Slashdot Mirror
U.S. Department of Interior Ordered Offline
The whole of the U.S. Department of Interior has been forced off of the internet as a result of a court case Cobell v. Babbit. This was the result of compromises with the Microsoft Windows servers. A judge decided to take the whole of the organization down. Should this judge have this much power? Info here on the
indian trust web site. This includes the BLM, USGS and the Park Service. Staggering, really. CD: Hold off on the blaming of MS, it's still not clear.
Well at least there is one competent judge in the US. Personally this decision makes alot of sense, as in previously posted... if you can't keep confidential information confidential then you shouldn't have the information. All and all a good decision. I wonder how this affects Microsoft? Maybe now their get their collectively large asses moving and fix those damn security issues before each major release so we don't have to go updating to Microsoft Windows Service Pack 143.
can't sleep slashdot will eat me
Of course the judge should have this much power.. it's what we called a "check" in civics class. The executive branch is sucking, and nobody could make it stop sucking if the judicial branch had no power.
Yeah, judges should be limited to minor things like imprisoning human beings and deciding how to preserve our fundamental rights. No way should they be able to pull the plug on a bunch of machines.
It may seem a bit extreme to make the ruling so pervasive, but then again that may be the only way to get those brain-dead govt managers to create a real system (like perhaps without MS software to start).
What's irresponsible is that the systems holding this accounting data should be on the internet at all, and to make it worse, entangled to such a degree with other Interior systems that it makes them have to take down the *USGS*? WTF?
Judges have an incredible amount of power with regards to injunctive relief. It's tempered of course by numerous limitations, and clearly the DOI pissed him off, provoking such an extreme response, but this isn't surprising.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Yes.
A judge can put a person into prison for life or sentence them to death.
Ordering the turning off of all computers that are leaking personal sensitive information (a)the right thing to do amd (b) not nearly as drastic as some other things judges can order.
http://www.thehungersite.com
I agree. Think of it like a bank.
If a bank was FDIC insured, and their physical security was absolutely horrible, then the government would yank the insurance and effectively shut the bank down. Fortunately for the banks, the government isn't competent enough to rate their Internet security as they are the physical and fiscal security.
If no one ever lays the hammer down on something like this, people will never start to equate online security with the physical security they take for granted. And much better for the government to start policing itself before it makes more noises about policing the rest of us.
Yes, absolutely, a Federal Judge should have this much power. It's one of the best checks against the possibility of tyranny.
Since the Executive and Legislative branches of government routinely ignore the U.S. Constitution, it is extremely important that we can count on the check of the Judiciary.
Wikia
"In a sweeping action with far-reaching but unclear ramifications, U.S. District Judge Royce Lamberth granted the emergency request, which was brought on behalf of 300,000 American Indians whose assets are housed on a computer infrastructure so easily penetrable that a court investigator and his team of security experts were able to break in and repeatedly access, modify and even create trust data -- all without raising a response from the government."
/. wants to see liability extended to the same absurd levels of product and contingent liability that have been demonstrated in the McDonalds and other Python-esque liability cases, BUT...
it's actually well past time for the courts to hold organizations whose systems are busted by 12 year old scriddies running "canned scripts" from Toolz sites
how would you feel if this were your families' or your companie's sensitive and/or private information??? Information about your 502 or your daughter's rape, or your son's juvenille arrest for possessing underage TeleTubbie Pr0n?
"Coupled with the judge's action were criticisms from members of Congress about the security failures. "The GAO told us five years ago that the fund was in shambles," said Rep. Jim Hansen (R-Utah,) chairman of the House Resources Committee, which has jurisdiction over Indian affairs. "Now we learn that a computer security system deployed in 1999 is virtually worthless," he said."
i don't think anyone on
...isn't it about time the direct creators, distributors and managers of dangerously insecure computer systems have at least SOME small legal responsible (and limited accompanying monetary liability)????
If the facts on the Indian Trust website ARE true, DOI (and Congress) have long been aware of the problems and have been ducking the bullet on fixing it...if this were my money/info, I'd sure be upset...
