Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Allows Arkansas To Hide Wikipedia Edits

Posted by Soulskill on from the change-we-don't-believe-in dept.

rheotaxis writes "A circuit judge in Arkansas will not order the state to reveal where its computers were used to edit Wikipedia articles about former governor Mike Huckabee while he was running for President. Two Associated Press journalists used WikiScanner to track the edits to IP addresses used by the state. Writer Jon Gambrell and News Editor Kelly P. Kissel filed a suit in October 2007 asking the state to reveal which state offices used the IP addresses, because state rules don't allow using computer resources for political purposes. The director of the Arkansas Department of Information Systems, Claire Bailey, claimed in court that releasing this information would allow hackers to target these state offices."

145 comments

  1. Huh? by Anonymous Coward · · Score: 4, Funny

    What, you need more then a IP to hack a computer?

    1. Re:Huh? by Anonymous Coward · · Score: 0

      a user name and password makes it super easy.

    2. Re:Huh? by Anonymous Coward · · Score: 0

      Basically backwater computer people are still in the stone ages of security, their user name and password are probably their names...or were until they almost got hacked there, good thing they have a wise judge who knows about the fact they are all in big trouble either way, might as well protect their "network" (probably an all telephone line 56k based).

    3. Re:Huh? by The+MAZZTer · · Score: 2, Insightful

      If you're the RIAA that's all you need to sue.

    4. Re:Huh? by theillien2 · · Score: 0

      Their computers are quite Flintstone. I stopped at a hotel in Arkansas and could swear I heard a bird chipping away each screen refresh.

      --
      If we don't protect the freedom of speech how will we know who the assholes are?
    5. Re:Huh? by AmberBlackCat · · Score: 4, Informative

      What's interesting here is they were able to shutdown an investigation into government corruption in the name of security. I guess it's not just for federal government anymore.

    6. Re:Huh? by sumdumass · · Score: 1, Interesting

      I'm not exactly sure how that would be corruption or how it was an actual investigation. In Arkansas, you need to be licensed by the state or bonded with a company who is licensed to perform an investigation. If the people looking into if state computer use weren't licensed in either of those ways, calling it an investigation could possibly open them up for charges.

    7. Re:Huh? by Smallpond · · Score: 2, Informative

      That's for private investigators - note the "private". If you aren't investigating private persons, then you don't need a PI license.

    8. Re:Huh? by ElectricTurtle · · Score: 1

      I wish I had mod points for you, but other people it would seem would rather moderate important truths away.

      --
      I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
    9. Re:Huh? by sumdumass · · Score: 1, Informative

      Private is a term describing the service sectors. Private and public. The Public service is little more then an denotation that jobs are being done for the government instead of the private sector. Public servants aren't servants of the public, they are people who perform jobs in the public service. Private investigator are investigators who are not public employees, they are working in the private sector.

      It has nothing to do with the target of the investigation and everything with the service sector.

      According to Arkansas state law 17-40-102 (20)"Private investigator" means any person who performs one (1) or more services as described in subdivision (13) of this section

      (13)"Investigations company" means any person who engages in the business or accepts employment to obtain or furnish information with reference to:
          (A)Crime or wrongs done or threatened against the United States or any state or territory of the United States;
          (B)The identity, habits, conduct, business, occupation, honesty, integrity, credibility, knowledge, trustworthiness, efficiency, loyalty, activity, movement, whereabouts, affiliations, associations, transactions, acts, reputation, or character of any person;
          (C)The location, disposition, or recovery of lost or stolen property;
          (D)The cause or responsibility for fires, libels, losses, accidents, damages, or injuries to persons or to property; or
          (E)The securing of evidence to be used before any court, board, officer, or investigating committee;

      If the reporters were conducting an investigation, they would fall under 13- (A),(b) and likely (E). If they were reporting a story and inquiring to the facts of the story, they would be nothing but reporters doing their jobs (which might require a private investigators license). But declaring their actions a criminal investigation would most certainly require the license and registration.

      Violations are class A misdemeanors unless it happens twice within one year then it becomes a class D felony.

    10. Re:Huh? by Tenebrousedge · · Score: 2, Interesting

      A link to opensecrets would have been sufficient. Most of the Media money goes to Democrats, most of the Oil money goes to Republicans.

      Pointing this out is not particularly insightful; the troll mod is justified. Making Democrats out to be particularly heinous because they accept money from the RIAA is disingenuous. As far as leeches on society go, the MPAA/RIAA are not the greatest, and the issue of bribery crosses all party lines.

      --
      Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
    11. Re:Huh? by sumdumass · · Score: 1

      lol...

      It looks like a moderator was afraid of information getting out. They marked an incorrect statement as informative and the correct on as off topic. And the funny thing is, with this little post (and the few others who will attempt to explain how this is off topic) will pretty much make their intention of hiding the post moot at best.

      Private investigator- for only investigating only private people...lol. A high school understanding of government and civics would have told this person he was wrong. I pointed to the exact law in Arkansas.

    12. Re:Huh? by mi · · Score: 1

      Making Democrats out to be particularly heinous because they accept money from the RIAA

      I don't find RIAA neither heinous, nor leaching on society. At all.

      But you — and a number of other slasdhdotters do. My "troll" was trying to point out, that both, the subjects of the article and the RIAA are chasing people over an IP-address. And both groups are Democrats.

