then anyone is implicitly welcome to use it to come into my house (perhaps even to take my stuff, depending on how far you extend the analogy).

Is it the same (at least, for l

Re:Deep linking, move alone

[TWX]

I'd counter with the RFC for HTTP. The protocol is designed to provide content located in a designated directory structure on the file system. Anything located in that file structure that isn't specifically covered with a password is supposed to be available to any browser. And as for someone saying that it wasn't provided in an index or referrer page, I'd compare it to large college textbooks or anthologies that don't have every single entry itemized in a table of contents or index, and how published content (which I believe the Web has been acknowledged as) would compare.

Fact of the matter is that this audio clip was put in a place that was easily found and was obviously placed there intentionally. If it wasn't there intentionally, the webmaster is responsible through negligence, not the opponent's campaign.

Oh, there's also the little matter of it being posted on the government's web site, which is supposed to belong to every resident of California...

Re:

[mcmonkey]

Analogies are usually less apt than the author claims them to be, but I'll use one anyway: Saying that security through obscurity doesn't offer legal protection against intrusions is like saying that if I hide my house key under the door mat, then anyone is implicitly welcome to use it to come into my house (perhaps even to take my stuff, depending on how far you extend the analogy).

I think your analogy is apt in general, except in this case it wasn't a key under a door mat. Files on an open, non-passwor

Re:

[cgenman]

I'd guess you're thinking of unprotected wireless networks, which is a separate issue.

A webserver isn't your desktop computer. A webserver is a specific computer whose use is to give files to people who ask for them. If you put files on the webserver, you're making them public.

Someone noticed that there was a speeches directory, asked the webserver what was in it. The webserver cheerfully replied. The person asked "oh, that file looks good. Can I look at that?" The webserver cheerfully said "sure" and

Re:

[1u3hr]

Saying that security through obscurity doesn't offer legal protection against intrusions is like saying that if I hide my house key under the door mat, then anyone is implicitly welcome to use it to come into my house (perhaps even to take my stuff, depending on how far you extend the analogy).

Very bad analogy. First, you start by talking about "my house". This was a public web server."Take my stuff". Nothing was "taken". Your analogy is about having things stolen from your home, eliciting a strong emotui

Re:Deep linking, move alone

[cpuffer_hammer]

I would say that the individual sent a request for a copy of the recoding to the governors office. The office was foolish and send a copy of the speech to the requestor. Sounds to my like a staff training problem. Staff member will have to go for reeducation, and be reprogrammed.

Re:

[1u3hr]

They said it was "password protected" and the FBI was getting involved.

I guess there was an index page, password protected. But the actual MP3 files were in an open directory. Happens all the time. You often find ineresting things by looking at the URLs for sample images, for instance. (See Fusker sites [wikipedia.org] for an application.)

Not "Hacking"

[MarkusQ]

I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.

Imagine they had called the governor's office and said "Hi, got anything incriminating about the guv on file?" and when told "Sure, would you like a copy?" they said "Yes please!" What would people think then? It's the same darned situation here.

--MarkusQ

Not Lame - Oppo Research

[BlackGriffen]

The aids were likely told to go over all of the governator's speeches to see if anything he said could be used against him in the court of public opinion and they stumbled across more files than were linked to on the web site. The line between this and hacking is easy to see and bright in color because this isn't just the web server responding the way it responds, it's responding the way it was meant to respond.

It's the fault of Arnold's team if they're too stupid to realize that putting something like th

Re:Not "Hacking"

[MarkusQ]

I'm sorry, this is not "Hacking," it's the way the web works. They sent the web server a URL, requesting a document, and the web server gave it to them. They didn't do anything nefarious, underhanded, or tricky. The didn't claim to be anybody they weren't, there was no phishing or pretexting or anything like that involved.