Ten quid, she's so easy to blind. And not a word is spoken...
Comment removed based on user account deletion
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris.
The site www.blm.gov is running Apache/1.3.22 (Unix) PHP/4.0.6 on unknown.
The site www.nps.gov is running Netscape-Enterprise/4.1 on Solaris.
Oh, and nps is still up....
::taking it seriously:: For archival reasons, assuming the website will be back up at some point (fairly likely, I think).
-Justin
That's enough posting for now lads, there're trolls afoot.
But if the credentialing scheme in place depends on Windows frontend servers being secure, you can damn well better bet that it will be dutifully serving up data to the wrong party.
Can't do much about that. I don't perform ANY core business functions on Microsoft server software, their history of getting brutally hacked and denying it is far too pervasive. (Yes, Sun and IBM are terrible too. Frankly, Red Hat and the OpenBSD Project are valuable to me not because they're "perfect", but because they're honest and prompt when they fuck up! I cut both organizations a new check every 6 months of my own free will, NOT because they try and force my company to. The checks come out of my after-tax salary; as far as I know the company has never paid a dime for either project's media.)
The consultants were probably lazy too, but don't get too overzealous to defend the most probable point of entry. I am somewhat less than surprised that a large gov't agency would screw up like this, although most of the dep'ts I work with at least have the sense to retain solid IT security consultants (I've met some very competent Lockheed employees, for example; I have no idea who was at fault in this incident).
Remember that what's inside of you doesn't matter because nobody can see it.
It works both ways. Thousands of USGS employees have lost access to important web sites like the National Weather Service.
Also, those 7,000 (IIRC) real-time river-monitoring stations aren't available to emergency services managers and other officials who need the data to respond to floods and other natural hazards.
I used to work for the USGS as a student employee in their computer services dept. Lack of security and competent network administration would be too kind for me to say. Stupidity like, each and every government computer has a public ip address, regardless if it is serving up web services. NT4 servers running with service pack four. And worse yet, users with full admin rights on their PCs, installing software and changing settings that could open them up for god knows what.
The fitness of the human species, which has guaranteed its survival, is its ability to undertake joint action, even at the expense of several individuals. A 'Union' is an example of Darwinian fitness. Before the union movement of the 19thC working class people and their children regularly starved to death, limiting their chances of reproduction. Since unionization, the survival rates of working class people are nearly equal to those of middle class (in the classical sense ie. those not either aristocratic nor working class) people.
Just as long as we don't hear the President say (also in an Indian-related affair): "Mr. Marshall has made his decision, now let him enforce it." The judiciary is only as much of a check on the Executive as it is allowed to be.
Your right to not believe: Americans United for Separation of Church and
Indeed, but that is not a question for the judge, it's one for the legislature
Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
You know.. I just thought of something. There is the WayBack Machine which lets you get past copies of ANY website. Do you think one could get a copy of the DOI and get cached copies of the data, or some such stuff?
One good whore deserves another, I suppose.
The power of judicial review is not "ignoring the law". Judicial review is the power to say that a given law violated the terms of another, "higher" law -- in the US, that's the Constitution. A judge cannot (or at least should not) choose to ignore a law on the basis of "I just don't like it".
The power the judge is exercising in this case, is the ability for a judicial or quasi-judicial authority (ie: a congressional committee) to hold someone in contempt. When one violates the order of a judge in a given situation -- that is, a case is brought before him/her, and in the course of that proceeding orders a certain thing to be done, or not be done -- and that order is violated, they can be held until such time as they satisfy the judge that they will comply, or until suitably punished. Yes, the power of holding someone in contempt is broad, with only the barest hint of restraint (many jurisdictions only allow someone to be held on contempt for a year or less).
This says nothing of the laws themselves -- where one is charged, tried, and formally sentenced to a given term in accordance with the law violated.
using a tool called a "cracker."
It is not the sites that have security problems, it is this "cracker" program. Maybe they should find the author of "cracker" and charge him/her with creating terrorist tools!