      ... most of the Oil money goes to Republicans.

      Let's not get distracted, uhm?

      --
      In Soviet Washington the swamp drains you.
    13. Re:Huh? by Anonymous Coward · · Score: 0

      I wish there were a "this whole damn branch is off-topic" mod flag I could set.\

  2. Secrecy or Transparency? by BadAnalogyGuy · · Score: 3, Insightful

    It is certainly a fine concept to want a fully transparent government. We (at least those of us here at Slashdot) demand the same of our operating system. And likewise, we try to argue that "security through obscurity" is a useless endeavor.

    However, the security of systems relies at some point on the obscurity of certain pieces of data. Whether it be a user password or a map of a network topology, the information itself has no real reason to be made public just for the sake of openness, one could argue.

    Even considering that the system may have been used inappropriately, is the crime worth the possible destruction of the entire network at the hands of hackers? Shouldn't there be a great deal of discretion when risking opening up of confidential information that could have a severe detrimental impact on society as a whole?

    1. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      The possibility of an attack is a red herring, obviously. But on the other hand, why would anyone think they're entitled to information about the internal network architecture? If you suspect that rules have been broken, give the information to the authorities and let them investigate. Let's not turn into lynchmobs over Wikipedia edits, mkay? Anyone who takes information from Wikipedia for more than a gossip needs to have their head reaffixed anyway.

    2. Re:Secrecy or Transparency? by RiotingPacifist · · Score: 5, Insightful

      I fail to see how network topology is something to be hidden, the computers either in front of a firewall and thus mappable anyway or behind one and so it doesn't really matter if you have the IPs because you cant send any traffic to them anyway.

      A map of a bank's safe isn't much use if the bank is secure.

      --
      IranAir Flight 655 never forget!
    3. Re:Secrecy or Transparency? by nurb432 · · Score: 4, Insightful

      Why would i be entitled? Well, its owned and paid for by the public.

      I agree its a sticky situation, but never forget the government is the people, funded by the people and works for the people.

      --
      ---- Booth was a patriot ----
    4. Re:Secrecy or Transparency? by Gorshkov · · Score: 5, Insightful

      However, the security of systems relies at some point on the obscurity of certain pieces of data.

      if it relies on obscurity, then it's not secure, period.

      Whether it be a user password or a map of a network topology, the information itself has no real reason to be made public just for the sake of openness, one could argue.

      A user password IS a secret, and is intended to be. Internal network topology is a way of organizing a network for administrative purposes, and is in NOT designed, nor CAN be be designed, to provide security.

      Some topologies make it easier to secure certain things, yes - but that is an administrative consideration in selection of a topology made to make implementing security easier; it is not, in itself, a security measure.

      Lastly .... the information was not sought "just for the sake of openness" - it was sought as part of the process to discover who had been engaged in criminal behaviour.

      is the crime worth the possible destruction of the entire network at the hands of hackers?

      If knowing which particular device is enough to give hackers the ability to destroy an entire network, there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.

    5. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0, Interesting

      That doesn't give you the right to turn into big brother. The government works for the people, but it is not slave to the people.

      IMHO anonymity is getting an undeserved bad reputation. Anonymous contributors are hunted down everywhere. People try to reveal identities instead of accepting that certain contributors are only willing to contribute if their identity remains secret. If you don't want anonymous contributions, don't take them. What is the problem with taking verifiable information? Isn't that the goal of Wikipedia anyway, to collect facts and leave opinion to the blogs? Well, if there is a real problem here, it only shows that there is a lot of wishful thinking regarding the quality of Wikipedia articles. In other news, it's been 23 minutes since I last successfully posted a comment. Slashdot thinks I need to wait longer, so this is it for today from this anonymous contributor. Discuss (without me).

    6. Re:Secrecy or Transparency? by Jeff+DeMaagd · · Score: 5, Insightful

      Using government resources to edit wikipedia entries does not sound like an ethical thing to do, anonymously or not. In this case, it looks like taxpayer money being used for political gain, another no-no.

    7. Re:Secrecy or Transparency? by impengo · · Score: 1

      Begging pardon for posting late to the party... Publish the IP address and have the court case. DAY OF PUBLISHING, apply at ISP for a different static IP for the network node, and use everything that is documented in the upcoming legal case. Ignorant means lacking knowledge. Stupid means slow to learn. Idiot means incapable of learning behavior. In the vein of "Fast, Good and Cheap - pick any two,"... pick two.

    8. Re:Secrecy or Transparency? by schon · · Score: 1

      the security of systems relies at some point on the obscurity of certain pieces of data

      No it doesn't. Obscurity is neither a necessary or desirable element of security.

      Whether it be a user password or a map of a network topology

      The first of these isn't obscurity, and the second should not result in the ability to compromise a system, so keeping it obscure won't help security (in fact, the belief that keeping it obscure is beneficial actually *reduces* your security.)

      Obscurity is information that is obscured - ie hidden with the belief that an attacker won't find it. In some cases, this belief is justified (strong encryption) in others, this isn't (network topology, listening ports, etc.)

      In any properly designed system (Such as Unix, or even Windows login) passwords are not obscured, they are one-way hashes, with both the location and hash algorithm known. If the passwords were kept in plaintext, and their location was kept secret, then that would be obscurity.