I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL? Afterall, you're just sending the webserver a URL/packets, how it responds is their problem, right? I don't think so. It's not like they were just choosing URLs at random. Even if the accused did the most basic form of this attack (i.e. server directory listings), they were still intentionally using URLs designed to trick the server into giving them access to material they knew they weren't authorized to access.

The difference, as I stated, is that they were using the system the way it was designed to work. The whole reason browsers have address bars is so that you can type in URLs. The reason web servers respond with a list of the files in a directory is so that users can type in a partial URL and get a comprehensible list of alternatives to choose from.

Spoofing, SQL injection, etc. involve using things in ways that they were never intended to be used, breaking them in order to get access to something that the system was designed to prevent access to. It is the exact opposite of what happened here.

And as for your final point, how are they supposed to know that they aren't supposed to have access to something, when it is made available to them using the basic public interface as it was designed to be used, and none of the dozen or so ways to prevent them from gaining access were used? That seems to me to be a much more dangerous precedent, since you could retroactively criminalize almost any use of a web site by saying "Well, you should have known that you weren't supposed to look at that page!" and suddenly you've made somebody into a cyberterrorist by fiat.

--MarkusQ

An analogy I give to people on this issue

[cgenman]

Think of your webserver as a publicist working in your stead. That publicist should know what is public and what is private. If someone goes to your publicist and asks for information, and your publicist gives it to them willingly, then YOU have implicitly given permission for that transaction to take place. Your publicist is your proxy. If the person who is recieving the information shouldn't be getting it, the fault lies with you for not giving your publicist the training they need to do their job.

On

Re:

[1u3hr]

you could retroactively criminalize almost any use of a web site by saying "Well, you should have known that you weren't supposed to look at that page!

Back in the 70s, when I was at university we had login acounts and the word got around of a way to login that gave you a 9600 baud connection instead of 2400 (using a different server, I think). So naturally I used this until one day a tutor noticed and asked me what the hell I was doing on this system. I said using my account, he asked why that system; I

Of course it's not hacking

[DJ Rubbie]

I don't know how you can be so supportive of this activity as it's a dangerous and unclear line to take. Exactly what separates this from an SQL injection attack or spoofing a session ID within a URL?

It's both nothing and everything. No difference between the two in terms that someone typed in a uri, lack of auditing/checking what goes up the webpage (in terms of plain directory listing or unescaped sql statements in script files), let someone got what they wanted. Both results in data ending up in the wr

Re:

[Grym]

Final note, time for bad analogy time - if anyone likens removing parts of a uri as an illegal act, think about stripping drm from an audio file - both involves bytes removed to have more raw access to the data (data that are not exactly given out).

Again, I'm not saying that what they did was illegal but probably unethical and certainly in poor taste.

Regardless, here's an analogy of mine that's actually true. I'm a medical student and in one of my courses there are small group sections that assign ho

Re:

[DJ Rubbie]

I had a professor who left the files on there, and when I tried to access it, I got:

403 Forbidden

Of course, if they were accessible, it might have been a test of honesty. If you are questioning ethics, that's a whole different subject. I only covered removal of uri to get to the parent directory, not changing the uri itself.

In the end, don't post what you don't want people to see on the Internet, and if you must, properly secure the files so it only gets to the intended reciepients.

Re:

[DJ Rubbie]

That particular word only has meaning in English, and to make tightening up restrictions harder than opening items up, it's exactly like giving someone a safe with the key attached (safe = website, key = restricted=true). Your example is just bad programming.

Session ids are usually much longer than 5 characters, and of a fixed length (such as a hexadecimal digit 32 bytes in length), not easily guessed. Most cases if there's a match, a more sophisticated method (say, gained from an XSS attack) is used to acq

Re:

[Grym]

Webservers are specifically designed to serve up content that is *anywhere* in thier public webspace as long as there are no access restrictions on the content or directory that the content is in. A web application that suffers from an SQL injection vulnerability is not designed to give admin access to the application because someone knows some magic SQL code to put in a form field, that is a side effect of bad coding and not a designed function of the application.

