Washington, DC – Earlier today, U.S. Rep. John D. Dingell (MI-12) announced he will not seek re-election. DNC Chair Debbie Wasserman Schultz released the following statement:
“For more than five decades, U.S. Rep. John Dingell has served the people of Michigan and this nation with honor and distinction. As the Dean of the House of Representatives, he has done so much to help not only his constituents in Michigan, but nationwide. He has been a champion for Democratic values and has been a vocal advocate for the auto industry, civil rights, immigration reform, the environment and presided over the House of Representatives as we passed the Affordable Care Act.
“While he was Chairman of the House Committee on Energy and Commerce, he helped pass clean air and water bills and helped secure more of our land for preservation and national parks. He also helped shepherd through a bill that is very personal to me, the Virginia Graeme Baker Pool and Spa Safety Act, that aims to prevent childhood drowning deaths and injuries.
“Congressman Dingell leaves behind a remarkable legacy of working across the aisle on behalf of all Americans. His diplomacy and institutional knowledge will be missed in the halls of Congress. I wish Congressman Dingell and his family all the best as he embarks on a well-earned retirement.”
President Obama sent an email to supporters emphasizing the importance that 2014 will make for the progress of our country. He encouraged them to chip in to support Democrats and they will be entered for a chance to meet him at the 2014 Winter Meeting at the end of February. Here's what he had to say:
We've accomplished so much together over the last several years, and none of it would have been possible without you.
On November 4th, America will elect the last Congress I will work with as President, and I'm going to do everything I can to help support the Democrats who are going to fight for an America where everyone has a fair shot at success.
I won't be on the ballot this fall, but these midterm elections will have an outsized impact on what we're able to get done while I'm in office.
There's so much more we can be doing to create opportunity for our family members and neighbors. We cannot afford to move back or stand still. This year has to be a year of action for all of us.
Pitch in to elect more Democrats today:
P.S. -- Don't worry about your flight and hotel -- if you win, those will be covered for you and a guest. Support Democrats today, and automatically enter for a chance to meet me later this month in D.C.
Medicaid expansion is one of the most important issues to face the Tennessee General Assembly in more than 20 years. This decision will affect the lives nearly a quarter of a million working men and women in Tennessee, and now is the time to make a decision -- one that is based on people, not politics.
Here are the facts: If we expand our Medicaid program, hundreds of thousands of Tennesseans -- will receive quality, affordable health care coverage. Tens of thousands of these individuals are children and veterans, many of them our neighbors from the National Guard who don’t qualify for full V.A. benefits.
Every week when I get back to my district, I hear from working middle-class families whose jobs don’t provide health care and who make too little to afford real coverage on their own. Medicaid expansion offers an opportunity to expand coverage to these working families who live between 100-138 percent of the poverty line -- or about $31,000 a year for a family of four.
Expanding Medicaid also makes financial sense. About 15 percent of the Tennessee economy is dependent upon the health care sector. Without Medicaid expansion, dozens of hospitals are in danger of closing, meaning our state could lose thousands of jobs over the next ten years.
Drilling down deeper, we know that Tennessee currently ranks near the bottom in women’s health and infant mortality. Medicaid expansion offers a meaningful opportunity to address both these important issues.
We know that the key to a healthy baby is a healthy mother. Unfortunately, our current system ignores the needs of working class mothers, who many times don’t qualify for Medicaid coverage until they are pregnant. Medicaid expansion would extend quality health care to women before they become pregnant, meaning a healthier pregnancy and healthier baby.
It should be no surprise that Tennesseans have already made up their mind on this issue. A recent survey showed that 59 percent of Tennesseans believe we should expand the Medicaid program, while only 35 percent expressed reservations about such a move. This is because Tennesseans understand what is at stake.
They know that expanding Medicaid will help working families, women and children. They also know it will reduce the amount of uncompensated care hospitals provide, which will ultimately bring insurance premiums down for everyone -- including those of us with employer provided or privately purchased coverage.
The good news is that it’s not too late for Governor Haslam to do the right thing. Tennessee Democrats know that Governor Haslam can negotiate with the federal government on Medicaid expansion. That’s why we offered budget amendments that would allow the Governor to accept federal funds for expansion, if and only if the conditions for his hybrid plan were met by the Department of Health and Human Services.