      Even considering that the system may have been used inappropriately, is the crime worth the possible destruction of the entire network at the hands of hackers?

      You're making the (extremely) flawed assumption that the *names* of people who used computers will lead to the destruction of the network, which is absurd.

    9. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 1, Informative

      if it relies on obscurity, then it's not secure, period.

      Way to pick out a keyword and use it to make an irrelevant "talking point" type response in your desperation to give the impression that the person you're replying to is an idiot.

      His whole point is that all security ultimately depends on secrets. If you do not protect your passwords and your private keys by preventing attackers from finding them out, then you have no security. In other words, your security depends on the obscurity of your passwords and private keys.

    10. Re:Secrecy or Transparency? by wilder_card · · Score: 4, Interesting

      Gorshkov (932507) said: ...there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.

      Unless Arkansas' IT department is radically different from those of states I'm familiar with, this is pretty much a given. You didn't really need the qualifying "if".

    11. Re:Secrecy or Transparency? by OeLeWaPpErKe · · Score: 0, Troll

      Well Obama supporters not only used government resources to find "Joe the plumber", they did so
      -> illegaly (violating privacy)
      -> on multiple locations
      -> multiple times

      And news organisations accepted and reported the stolen information.

      Politics suck. Obamatrons and Huckabots alike.

      Besides even internal wikipedia pages (why don't you check the page about wikipedia's "honorable" founder) are fucked up by politics and threats. The amount of people getting banned for saying something bad about wikipedia itself is over a hundred now.

      People should remember what wikipedia gives them : the opinion of the loudest minority. The politically correct "improved truth". Nothing more. Nothing else.

      Sort of like Soviet news sources.

    12. Re:Secrecy or Transparency? by unlametheweak · · Score: 1

      The director of the Arkansas Department of Information Systems, Claire Bailey, claimed in court that releasing this information would allow hackers to target these state offices."

      Which is a good thing, because without "hackers" knowing about these IP addresses then they would not be able to "hack" the information pertaining to potential abuses. Public information is generally better left in the public; let the chips fall where they may. Of course sensitive government information probably shouldn't be on public networks anyways, and state officials should be thinking more about security than censorship. Their priorities are misplaced.

    13. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      Finally, a precedent that can be used by ISPs to not give out data to the RIAA about who broke the law!

    14. Re:Secrecy or Transparency? by Jeff+DeMaagd · · Score: 4, Insightful

      I don't know how what you're saying even applies. Most Obama supporters are not in the Obama campaign, Obama's campaigns don't have access to Ohio government resources like some in Huckabee's campaign might have been in Huckabee's home state, nor did Obama ask his supporters to violate the privacy of Samuel Joseph Wurzelbacher. Don't conflate these situations needlessly. All those that misuse their government office for election gain should be held accountable. In this case, it looks like maybe those in the Huckabee campaign may been doing this, but this veil of secrecy prevents knowing whether this is true. Maybe that this was the work of an independent Huckabee supporter, but without a proper investigation, we won't know. In SJW's case, Ohio government resources aren't under Obama's jurisdiction.

    15. Re:Secrecy or Transparency? by OeLeWaPpErKe · · Score: 1, Troll

      Obama's campaigns don't have access to Ohio government resources like some in

      So what exactly would you call access to the state's driving license database for critics of their campaign ?

      Ebay must be truly grand these days ...

    16. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      Couple of considerations: First, entitlement in its own merit has no working leverage, because most states do not promote liberial or open access policies to public records. Secondly, one may consider the legal argument based upon the definition and scope of what constitutes an administrative record in the state of Arkansas. My guess is that it may not recognize operating system configuration or related metadata as public domain information. Third, people have little 'direct' influence into governmental matters. Courts typically side with tradition, including the existing administrative protocol and operations, and administrative staff for input. These laws and rules were codified way before application of automation tools and electronic records. Administrative staff work for decision makers who answer to system governed by legislative and judicial representatives. Until technology processes and procedures are clearly defined and understood, we can expect government agencies to proceed slowly with caution by protecting itself.

    17. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      if it relies on obscurity, then it's not secure, period.

      That's not always true. In fact, you yourself talk about passwords in the very next paragraph, which very much do rely on obscurity to be secure.

      But that being said, the main problem with your claim is that you're thinking in black and white. It's true that a system that relies solely on obscurity to remain secure is not actually secure; but that being said, it's very much possible to add an extra layer of defence that consists of obscurity.

      Case in point? My SSH server runs on a non-standard port, which I'm not going to tell you.

      Does that add security? You might argue it doesn't, since anyone could just scan my machine and find it again; and certainly, if a hole is found in OpenSSH, I'll be among the first to roll out the fixed version, but say whatever you will: things like brute-force break-in attempts from Chinese IPs that ran into the tens, if not hundreds, of thousands per day before have stopped entirely.

      Arguably, this IS a gain in security.

      So, to cut a long story short - you're on the right track, basically, but you haven't quite grasped the underlying principles and drawn your own conclusions, and instead still resort to reproducing soundbites that others came up with before. Which is better than believing that obscurity equals security, for sure, but still: you still have a lot to learn, grasshopper.

    18. Re:Secrecy or Transparency? by sumdumass · · Score: 3, Insightful

      if it relies on obscurity, then it's not secure, period.