It's poor design. An SQL injection atta

Re:

[Mr. Slippery]

The webmaster intended to make this--by all accounts--private information public?

A directory accessible by URL-chopping is a public place. Anyone with knowledge of semantics of URLs understands how to construct chopped URLs and use them to find information on a wwebsite.

Information placed in a public place is assumed be to be public.

And if they did make the assumption that it was intended to be there, then why did they release it to the media? Afterall, it was already public from their point of vie

Re:

[MarkusQ]

In this case, someone was convicted under the relevant legislation, for appending "../.." to a URL to gain "unauthorised access".

The key difference being that this person was exploiting a bug in the way the server parses URLs, rather than just entering a valid URL and getting a response. There's a big difference between exploiting a bug to get around existing security and using something correctly in the absence of any attempt at security.

--MarkusQ

Re:

[dtfinch]

The web server authorized access to those files. It wasn't manipulated to do anything it wasn't designed or configured to do. They had permission. Blame the server admin for giving it to them. It's unreasonable to expect someone to get additional written or verbal permission for every url they visit without clicking a link, especially considering that every major browser lets you edit the current url by just typing in the address bar. Some browsers, such a Konqueror, even have an "up" button in the toolbar

Re:

[MarkusQ]

I consider myself to be a responsible computer user and would never deliberately "hack" into someones website. In ordinary HTML, isn't chopping off the the end of the URL a normal alternative way to move back to a higher level by making the higher level default index.html page appear. If no index.html page exists then sometimes the contents of a directory are displayed instead and the appropiate looking HTML file can the selected from the list of files instead. Isn't that just a obvious normal alternative

Disparaging members of other races? Hardly

[dgerman]

Disparaging? hardly. This is just a sensationalist way to report the news. Here is the actual comment (from the Washington Post http://www.washingtonpost.com/wp-dyn/content/artic le/2006/09/08/AR2006090800599.html [washingtonpost.com]):

  "I mean Cuban, Puerto Rican, they are all very hot," the governor says on the recording. "They have the, you know, part of the black blood in them and part of the Latino blood in them that together makes it."

the article continues...

'Garcia, who is Puerto Rican and the only Latina Republican in the assembly, appeared with Schwarzenegger yesterday and said she was not offended by the governor's comments. Garcia earlier told the Times that she refers to herself a "hot-blooded Latina."

"I love the governor because he is a straight talker just like I am," she said.'

That's not the actual statement.

[twitter]

The actual statement has to sound like the Terminator. Observe:

I mean Cuban, Puerto Rican, they are all very hot

Should be

I.MEAN.CUBAN.PUER.TO.RI.CAN.DEY.ARE.ALL.VER.Y.HO T.
[screen flickers between visible and infrared view, zooms in on a rodent in the wall]
[choice screen appears, -kill, -verbally abuse and process further, -ignore]
.FUCK.YOU.ASS.HOLE.

[At this point the person talking to Arnold should be alarmed and might actually gasp.]

The next statement should be kind of like this:

.THEY.HAVE.THE.

Re:

[jafac]

"I love the governor because he is a straight talker just like I am," she said.'

Yeah, except when he hides behind his ESL-credentials and says things like: "I never took steroids, besides, they weren't illegal when I took them." or "I believe that gay marriage should be between a man and a woman."

Personally, the guy who promised to come in as governor and apply fiscal discipline to solve California's budget crisis - and the first thing he does is put out a measure to borrow 8 billion dollars;

Straight-talkin

racial stereotypes are not harmless

[Kunta Kinte]

Disparaging? hardly. This is just a sensationalist way to report the news.

The problem is that many people believe that nonesense. And the guy is the governor..., he runs the state! Don't you think it's a little worrying he attributes personality traits to race?