I understand there’s political pressure on Governor Haslam from the far right wing of his party. While putting this decision off may be politically popular, we owe it to the least among us to put people above all else and do the right thing. Lives depend upon it.
Joe Armstrong represents the 15th district in the Tennessee House of Representatives. He is the Democratic Caucus Vice-Chairman, and President of the National Black Caucus of State Legislators.
As our economy is continuing to recover, and new jobs are being created every day, President Obama reminds us that we still have much to do, as millions of Americans are working every day to find jobs. Until recently, people had been able to rely upon the safety net of federal unemployment insurance to help put food on the table and pay the rent.
However, Republicans in Congress have refused to extend unemployment insurance, leaving 1.7 million Americans without benefits, including more than 20,000 Marylanders. Approximately 70,000 more Americans lose their unemployment insurance each week that Congressional Republicans don’t choose to do what is right.
Once again the GOP is putting partisan politics over struggling American families. It is sad and disappointing that these lawmakers do not realize these are real people that rely upon this essential benefit as a lifeline.
In 2012 alone, unemployment insurance lifted 2.5 million Americans out of poverty, and since 2008, 17 million children have been supported by unemployment benefits. Failing to extend benefits could slow our recovery and cost the economy 240,000 jobs this year. In 2011, the Congressional Budget Office found that funding for the unemployed was one of “the largest effects on output and employment per dollar of budgetary cost.”
And in communities of color, the need is ever greater. The unemployment rate for African-Americans – while on the decline – still remains higher than the national average. This is not acceptable. President Obama knows this, and Democrats across the country know this. Nationally, the unemployment rate among African-Americans has remained above 11% for more than four years. Renewing unemployment insurance will provide the crucial safety net that these families need to succeed.
Join me in calling on Republican Members of Congress to renew unemployment insurance. It is time to put an end to partisanship, work with Democrats and help our citizens who are searching for jobs.
Yvette Lewis is the chair of the Maryland Democratic Party.
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Impersonation (OpenID module - Drupal 6 and 7 - Highly critical)
A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.
This vulnerability is mitigated by the fact that the malicious user must have an account on the site (or be able to create one), and the victim must have an account with one or more associated OpenID identities.Access bypass (Taxonomy module - Drupal 7 - Moderately critical)
The Taxonomy module provides various listing pages which display content tagged with a particular taxonomy term. Custom or contributed modules may also provide similar lists. Under certain circumstances, unpublished content can appear on these pages and will be visible to users who should not have permission to see it.
This vulnerability is mitigated by the fact that it only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier.Security hardening (Form API - Drupal 7 - Not critical)
The form API provides a method for developers to submit forms programmatically using the function drupal_form_submit(). During programmatic form submissions, all access checks are deliberately bypassed, and any form element may be submitted regardless of the current user's access level.
This is normal and expected behavior for most uses of programmatic form submissions; however, there are cases where custom or contributed code may need to send data provided by the current (untrusted) user to drupal_form_submit() and therefore need to respect access control on the form.
To facilitate this, a new, optional $form_state['programmed_bypass_access_check'] element has been added to the Drupal 7 form API. If this is provided and set to FALSE, drupal_form_submit() will perform the normal form access checks against the current user while submitting the form, rather than bypassing them.
This change does not fix a security issue in Drupal core itself, but rather provides a method for custom or contributed code to fix security issues that would be difficult or impossible to fix otherwise.
Install the latest version:
Also see the Drupal core project page.Reported by
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurityDrupal version: Drupal 6.xDrupal 7.x
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.Multiple vulnerabilities due to optimistic cross-site request forgery protection (Form API validation - Drupal 6 and 7)
Drupal's form API has built-in cross-site request forgery (CSRF) validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations. Given that the CSRF protection is an especially important validation, the Drupal core form API has been changed in this release so that it now skips subsequent validation if the CSRF validation fails.