      No, that isn't exactly correct. Obscurity is good at protecting against unknown exploits that are targeted at specific agencies. This is a branch of government who might actually be a target more so then a website or something. We know there are zero day exploits and puting a sign up saying the important shit is here probably isn't the best idea.

      So while security through obscurity is crap, there are still legitimate reasons for not wanting the IP locations or departments to be public knowledge.

      Lastly .... the information was not sought "just for the sake of openness" - it was sought as part of the process to discover who had been engaged in criminal behaviour.

      Well, no. This isn't really criminal behavior. First, Arkasas state law allows for campaigning to be done on state property if hte office or space is open to the public for this purpose without regard to political party or affiliation. Violation of that is a misdemeanor. Second, all you have so far is allegations from two reporters, you don't have any official criminal proceedings. So even if it is unethical or appears that way, there are perfectly legal ways in the State of Arkansas that it could have happened.

      So the corect statement would be more like "The information was not sought "just for the sake of openness" - it was sought as part of the private endeavors to discover if someone had been engaged in criminal behavior.

      If knowing which particular device is enough to give hackers the ability to destroy an entire network, there's a butt load and a half of network administrators working for the state that need to be fired - and the sooner, the better.

      Government networks are gifted with resource shortages, out of date technology and so on. It's logical to expect any government network to contain routers that are 15 years old that might still have the superman password hard coded in the firmware, it's entirely possible that some agency is still using windows 2000 or worse, windows 98. A lot of the technology decisions are over ruled or determined with political expectations.

      I actually work with some governments and I see this all over the place. I'm not in Arkansas but here is how the situation plays out, An group of angry citizens calls in and complains because the pot holes in from of their drive still isn't fixed and it has chewed up another tire or causes suspension damage when they hit is at 10 MPH over the speed limit(of course they don't admit to speeding). Now this is more from a local governmental perspective but it can easily transfer to higher offices with a little but different of a scenario play out. Anyways, the state or county goes and fixes the pot hole then the money to upgrade the server is missing from the budget so it has to wait another 90 days or so. Or there is a rash of crimes in the area and the police work overtime to catch the criminals or deter the crime and then the police budget is used up, cuts go from somewhere else, there goes the router upgrade until next year. And Sure, it's probably a piss poor job of communications when the IT guy can't make the case for why the routers need replaces or upgraded above the pothole being fixed or the crime wave being addressed but the people ultimately making these decisions are the emotional and political officers who depend on the public to get reelected so it is going to happen.

      But this decision didn't say the network will be hacked, it said it gives the hackers a (refined) target. As I mentioned earlier, there are zero day exploits and if your subject to the will of a politician or MS or Cisco or Dell or some other company, you are going to be subjected to them. A firewall isn't always capable of protecting the computers, Symantec just had a big problem in their internet securities and firewall program

    19. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      Except in this case, when it is working entirely in its own interest and not in the interest of the people.

    20. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 1, Insightful

      Is this government "by the people, for the people" the same government that is using our money to rescue companies that Americans don't want?

    21. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      Way to pick out a sentence and use it to make an irrelevant "talking point" type response in your desperation to give the impression that the person you're replying to is an idiot.

      The GGP's comment was completely irrelevant to the behavior in question that caused the phrase "security through obscurity" to be bandied about. If you're seriously up in arms about the GP's comments regarding that, then exactly how do you feel about the GGP's entire comment hinging on the phrase "security through obscurity" and extrapolating arguments about passwords and secured data, which is completely beside the point with regard to the political whitewashings of a Huckabee supporter?

    22. Re:Secrecy or Transparency? by cromar · · Score: 1

      While (almost) everything you say is correct, you misunderstand what "security through obscurity" is. See my post further up for why using passwords for security is not security through obscurity.

      Changing your port, in fact, does not make you computer more secure in a literal sense. Anyone who wanted to seriously look for vulnerabilities would look for open ports and they would find your ssh daemon. What it does do is prepare for the (somewhat likely) discovery of new exploits in ssh or other services for which the port has been changed to a non-default port. People who are scanning hundreds or thousands of computers for exploits will overlook your server.

      On the other hand that's kind of mincing words (you are too though :) Anyway, I use "secure" casually all the time to describe that practice too, so my point is, there is a casual and a technical definition of "secure" and they are different. Cheers!

    23. Re:Secrecy or Transparency? by Sfing_ter · · Score: 1

      realistically, she is afraid the Linksys BEFSR41W made in 2001(firmware circa 2002), which they do not have the password to, "might" be "taken over" (snicker), and they would lose their "routes"... they would also lose the High encryption (WEP -- double teehee), wireless connection they use.

      --
      A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
    24. Re:Secrecy or Transparency? by oncehour · · Score: 1

      Always been curious, why do you think Booth was a patriot?

    25. Re:Secrecy or Transparency? by Anonymous Coward · · Score: 0

      Because Lincoln suspended habeas corpus. Breaking such a fundamental constitutional law like that merits speedy execution. Partially to prevent the offender from doing any further harm, partially to punish the offender, and partially to serve as a warning to others.

      If the penalty for being a corrupt, lawless sack-of-shit politician were death, how many people would *really* think it was worth the risk?

    26. Re:Secrecy or Transparency? by bwcbwc · · Score: 1

      This security argument is completely bogus.