Bad boys rape our young girls but Violet gives willingly.
You could not be more wrong. The fundamental feeling behind unions goes like this.
1) The management is united and organized and it's in their interest to pay as as little as possible while making us work as much as possible. Unless we organize and stand united we will be victims of cost cutting and abuse.
2) By organizing we can prevent management from arbitrarily firing one us to hire their sister in law.
3) By organizing we can lobby politicians to listen to us instead of them only listening to corporations.
Forming a union is self defense. It's also the absolute best way to piss of a corporation management. When ever they hear the word union veins pop out in their heads and they round up the goon squad. If you ever get pissed off at a corporation try to unionize their employees. It's fun (if a bit dangerous because they might actually try to kill you) and they will definately notice you. Much better then sending them flame email.
War is necrophilia.
The attentive reader will note that Mr. Jackson suffered one of his most serious historical black eyes following that quote. I hope in this day of 24 hour news, no president would make such a logistical blunder.
Of course, we are talking about the folks who dusted off the Star Chamber and wrapped it in our paranoia. So disregard what I wrote. Time for the aluminum beanies.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
To get success, you have to hire just enough good people, pay them well enough that they don't have to worry about the bills, and help them build a success-centered culture. Well-paid people with practically guaranteed jobs who go on strike do not constitute such an organization.
OTOH, when I want money I ask for it, and if I don't get it I go elsewhere if the market lets me. I do not -- and would *never* -- collude with my fellows to put clients/employers in a position where they have to knuckle under to me or go out of business.If those teachers in NJ were truly not being paid enough, they could go into business for themselves and people would line up to pay them better.
I swear, this is the last I'm posting in this thread.
-- ;-)
Kuro5hin.org: where the good times never end.
Before every one starts jumping to the conclusion that this judge is completely out of line, consider this: The US Government has a track record of not keeping to agreements with Indians. In addtion, this would not be the first time the DOJ was instrumental in ripping off the Indians. The judge took this action to protect the assets of people whose money was in the Trust. After having their land and all their possessions stolen, they hardly need to have whatever remaining money they currently have stolen, as well. There are many people starving on reservations. The Pine Ridge (Lakota) reservation regularly receives charity from many sources. Knowing all this, and reading the article about the silliness of the DOJs counsel, would it not be better to consider that perhaps the judge is protecting someone?
In addtion, recently, justices have had very little bravery when dealing with large government institutions or corporations. They have deferred to congress with the DMCA and other laws that are arguably unconstitutional and generally not stood for principles against politics. Look at the MS case. As soon as Bush got elected, the case changed to a settlement. So, my question then becomes, should we not applaud a judge for being bold enough to risk a political backlash and actually fight for the underdog (ie. another marginalized group needing protection from the powers that be)? If we do not respect this judge, how can we expect considerations in EFF cases such as the Skylarov (sp?) case?
Consider that.....
Ok, you're starting to talk about higher laws being required to revoke bad laws. How about this: the International Convention on Human Rights :
In other words, the judge ought to defend their right to be part of a trade union, and to protect the right of that trade union to stand-up for their members
Unfortunately, the US has an extremist far-right government, who considers anyone standing up for the rights of workers to be somehow communist (read sub-human), hence the reason they choose to ignore international human-rights law (see Amnesty International's page on the US for more examples)
> it's irresposible because anyone could easily open my mailbox and find
> almost $3 of totally spendible money ready and waiting.
But that's not too far from how the government has handled these trust funds--assuming, of course, that the government was supposed to have sent you $3 Billion . . .
The history of mismanagement of these moneys, and the sheer volume of missing records (they don't know how much they're supposed to have had, who it belongs, to, etc.) is shocking, even by banana republic standards. The existence of this case should have scared of Norton from *taking* the job as interior secretary . . .
Add to that that the first rule of litigation is, "don't piss of the judge." They've done that in spacdes. And if you *are* going to piss of a judge with misconduct and feigned ignorance, this is the *last* judge in the united states to do that to . . .
hawk, esq.