This vulnerability is mitigated by the fact that a form validation callback with potentially unsafe side effects must be active on the site, and none exist in core. However, issues were discovered in several popular contributed modules which allowed remote code execution that made it worthwhile to fix this issue in core. Other similar issues with varying impacts are likely to have existed in other contributed modules and custom modules and therefore will also be fixed by this Drupal core release.Multiple vulnerabilities due to weakness in pseudorandom number generation using mt_rand() (Form API, OpenID and random password generation - Drupal 6 and 7)
Drupal core directly used the mt_rand() pseudorandom number generator for generating security related strings used in several core modules. It was found that brute force tools could determine the seeds making these strings predictable under certain circumstances.
This vulnerability has no mitigation; all Drupal sites are affected until the security update has been applied.Code execution prevention (Files directory .htaccess for Apache - Drupal 6 and 7)
Drupal core attempts to add a "defense in depth" protection to prevent script execution by placing a .htaccess file into the files directories that stops execution of PHP scripts on the Apache web server. This protection is only necessary if there is a vulnerability on the site or on a server that allows users to upload malicious files. The configuration in the .htaccess file did not prevent code execution on certain Apache web server configurations. This release includes new configuration to prevent PHP execution on several additional common Apache configurations. If you are upgrading a site and the site is run by Apache you must fix the file manually, as described in the "Solution" section below.
This vulnerability is mitigated by the fact that it only relates to a defense in depth mechanism, and sites would only be vulnerable if they are hosted on a server which contains code that does not use protections similar to those found in Drupal's file API to manage uploads in a safe manner.Access bypass (Security token validation - Drupal 6 and 7)
The function drupal_valid_token() can return TRUE for invalid tokens if the caller does not make sure that the token is a string.
This vulnerability is mitigated by the fact that a contributed or custom module must invoke drupal_validate_token() with an argument that can be manipulated to not be a string by an attacker. There is currently no known core or contributed module that would suffer from this vulnerability.Cross-site scripting (Image module - Drupal 7)
Image field descriptions are not properly sanitized before they are printed to HTML, thereby exposing a cross-site scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a permission to administer field descriptions, for example the "administer taxonomy" permission to edit fields on taxonomy terms.Cross-site scripting (Color module - Drupal 7)
This vulnerability is mitigated by the fact that it can only take place in older browsers, and in a restricted set of modern browsers, namely Opera through user interaction, and Internet Explorer under certain conditions.Open redirect (Overlay module - Drupal 7)
This vulnerability is mitigated by the fact that it can only be used against site users who have the "Access the administrative overlay" permission.
Install the latest version:
Also see the Drupal core project page.Warning: Fixing the code execution prevention may require server configuration; please read:
To fix the code execution prevention vulnerability on existing Apache installations also requires changes to your site's .htaccess files in the files directories. Until you do this, your site's status report page at admin/reports/status will display error messages about the problem. Please note that if you are using a different web server such as Nginx the .htaccess files have no effect and you need to configure PHP execution protection yourself in the respective server configuration files.
To fix this issue, you must edit or replace the old .htaccess files manually. Copies of the .htaccess files are found in the site's files directory and temporary files directory, and (for Drupal 7 only) the separate private files directory if your site is configured to use one. To find the location of these directories, consult the error messages at admin/reports/status, or visit the file system configuration page at admin/settings/file-system (Drupal 6) or admin/config/media/file-system (Drupal 7). Note that you should only make changes to the .htaccess files that are found in the directories specified on that page. Do not change the top-level .htaccess file (at the root of your Drupal installation).
Go onto your server, navigate to each directory, and replace or create the .htaccess file in this directory with the contents described below. Alternatively, you can remove the .htaccess file from each directory using SFTP or SSH and then visit the file system configuration page (admin/settings/file-system in Drupal 6 or admin/config/media/file-system in Drupal 7) and click the save button to have Drupal create the file automatically.
The recommended .htaccess file contents are as follows.
For Drupal 6:# Turn off all options we don't need.
For Drupal 7:# Turn off all options we don't need.
Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.Drupal 6.xDrupal 7.x
First up from the God Machine this week is a story about Mike Huckabee, the pastor turned governor turned presidential candidate turned media personality, who used his platform to go after a specific religious minority.