      If the IP address is exposed on the internet, hiding the office that owns the device does nothing to protect it. Hackers already know the device is online. There are enough ongoing attacks on every computer on the internet that it is under constant threat already.

      If the IP address is not exposed directly on the internet, then identifying the office that uses the computer tells hackers nothing about the network topology. It's not like they're asking for the subnet, DHCP server and gateway.

      --
      We are the 198 proof..
    27. Re:Secrecy or Transparency? by WCD_Thor · · Score: 1

      Yes, I do hope that Arkansas gets hacked to all hell. Conservative bastards . . .

  3. That must drive Wikipedia Nazis up the walls by Anonymous Coward · · Score: 1, Insightful

    Not being able to track down someone who dares to edit a Wikipedia article... Wikipedia, where the truth is made by people with enough time and zeal to monitor pages 24/7 for violations of their own little world view.

    1. Re:That must drive Wikipedia Nazis up the walls by hobbit · · Score: 4, Funny

      Why don't you sign in and say that ;)

      --
      "Wise men talk because they have something to say; fools, because they have to say something" - Plato
    2. Re:That must drive Wikipedia Nazis up the walls by moxley · · Score: 2

      I'll take that truth, (where masses of ordinary people peer review said truth) versus the "truth" we get from mainstream news networks.

    3. Re:That must drive Wikipedia Nazis up the walls by sumdumass · · Score: 1

      I would be careful of what you wish for. It was the mainstream news that reported things like Nixon was involved in Watergate while the mass public didn't think he did anything wrong. It was the mass media who first reported on evolution while the vast majority of the public believed in creation.

      In other words, by taking that position, you could be choosing to be willfully ignorant.

    4. Re:That must drive Wikipedia Nazis up the walls by moxley · · Score: 2

      If we still had the mainstream media of those days I would agree with you. Things are utterly and completely different now - we have a corporate/government controlled media with an agenda.

    5. Re:That must drive Wikipedia Nazis up the walls by Anonymous Coward · · Score: 0

      my truth is made in the bath tubs of West Virginia thank yoush berry much!

    6. Re:That must drive Wikipedia Nazis up the walls by sumdumass · · Score: 1

      Sure, I won't dispute that. Actually I would to a degree but I can ignore that just for the point of argument.

      The problem is that the wisdom of the crowd is not any better in many situation. Actually, you can take 50 very intelligent people and put them with 50 unintelligent people and in no time, the collective IQ of the group will/can drop drastically.

      There there is the obviousness of repeating inaccuracies. This can be seen with Hitler's big lie concept and Joseph Goebbels propaganda vies.

      I know people who actually think Palin said you could see Russia from her house in Alaska. In case you don't know, that was a (Tina Fey) spoof of Palin's accurate comment about "seeing Russia from Alaskan land" when she was putting forth qualifiers to foreign policy experience.

    7. Re:That must drive Wikipedia Nazis up the walls by moxley · · Score: 1

      No doubt, I agree on that point - especially (unfortunately) in America that is true of much of the public (we could discuss the poor public education in many places, the TV culture, etc for days and not say anything new) and also I think what you were saying about crowds holds especially true if any sort of danger or fear is introduced into the situation - but I would say that the majority of the people who are active on any given subject on Wikipedia generally aren't these same people....

      I guess for me the possibility of errors (especially when they are made less likely with peer review) is much more acceptable than willfull manipulation, especially the sorts of willfull manipulation we've seen and it's true cost.

    8. Re:That must drive Wikipedia Nazis up the walls by owlnation · · Score: 1

      That's not very wise.

      It's wise to trust nothing really. Mainstream media is in many ways much more honest than Wikipedia. Most Media nets have their politics front and center. You know where they are coming from.

      The trouble with wikipedia is that, it continually (fraudulently) touts itself as reliable, free and an information source that "anyone" can edit (a blatant lie -- they ban people every day for the unexplained self-concocted reason of "vandalism" (and ban anyone else who happens to be part of that dynamic IP address block too.)). Wikipedia is probably more biased and controlled in many cases -- especially in topical or sensitive areas -- than any media outlet or journalist. You don't know who the wikipedians are, nor what their agenda is, but you do know that many of them have been proven to be corrupt.

      In contrast, you know exactly where Bill O'Reilly is coming from. I trust him more than anyone on wikipedia. Because I know what he's about.

    9. Re:That must drive Wikipedia Nazis up the walls by Kesh · · Score: 1

      Anyone can edit Wikipedia. The question is, may you edit Wikipedia? Sure, as long as you don't break the rules. And if you call "vandalism" an "unexplained self-concocted reason," I'd have to question your motives for editing.

    10. Re:That must drive Wikipedia Nazis up the walls by sumdumass · · Score: 1

      I can sort of agree but then again, I remember back to Katrina and how Wikipedia totally ignored the fact that both the governor of Louisiana and the mayor of New Orleans failed to not only institute the emergency hurricane evacuation and preparedness plans (that they both worked out with FEMA a couple years before), but they failed to even follow the plans response guide after the situation became worse. This is just one instance I can remember, I even attempted to edit the page but anything that took the blame away from Bush or FEMA just wasn't allowed regardless of it's truth or citation sources. If you ask random people what went wrong with Katrina, they will still most likely say FEMA wasn't capable of handling it. The fact is that FEMA expected the city and state to perform certain functions which they didn't and by the time FEMA could compensate for it, the mission went from stabilizing effected people to search and rescue that once again took time to get efforts coordinated and in place.