There are many of these stereotypes. For instance, I read once that there is a strong 'masculine' stereotype to most things concerning the black race, and similarly a strong 'feminine' basis to most things asian. This may have it's roots in

Re:Disparaging members of other races? Hardly

[groman]

Disparaging or not, and Arnold may or may not be racist, it still attributes personality traits based on racial ethnicity. That's racism by definition. It doesn't matter whether or not said traits are good or bad - its still racism.


Umm, no it's not, at least about as much as targetting Cosmo towards women is sexism. Racism requires either preferential treatment, prejudice or implicit or explicit claim of superiority. Simply attributing a neutral personality trait to a broad ethnic or cultural group and using historical ethnic or cultural heritage as supporting evidence is NOT racist. It's a broad generalization, maybe, but it implies no claim to superiority nor attempt to disparage.

It's ok to be hot-blooded?

[Kunta Kinte]

Racism requires either preferential treatment, prejudice or implicit or explicit claim of superiority.

True.

Simply attributing a neutral personality trait to a broad ethnic or cultural group and using historical ethnic or cultural heritage as supporting evidence is NOT racist.

Being called hot-blooded is not a 'neutral personality trait'.

It's a very bad thing in many situations and would suggest that people of those races are not suited for certain tasks or positions in society.

Personally, I do

Re:

[phayes]

First off, without the context, it's impossible to dtermine whether the comments supposed derogetory nature.

<blockquote><i>are any of your personality traits due to your race or ethnicity?</i></blockquote>

Oh bollocks. Most of my personality traits are related to my ethnicity insofar as they usually go hand in hand with the cultural norms of the society they come from. Other than adopted children it rarely happens & even then, many people who are adopted into a different ethnic fa

Ok but pretending all races are the same is stupid

[Sycraft-fu]

Seriously, if not being racist means pretending like there are no racial division, then everyone is a racist and you make the term meaningless. Clearly different races are different physically, if nothing else. That's why the whole concept exists in the first place. If we all looked the same, there'd be no concept of race like there is today.

Well, something else we know is that humans like to use generalities. We like to generalize traits, trends, whatever. Helps us deal with understanding overall patterns in data. Thus it should be no surprise that traits get generalized to races. Happens to other things too, you can see all the traits that get generalized to geeks (like not having girlfriends) here on Slashdot.

So if you are going to get all bent every time someone makes a race related observation, ask yourself why. Is it because you think they are a bad person, with a malfunctioning brain? Or maybe is it because you yourself find that you generalize based on things like race, but don't want to admit or verbalize it?

Look the answer to racial division in this country isn't to hide it, to try and pretend like we are all the same and make it taboo to talk about. The answer is to talk about it, to laugh about it, and to understand and accept it. We are all different, physically, mentally, socially, etc. We need to celebrate our differences and understand that they aren't a reason to hate. Trying to hide away from them and make them taboo won't do any good.

Re:

[Trailer Trash]

The irony of this is, of course, that the Governator made this observation jokingly apparently because one of his close aides or cabinet members is Puerto Rican and likes to joke about it. Rather than jumping up and down yelling to make sure everybody knows that he is for equal opportunity and all that, Herrn Schwartzeneggar simply lives his life as if race doesn't matter.

I am very familiar with this, since my wife is asian. One day she asked me if I'm offended by her calling me a "white guy". Seriously.

Re:

[internic]

Men are taller than women on the average. Is it an outrage to generalize "men are taller than women"? Yet the same reasoning you just used would supposedly invalidate this. Just replace races with genders.

It would be correct to say "men are taller than women on average." To simply say, "Men are taller than women" is dumb; it's just factually incorrect. It's probably not that offensive, because of the context. For one thing, your height is relatively easily proven, so preceptions about your height ju

Re:

[merreborn]

Disparaging or not, and Arnold may or may not be racist, it still attributes personality traits based on racial ethnicity.

"Hot" is a personality trait? I thought it was a set of physical features dictated by genetics.

Which by definition, is tied to race.

People of Asian decent are generally shorter than most people. That's not racist. It's genetics.