Speaking on his radio program on Monday, Huckabee prefaced his remarks by saying that he understood it was "politically incorrect" to "say anything unkind about Islam." He then went on to suggest that Islamic teachings were to blame for recent unrest during the holy month of Ramadan.
"Can someone explain to me why it is that we tiptoe around a religion that promotes the most murderous mayhem on the planet in their so-called 'holiest days,'" Huckabee said. "You know, if you've kept up with the Middle East, you know that the most likely time to have an uprising of rock throwing and rioting comes on the day of prayer on Friday. So the Muslims will go to the mosque, and they will have their day of prayer, and they come out of there like uncorked animals -- throwing rocks and burning cars."
Huckabee later clarified that he did not mean to refer to all 1.6 billion Muslims worldwide. How nice.
The Huffington Post's report noted that destructive demonstrations are more common in the Middle East on Fridays, but "there are numerous factors that have made Friday the most popular day for protests, including the fact that most of the Muslim world gets the day off and frequently congregates in large communal areas to observe the day of prayer." For Huckabee to suggest prayer services themselves generate violence is unfounded.
Huckabee, one of the nation's most prominent religio-political voices on the American right, has a long history of provocative rhetoric, and these comments follow remarks Huckabee made after the massacre at Sandy Hook Elementary, when he tied the lack of government-sponsored religion to the tragedy.
Huckabee has also falsely claimed that President Obama “grew up in Kenya"; he's endorsed “death panel” garbage; he's equated the national debt with the Nazi Holocaust; and has gone after the LGBT community with over-the-top rhetoric. In August 2009, Huckabee even argued on his own radio show that Obama’s health care reform plan would have forced Ted Kennedy to commit suicide.
But Huckabee going after religions he doesn't like is fairly new.
Also from the God Machine this week:
* Cathie Adams, the former chair of the Texas Republican Party, fears that congressional approval of immigration reform may "lead to an identification system indicative of biblical End Times."
* The Supreme Court is set to hear a case out of upstate New York, challenging the constitutionality of opening sessions of the town board with an official prayer. This week, both Congress and the White House weighed in, siding with the town practice. In a rather crass move, Senate Minority Leader Mitch McConnell (R-Ky.) has begun fundraising on the issue (thanks to reader R.B. for the tip).
* An unfortunate development in Massachusetts: "Monsignor Arthur Coyle, a top official in the Merrimack Valley area for the Archdiocese of Boston, was arrested Sunday and charged with soliciting a prostitute, after having been spotted by police circling around known prostitution spots in the city more than a dozen times in the past 10 months." Late last year, Coyle was given the title of Prelate of Honor by then Pope Benedict XVI (thanks to reader R.P.).
* And TV preacher Pat Robertson was asked by a viewer about video games, and he replied, "If you're murdering somebody in cyberspace, in a sense you're performing the act." Good to know.Watch on YouTube
The full list of tonight's citations are posted after the jump, but if you're looking for Ohio State Representative Connie Pillich's Huffington Post article that she mentioned during her interview tonight with Rachel, it's this:
Obama outlines surveillance reforms at press conference
Tonight's guests include:
Pete Williams, NBC News justice correspondent
State Rep. Connie Pillich, (D) Ohio
The soundtrack of the evening! And here is executive producer Bill Wolff, with a preview of tonight's show:
Today's edition of quick hits:
* Pakistan: "The U.S. Consulate in the Pakistani city of Lahore was shut on Friday with only emergency staff remaining on duty following 'specific threats,' officials said. The State Department also advised U.S. citizens against traveling to Pakistan. Most American diplomats and staff based in Pakistan's second-largest city were ordered to stay home."
* Perhaps my favorite line from President Obama's press conference this afternoon: "I think the really interesting question is why it is that my friends in the other party have made the idea of preventing these people from getting health care their holy grail. Their number-one priority. The one unifying principle in the Republican Party at the moment is making sure that 30 million people don't have health care."