      Anyways, as of 4 or 5 months ago, the article reflected that but there was two or three years where you would get banned for putting the truth in. So I'm a little hesitant to hold the Wikipedia contributors up on a pedestal. We still have the secrete editing groups within the organization, there was the tenured professor with doctorate at colleges that never heard of him and so on. I guess the bottom line is to keep more then one source for information and step back and think about what it being presented to us. Perhaps we should reform Caveat emptor from buyer beware to something meaning students or readers beware. Maybe caveat mensura or caveat discipulus. I don't know, my Latin sucks big time- I had to use dictionaries just to verify those words.

  4. That's a great BSA/MPAA/RIAA/APB defense! by Anonymous Coward · · Score: 1, Interesting

    Judge, next time the RIAA comes about some IPs, just think about how the evil hax0rs would be able to target those persons if their information were released. It just makes sense!

  5. Next question by Concern · · Score: 4, Insightful

    Should that circuit judge be able to keep their job?

    After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.

    --
    Tired of Political Trolls? Opt Out!
    1. Re:Next question by elnico · · Score: 2, Interesting

      After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.

      Either that, or it's just not the job of citizens to go around doing "investigations" into relatively minor breaches of state law.

      Look at it this way. Is it more likely that these journalists are true sentinels of fairness and democracy and are about to uncover a massive and elaborate plot to illegally elect Huckabee in '08, or is it more likely that they need someone concrete to point the finger at for a tabloidesque story on an ultimately inconsequential Wikipedia edit.

    2. Re:Next question by evanbd · · Score: 4, Informative

      Corruption in government should be investigated and cleaned up, even on small scales. If you leave it alone, it will fester. And yes, using government resources for political gain is corruption.

    3. Re:Next question by unlametheweak · · Score: 1

      Look at it this way. Is it more likely that these journalists are true sentinels of fairness and democracy and are about to uncover a massive and elaborate plot to illegally elect Huckabee in '08, or is it more likely that they need someone concrete to point the finger at for a tabloidesque story on an ultimately inconsequential Wikipedia edit.

      It doesn't matter; Wikipedia should be the one deciding what they wish to share with the public (it is there Website after all). Posters and editors also have the discretion to decide if they wish to publish with Wikipedia, and if they wish to do so in a more anonymous manner or not. This should not be a state issue. If a person doesn't like the rules, then they don't have to play the game.

    4. Re:Next question by sumdumass · · Score: 1

      Corruption in government should be investigated and cleaned up, even on small scales. If you leave it alone, it will fester. And yes, using government resources for political gain is corruption.

      Sure, government corruption should be investigated and cleaned up. But there is nothing pointing to this as corruption except your imagination. You are assuming an awful lot of things without any knowledge of it.

      First of all, you don't know that the person who modified the page was using government resources improperly. Second, you don't know that the person was doing it on state time nor do you even know if it was a state employee. Finally, keeping something factually accurate or removing inflammatory wording doesn't necessarily constitute political gain. Government officials commonly use state resources to defend their reputation and policy decisions and no one is claiming that is for political gain.

      Here is the catch, Arkansas state law (7-1-103 3a) allows for rooms and resources to be made availible for campaigns and campaign activity as long as they are readily open to the public without regard to political affiliation. It is entirely possible that some staffer or public employee operating on their own time, or some other person used the publicly provided internet access in one of these rooms to edit something and it is no more then that. This would make it 100% legal according to state law and completely within state and federal election ethics. The only thing we have here is that an IP used was assigned to the state and as we all know, this is the public facing IP, not necessarily the IP of the machine used to make the edits. If an agency has three networks inside it, one for interdepartmental communications, one for agency communications, and one for public access, it is entirely possible that all communications going outside the building will use the same single IP or a group of IPs if the connection is load balanced.

      Never attribute malice when ignorance can explain it. You should try to look for ways explain it away or see how it could be legal before assuming the worst. It may very well be that the worst is happening but you will be less disappointed when efforts fail at going after someone because it turns out they were acting legally and nothing wrong happened. Right now your poised to put someone in prison and ruin their reputation who might have not broken any laws whatsoever at all.

    5. Re:Next question by Renraku · · Score: 1

      You're damn right it will fester.

      Is it not a reward to let things like this go unpunished? Even calling them out on it and letting people form their own opinions would be a better form of punishment than nothing at all. Not saying the guy should get ten years in federal prison, but what's he going to do next time? Or the time after that? How long will it take until they're caught?

      Some politicians are never caught. They get rich off of bribes, they always get the best seat at the steak house, and they're always driving a new car. Unless we can catch these people early in their political career, we're just setting them up for ill-begotten riches and fame in the future.

      --
      Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
    6. Re:Next question by blueskies · · Score: 1

      Wikipedia had decided. They shared the IP address. You can go attack the IP address without them releasing the name of the department that has the computer.

      Can you imagine if they weren't talking about IP addresses but GPS coordinates and Terrorists' names? Sorry we can't give you their name, you might be able to bomb that GPS coordinate then.

    7. Re:Next question by ScrewMaster · · Score: 1

      Should that circuit judge be able to keep their job?