Re:

[jalefkowit]

"Hot" is a personality trait? I thought it was a set of physical features dictated by genetics.

He said "hot" as in "hot-blooded", i.e. quick to temper, not "hot" as in "physically attractive". Being "hot-blooded" is indeed a personality trait and has nothing to do with physical features.

Re:

[Rakshasa Taisab]

RTFA. He wasn't referring to physical features.

You must be using the term "hot" in a way unknown to the majority of men in the world. (Actually, more like all except you)

Yes and no

[phorm]

Well, if you go by the "black blood" as actual blood, perhaps. If you go by background or cultural origin, then perhaps not so much. Part of the issue of racism is that it usually denotes offensive racial remarks. In the majority of cases, a black or latino person would not be offended by a remark that "black people are hot," in fact it would be complimentary.

Also, one's background (again not actual 'blood' or skin colour, but upbringing) tend to influence one's sexual behavior. In terms of actual genetic

Hot?

[Jetson]

"I mean Cuban, Puerto Rican, they are all very hot," the governor says on the recording. "They have the, you know, part of the black blood in them and part of the Latino blood in them that together makes it."

Disparaging or not, and Arnold may or may not be racist, it still attributes personality traits based on racial ethnicity.

Depends on what he meant by "hot". It could be the Paris Hilton "That's Hot!" kind of hot...

Re:Disparaging members of other races? Hardly

[dangitman]

"They have the, you know, part of the black blood in them and part of the Latino blood in them that together makes it."

Actually, Arnie is being racist. His comment implies that those who don't have the "black blood" and the "Latino blood" don't "make it." Whatever the hell that means.

Re:Government Contract$

[Oligonicella]

Horse shit. Get some skin. Saying that Nordics sunburn easily doesn't at all imply that the Irish don't. Study some logic.

Wasn't this a crime in the UK?

[ptbarnett]

I vaguely remember someone in the UK that was convicted of the computer equivalent of trespass for doing something like this: manually removing the trailing elements in a URL.

Re:Wasn't this a crime in the UK?

[MichaelSmith]

I vaguely remember someone in the UK that was convicted of the computer equivalent of trespass for doing something like this: manually removing the trailing elements in a URL.

When the GST (tax) was launched here in 2000 the tax department had a web site where you could query something about your tax and the cgi script it used had an argument like ?tfn=nnnnnnn where the n's are your tax file number (9 digits).

So this guy tried a couple of combinations, got the details of others, and took it to the tax people with advice to change their security arrangements.

So they did, by locking him up.

Re:

[The OPTiCIAN]

Michael, are you able to supply more details about this situation - articles, etc?

Re:

[OldManAndTheC++]

Here's some info about it clipped from a law journal [nswscl.org.au]:

Privacy concerns were raised in Australia when a hacker accessed the business and bank account details of up to 27,000 businesses in Australia who were accredited suppliers of GST information and assistance packages to businesses through the GST Start-up Assistance Office. The 'hacker' reportedly obtained the information without actually hacking the site, as the information was provided on an ordinary page accessible through a URL on the site (the web a

Re:

[Beryllium Sphere(tm)]

Daniel James Cuthbert [slashdot.org]. Reportedly, he got suspicious about a site where he'd donated money and (here's a disconnect for you) ran a directory traversal attempt (foo.com/../stuffoutsidewebroot) allegedly to check whether the site was genuine. This set off their IDS. He made life harder for himself by making a false initial statement to the police instead of a true one or "I want my lawyer now".

I feel like I'm taking crazy pills.

[HatchedEggs]

Is it just me, or did this whole thing make you feel like you were on crazy pills? I didn't find anything remotely racist in what he said. He was giving her a compliment. I wish people spoke about me and said,"You know, its just that mix of Norwegian and German... it just makes him hot." The only person that says that about me is my wife, but I guess that will have to suffice. Regardless, Arnold, you can talk about that crazy hot blood in my veins whenever you feel the need to bud. Not that it would matt

Re:

[nizo]

...Arnold, you can talk about that crazy hot blood in my veins whenever you feel the need to...