* Also note, on the upcoming Olympic games in Russia, Obama added, "I want to just make very clear right now, I do not think it's appropriate to boycott the Olympics. We've got a bunch of Americans out there who are training hard, who are doing everything they can to succeed.... [O]ne of the things I'm really looking forward to is maybe some gay and lesbian athletes bringing home the gold or silver or bronze, which I think would go a long way in rejecting the kind of attitudes that we're seeing there. And if Russia doesn't have gay or lesbian athletes, then that would probably make their team weaker."
* Ohio: "The last abortion clinic in the city, Capital Care Network of Toledo, could be forced to close its doors within the month, which would make Toledo the largest city in the state without a provider." More on this on tonight's show.
* The first bill-signing ceremony in a while: "President Obama will sign the student loan bill into law on Friday afternoon after weeks of partisan disagreements and rising costs."
* Sen. Barbara Boxer (D-Calif.) wrote a blistering letter to San Diego Mayor Bob Filner (D), telling him it's time to quit: "I am speaking to you now on a personal and professional level, and asking you to step down as mayor and get the help you need as a private citizen."
* If House Democrats are looking for House Republicans willing to sign a discharge petition on immigration reform, they should probably start with Rep. Jeff Denham (R-Calif.).
* This really isn't going over well on the right: "Senate Majority Leader Harry Reid (D-NV) told KNPR radio Friday that he hopes Republicans' ongoing opposition to President Obama is driven by 'substance' and not race."
* And we talked earlier about Rep. Markwayne Mullin (R-Okla.) going birther at a town-hall meeting in his local district yesterday. Today, the conservative congressman said he "misspoke" at the event.
Anything to add? Consider this an open thread.
As presidential press conferences go, this afternoon's event was pretty newsworthy -- President Obama noted at the outset that his administration can do more when it comes to transparency and safeguards in the nation's surveillance efforts.
President Obama on Friday sought to get his administration ahead of the roiling debate over National Security Agency surveillance, releasing new information about spying activities and calling for changes aimed at bolstering public confidence that the programs do not intrude too far into Americans' privacy. [...]
Among other steps, Mr. Obama announced the creation of a high-level task force of outside intelligence and civil liberties specialists to advise the government about how to balance security and privacy as computer technology makes it possible to gather ever more information about people's private lives.
The president also threw his administration's support behind a proposal to change the procedures of the secret court that approves electronic spying under the Foreign Intelligence Surveillance Act in order to make its deliberations more adversarial.
Not surprisingly, there's a limit to how many details the president was willing to share during brief remarks, but a senior administration official told MSNBC today, "We mean this as a down payment on some greater understanding of what NSA is and how it goes about its business," adding, "This [declassification of materials] provides us the foundation to make additional information transparent as necessary." This "may" include information beyond what was leaked by Edward Snowden.
Also note, while Obama can make some changes within the executive branch, he will need Congress for some additional reforms, including a review of "Section 215" of the Patriot Act, which gives the administration expansive powers on collecting phone records. Obama also referenced in his remarks a panel to recommend additional changes, though it's unclear who'll serve on it or when we might hear from the commission.
Of particular interest to me was the part on legal rationales. In recent years, the White House has, on more than one occasion, defended surveillance efforts by assuring the public that there was a thorough review and the programs in use were approved after meaningful legal scrutiny -- but no one was allowed to see the conclusions. As of this afternoon, at least some of this will change, with the Justice Department set to release materials that explain the administration's authority in "some detail," along with "controls and accountabilities" of the NSA itself.
It will take to consider the changes in detail, and determine how they'll be applied and when, but it appears the newly announced reforms represent a step in the right direction.
When Virginia Gov. Bob McDonnell (R) hired a crisis-management team to deal with his corruption scandal, the team of lawyers and consultants told him to stop the bleeding: return the gifts he'd received from Star Scientific CEO Jonnie Williams. So why has state Attorney General Ken Cuccinelli, the Republican who hopes to replace McDonnell, refused to do the same?
Last week, Cuccinelli said he couldn't return the $18,000 in gifts because they weren't tangible goods -- unlike the luxury goods McDonnell received, Cuccinelli received dinners, trips, and vacation lodging.
But that wasn't much an excuse -- Cuccinelli could determine the value of these gifts and pay his benefactor back, or perhaps donate a comparable amount to charity.