      After all, he's blatantly participating in a cover-up of illegal activities in the Arkansas state government.

      You know, I would be up in arms about all this but then again, you know ... Arkansas.

      --
      The higher the technology, the sharper that two-edged sword.
    8. Re:Next question by evanbd · · Score: 1

      All of those are reasons to allow the investigation to proceed, rather than quash it. If there is no wrongdoing, then fine, but this is suspicious enough that investigation seems reasonable.

    9. Re:Next question by sumdumass · · Score: 1

      Well then file a complaint with the appropriate agencies and have it officially investigated. All this was is two reporters wanting a public map of government agencies and public IP's released so they could dig up a story.

      Using reporters as police isn't exactly what I would consider a viable alternative. Even with Deep Throat and Watergate, real police and real government agencies with real authority acted on the information, not the reporters.

  6. Security through obscurity by MosesJones · · Score: 4, Insightful

    This isn't about transparent government v security. Security through Obscurity is the well known worst approach to security that you can have, because if anyone ever does get that information (hell bribing a sys admin can't be that hard if you really want the info) then your have no security.

    Its a bogus claim and a bogus judgement. If they were claiming that it shouldn't be released because editing Wikipedia isn't actually a political thing anyway then I could see a reason to toss it out. But the risk of hackers "targetting" bits of the network is just plain bogus, the implication is that these IP addresses are therefore in some secure part of the (ARKANSAS!) government and those IP addresses have already been released. What is being asked is a map back from a known IP address to its source. Claiming that knowing the physical source would some how make security worse is like saying that "Sure you have the keys, you know where the front door is and you can get in.... but I'm not telling you the NAME of the house".

    Having the IP address is like having 1600 Pennsylvania Avenue and the keys to the door but the government not telling you that it is called the "Whitehouse" for security reasons.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:Security through obscurity by nicklott · · Score: 1

      ALL security is through obscurity... It's just a matter of degree.

    2. Re:Security through obscurity by Anonymous Coward · · Score: 0

      ALL security is through obscurity... It's just a matter of degree.

      Incorrect. Good security is through computational complexity.

    3. Re:Security through obscurity by hobbit · · Score: 0, Redundant

      FAIL

      --
      "Wise men talk because they have something to say; fools, because they have to say something" - Plato
    4. Re:Security through obscurity by Anonymous Coward · · Score: 0

      the risk of hackers "targetting" bits of the network is just plain bogus, the implication is that these IP addresses are therefore in some secure part of the (ARKANSAS!) government and those IP addresses have already been released

      Well, there's only one way to teach them that lesson... you've got the IP addresses...

    5. Re:Security through obscurity by Anonymous Coward · · Score: 1, Insightful

      Good security is through computational complexity.

      Which is one form of obscurity.

    6. Re:Security through obscurity by unlametheweak · · Score: 1

      ALL security is through obscurity... It's just a matter of degree.

      In terms of computer technology this appears to be the case. In the real world one could have brute force security, like the military has weapons and soldiers, but in the military camouflage (i.e. security through obscurity) and other obscurity techniques are very important parts of security. One can only hide behind the complexity of a hash or the teeth (or bittings) of a key for so long before a diligent "hacker" can undermine these protections.

      An interesting question would be, is there such a thing as (practical) security without obscurity?

    7. Re:Security through obscurity by j_sp_r · · Score: 1

      Big guns

    8. Re:Security through obscurity by nicklott · · Score: 1

      Ah, once you go outside computers it comes down to semantics; what does "security" actually mean? It depends on the situation and implementation..

    9. Re:Security through obscurity by nicklott · · Score: 1

      How so? Passwords are just obscure strings, as are public/private keys. If someone knows what the string is it's no longer secure. A OTP is just an obscure algorithm to generate passwords, etc, etc, etc...

    10. Re:Security through obscurity by Anonymous Coward · · Score: 0

      This isn't about transparent government v security. Security through Obscurity is the well known worst approach to security that you can have, because if anyone ever does get that information

      You are quite correct. Security through Obscurity is the worst approach for security one can have. But let me correct that statement of yours and mine.

      Security through Obscurity is the well known worst single approach to security that you can have.

      The State of Arkansas doesn't use a single approach to security. They use a layered approach to security of which Obscurity is but one of many.

    11. Re:Security through obscurity by ScrewMaster · · Score: 1

      Good security is through computational complexity.

      Which is one form of obscurity.

      Sophist. You're just obscuring the point.

      Computational complexity does so even if the methodology or algorithm itself is well-known, there being no presumption of ignorance on the part of the attacker. Security through obscurity depends entirely on the attacker being unaware of how a security system works, and being presumed unable to ever figure it out.

      That rarely works well in practice, if you're attempting to obscure something that someone else wants badly enough. On the other hand, if the unauthorized unobscuring of your data can be accomplished only with a century or more of supercomputer time ... you're pretty safe, even if the attacker knows exactly how you protected your data.

      --
      The higher the technology, the sharper that two-edged sword.
    12. Re:Security through obscurity by hobbit · · Score: 1

      "Security through obscurity" does not mean "Keep your password secret".

      http://en.wikipedia.org/wiki/Security_through_obscurity

      --
      "Wise men talk because they have something to say; fools, because they have to say something" - Plato
  7. Re:A crime was committed by jage2 · · Score: 1

    501 REPRESENT

  8. Will this balloon? by Registered+Coward+v2 · · Score: 2, Insightful

    The real problem for Gov Huckabee is that if he plans to run again for President this will become an issue - an IPGate that he wants to avoid so it can't be used against him. Of course, the press will start to look for other ways to get the information. Of course, the real problem is the coverup - did the Gov order the information not to be released? Did he know someone in government was using official computers for political purposes?