Wait, are you hitting on Arnie???

Re:

[Jeremi]

I didn't find anything remotely racist in what he said. He was giving her a compliment.

Compliments can be racist. E.g. the classic "that black guy was so articulate during the job interview!", with its connotation that black people are usually inarticulate. Or the ever-popular "Asians are so smart and hard-working!". In both cases, the person probably means well, but they are still engaging in racist thinking: assuming that someone's race is an indicator of some other trait which is not, in fact, racial

all caught up now

[Anonymous Coward]

So, someone didn't hack a web site, and someone didn't make racists comments. Right then, all caught up on the news.

Re:

[Mr. Slippery]

I wish people spoke about me and said,"You know, its just that mix of Norwegian and German... it just makes him hot."

The context was "hot" as in "hot-tempered" or "hot-blooded", not like "am I hot or not?"

Whether "hot-tempered" is compliment or not is debatable. Certainly the accusations of being "hot-tempered" that people directed toward those of Irish ancestry in the laste 19th and early 20th centuries, the time of "No Irish Need Apply" signs, were not compliments.

Re:

[Martin Blank]

Actually, most of the Democrats I know think that the LA Times made far too big a deal about this, and the couple that I've talked to in the last few hours think that Angelides is an idiot if he knew about this before it was first reported, and that if he really didn't know about this and disapproves and has a backbone that he'll have a press conference tomorrow where he will fire the two who downloaded the clip for poor ethics. However, no one really expects that, especially since Angelides spoke out when

Big deal!

[4D6963]

"I mean, they (Cubans and Puerto Ricans) are all very hot...they have the, you know, part of the black blood in them and part of the Latino blood in them and together that makes it,"

Big deal! I actually heard hispanics saying just the same kind of thing about themselves.

Re:

[CosmeticLobotamy]

Big deal! I actually heard hispanics saying just the same kind of thing about themselves.

Totally. And that's exactly why I don't get why black people get all upset when I call them the N-word.

sounds like the grad student thing from a year ago

[iammaxus]

Anyone remember this? http://www.boston.com/business/articles/2005/03/08 /harvard_rejects_119_accused_of_hacking_1110274403 / [boston.com] Seems like the media supported the concept that it was hacking. Given, it required more work than in this case, but it was still a case of freely accessible URL.

predator, starring two future governors

[dopaz]

GET TO THE (url) CHOPPER!

Disparaging?

[RelliK]

Nice spin there. All he did was call one lady hot. BFD! As much as I think the governator is a joke, this is just getting ridiculous.

Re:

[klaun]

Nice spin there. All he did was call one lady hot. BFD! As much as I think the governator is a joke, this is just getting ridiculous.

While I agree that his comments were not disparaging, he definitely did more than call one lady hot. He characterized a group of people in a particular way based on their race. I think mainly the idea is that it was probably in poor taste for a governor to say. I imagine that some people might interpret it as being indicative of a predilection for making generalizations a

Re:

[jonnythan]

Asians are hot. They have it in their blood. I call them genes.

Am I racist now?

Everything's hacking in the mind of idiots

[ConfusedSelfHating]

I'm just waiting until there's a move by content providers to ban popup blockers because they prevent people from seeing ads ... thus costing someone potential ad revenue and when someone is deprived of potential revenue (even if the loss of potential revenue is only in their imagination) it is now the equivalent of theft.

There are quite a lot of people who view competent computer use as a form of magic. They are deeply scared of technology, vote people into office who don't understand technology and expec

CHP

[matt2413]

The CHP merged with the California State Police in 1995. They are the law enforcement authority on CA state property.

http://www.chp.ca.gov/html/history.html [ca.gov]

Re:

[proverbialcow]

I thought they were just patrolling the information superhighway.