And that brings us to today, when the far-right gubernatorial candidate came up with a brand new excuse.
Cuccinelli, who serves as Virginia's attorney general, has maintained that those gifts -- including a flight, turkey dinner, stays at Williams's vacation home and nearly $7,000 in supplements -- were intangible items that he is unable to return.
But when pressed about reimbursing for the monetary value, Cuccinelli responded, "You mean just write a check? If I could do that, I just might do that. But that's just not something I can do, from my family's perspective."
Wait, Ken Cuccinelli can't resolve his corruption allegations because he doesn't have $18,000?
Yes, that is the new argument. A campaign spokesperson added, "As a father of seven children, like most Virginians, he needs to manage a family budget, and his comment simply reflected that reality."
In other words, Cuccinelli would pay back the money he should, but he can't afford to do the right thing. That's probably not going to give his candidacy a boost as the gubernatorial race reaches the home stretch.
The Republican National Committee has said repeatedly, for quite a while, that it wants to expand beyond its older, white base, and bring in more racial and ethnic minorities. I think it's safe to say today was not a helpful day in this effort.
In New Jersey, for example, the leading Republican U.S. Senate candidate was forced to delete a racist tweet, directed at Newark Mayor Cory Booker, from his official campaign account. In Wisconsin, Gov. Scott Walker (R) was forced to fire an administration official who equated undocumented immigrants with "Satan." In D.C., Jason Richwine is talking again about minorities being intellectually inferior on a genetic level.
And then there's Oklahoma.Watch on YouTube
As Scott Keyes reported this morning, Rep. Markwayne Mullin (R) hosted a town-hall meeting in his Oklahoma district yesterday, and fielded a question from a self-described "Birther Princess." Mullin wasn't eager to pursue the racist conspiracy theory -- not because he considers it ridiculous, but because he believes it's too late.
Though Mullin at first appeared to be batting down the Birther Princess's nutty theory, it quickly became clear that he only took issue with her timing, not the substance of her accusation. "I believe what you're saying," he told the woman, saying he thought the birther issue "probably would've been" big enough to drag down Obama in 2012. Mullin felt aggrieved that he had to question whether Obama was actually born in the United States, concluding that although the issue is "still there," it's too late to prove it to the country.
Mullin is the second House Republican to endorse birtherism just this week.
Like I said, it's just a banner day for Republican minority outreach, isn't it?
About a year ago, former Rep. Bob Inglis (R-S.C.) made the case that his party has no choice but to come around on climate change -- "the facts," he said, will "overwhelm" Republican resistance.
Last week, Inglis' argument picked up some welcome support from four former EPA chiefs from Republican administrations, all of whom got together to write a New York Times op-ed on the "Republican Case for Climate Action."
Rep. Steve King (R-Iowa) must have missed it.
On the environment, King said efforts to fight global warming are both economically harmful and unnecessary. "It is not proven, it's not science. It's more of a religion than a science," he said.
He said that even if carbon dioxide in the atmosphere causes the earth to warm, environmentalists only look at the bad from that, not the good.
"Everything that might result from a warmer planet is always bad in (environmentalists') analysis," he said. "There will be more photosynthesis going on if the Earth gets warmer. ... And if sea levels go up 4 or 6 inches, I don't know if we'd know that."
First, climate science is based on voluminous, objective, peer-reviewed research. Second, it's a little weird to hear a conservative Republican suggest religion is inherently untrustworthy.
But the larger takeaway from King's remarks is that we may well be entering the next phase of climate denial. There have traditionally been three parts to this, but King points to a fourth.
Long time readers may remember the drill:
Phase 1: Conservatives claim climate change isn't real.
Phase 2: Conservatives concede that climate change is real, but insist we don't know what's causing it.
Phase 3: Conservatives accepting climate science, acknowledge that human activity is responsible for climate change, but argue that it'd be too much trouble to do anything about it.
King's argument, which pops up from time to time, is that we might like climate change so there's no real point in making such a fuss about the global crisis.
I'm afraid we're a long way from the facts "overwhelming" Republican resistance to science.