Heh heh..you kow...because people used to call it that.

I give up.

Directory Listing Denied

[dilute]

That's all it would have taken. It's the default setting in IIS, but not the default in Apache2, as far as I recall. Anyway, the Gov's web site neglected to apply this fundamental protection. Tough crap, This is pretty silly stuff anyway.

Some free Apache Advice for ARRRNNOOLLDD

[xmas2003]

Options -Indexes

CHP == State Trooper

[JoeCommodore]

The California Highway Patrol are California's State Troopers.

Re:CHP == State Trooper

[DragonWriter]

For those to whom the parent is not clear, the California Highway Patrol has, for quite some time, subsumed the function of the formerly-separate California State Police, and also has a function with regard to the Governor (and, IIRC, certain other state officers) parallel to the protective role of the federal Secret Service.

So its not all that odd that the CHP is running the investigation, other than the fact that there is obviously nothing illegal about accessing publicly-served pages from someone's webserver, so there shouldn't be an "investigation" at all.

UP button in browser

[Barbarian]

l'd love to see a folder ''up" button in Firefox and other browsers--it would make "hacking" easier and perhaps educate.

The Governor's sharing audio files?

[Panaqqa]

Shouldn't the RIAA be suing over this?

beh...

[Rooked_One]

I could care less about this sort of thing... I'm sure we've all seen the vid of arnie toking it up, so what is a couple of free speach (legal) remarks going to do? I for one am really against dumbasses and actors in our seats of government, but this is just... well... i dunno... First off, if there is a master race on the planet, it is going to end up being blacks mixed with other races. I mean, its pretty sad, but we selectively engineered them to be the "best slaves you could" get... so if you en

Re:Disparaging Comments

[causality]

You're thinking too objectively about it. Just relax and let it be played enough times on the media and it will try to become true.

Re:Disparaging Comments

[cashman73]

I don't really see what the problem is here, either. His earlier comments about, "crushing your enemies; seeing them driven before you; and hearing the lamentations of the women," didn't seem to hurt him to bad,... ;-)

Re:

[humble.fool]

"I think it's less liberal than it is oppositional." - Karl Rove on the media, one of the few times I've agreed with the man.

Try the real version

[Quiet_Desperation]

1. Republican (barely) makes SLIGHTLY off color remark that bothers no one, especially the woman the remark was about, who thought it was funny.

2. L. A. Times prints the story from an "anonymous" source without bothering to do any verification.

3. Despite no one with a functioning brain thinking the comment was anything to even care about, extensive media coverage is given to the blubbering hand wringing and panty soiling histrionics of various key Democrats, including Arnold's opponent, who act as if he was caught eating babies on video.

4. It is revealed that the file was taken from a computer by members of the Phil Angelides staff, possibly illegally, and that the L. A. Times probably knew more about the source than they originally let on, suggesting political dirty tricks collusion.

5. Not one mainstream reporter asks the Phil Angelides campaign what happpened to their pledge of "sticking to the issues".

The leftists on Slashdot and elsewhere torture logic to the point that the UN considers issuing a stern finger wagging.

Re:

[calidoscope]

And of course this is the same L.A. Times that was sitting on the 'groping' story for months, only to release it the Thursday before the election. Pity in that the Times used to be a pretty decent newpaper.

Surprised that almost no one has drawn parallels with the HP mess.

And, for contrast...

[ScentCone]

This reminds me of the time that Bill Clinton was video taped in front of some scale model of a new federal building (or was it a White House gingerbread house on display for the holidays?). Regardless - his immediate reaction on seeing the scale model was that it looked like it had been built for Robert Reich (his 4'-10" Labor Secretary, a cabinet member). Reich (just like the woman with whom Arnold was joking) took it in stride, and frequently jokes about his height himself.

But: such media coverage as

Schwarnazi??

[calidoscope]

Talking about offensive remarks...