    --
    I'm a consultant - I convert gibberish into cash-flow.
  9. Hacking by A_Lost_Frenchman · · Score: 2, Funny

    It's true ! Releasing this information would allow hackers to target these state offices in person.

    1. Re:Hacking by GaryOlson · · Score: 1

      Or process servers....

      --
      Every mans' island needs an ocean; choose your ocean carefully.
  10. A bit short-sighted... by Saint+Ego · · Score: 1, Interesting

    As opposed to the hacking they will likely get as a response to trying to hide the information? Throw down the glove, why don'tcha?

    --
    Reality is prettier inside my head...
  11. Government corruption by Anonymous Coward · · Score: 4, Insightful

    When I read that the "state rules don't allow using computer resources for political purposes" it seems clear to me that someone broke the law by using one or more State of Arkansas computers to perform the edits. The decision by the State court tells me that they are either clueless about technology or there's collusion between State agency's. Now, that couldn't be?

    To say that I don't have to provide information in a criminal case because my computer could be hacked is laugh. Come on! ANY public IP address can attacked. The IT director is not telling the truth because she's either ignorant (and misinformed by her staff) or outright lying. She should be fired either way. Then again, lying seems to be a job requirement for most leadership positions within government nowadays. Maybe she gets a raise?

    It's simple, a public IP address was used to break the law. The organization should be required to identify the internal machine that used that use that public IP address. Unless of course they no longer have the logs to provide that information. Oops, your honor, the logs weren't working during that time.

    This story stinks of government corruption.

    1. Re:Government corruption by Anonymous Coward · · Score: 1, Informative

      I'm from Arkansas, and have been through the legal system. It is very corrupt and the government agencies collude with the courts all the time.

      I can name names but I do not see the point as you can google it yourself with "Arkansas Aids Blood Prison Scandal", just to name one.

      I know for a fact that charges for crimes as serious as DUI with injury can be made to disappear completely for as little as $20,000.

      One day all the corruption is going to overflow and pour out, and people are going to be absolutely disgusted.

      AC for obvious reasons

    2. Re:Government corruption by sumdumass · · Score: 1

      You have a few misconceptions. Perhaps you should RTFA and maybe learn some things about Arkansas law first. It wasn't hard but with little effort, I found that state agencies are allowed to set rooms aside for political campaigns as long as the are generally open to the public and do no discriminate on party or political affiliation. This entire edit could be little more then someone within the law making an edit from a private computer in one of these rooms.

      To say that I don't have to provide information in a criminal case because my computer could be hacked is laugh. Come on! ANY public IP address can attacked. The IT director is not telling the truth because she's either ignorant (and misinformed by her staff) or outright lying. She should be fired either way. Then again, lying seems to be a job requirement for most leadership positions within government nowadays. Maybe she gets a raise?

      First of all, this isn't/wasn't a criminal case. It was a civil suite and they didn't present evidence of wrong doing. Secondly, they asked for every IP for every department. Simply knowing an IP is assigned to the state does not tell you if that IP goes to the state highway garage, the Drivers licensing agency, the criminal records agency, the land title agency and so on. Giving that map out would effectivly allow someone to target a specific agency by the IP addresses associated with them. I see no problem with them not wanting to let that lose. It doesn't mean anyone lied or should be fired, it just means you are confused.

      It's simple, a public IP address was used to break the law. The organization should be required to identify the internal machine that used that use that public IP address. Unless of course they no longer have the logs to provide that information. Oops, your honor, the logs weren't working during that time.

      Lol.. NO it wasn't. A public IP was used to do something completely legal and some people think a law might have been broken in the process. There is no law against editing Wikipedia. There is no law against editing certain people's pages at Wikipedia, The only law that might have been broken would be the use of state computer resources to do it but there are perfectly legal ways that the State IP could have been used without any laws being broken.

      You act like charges have been files and someone has already been convicted. They haven't on both accounts.

    3. Re:Government corruption by ScrewMaster · · Score: 1

      Maybe she gets a raise?

      She'll get a raise and/or a promotion because she covered somebody else's ass. That's how it works in government these days.

      --
      The higher the technology, the sharper that two-edged sword.
  12. Huckabee 2012 by Doc+Ruby · · Score: 3, Interesting

    When Reverend Huckabee runs for president again in 2012, just remember then that you can't see how much of his Wikipedia entry was cooked by his staffers still buried in the Arkansas government he controlled up until he ran for 2008.

    Consider how Reverend Huckabee destroyed evidence on many state computers to cover probable crimes (hard to prove when he's destroyed the evidence) when he left office in Arkansas to start campaigning for president.

    Reverend Huckabee stands for faith based government. Why shouldn't he rely on a "mysterious hand" to improve his image?

    And keep in mind just how much power he'd have with a covert government built on the foundation installed by Bush/Cheney.

    --

    --
    make install -not war

    1. Re:Huckabee 2012 by impengo · · Score: 1

      Huckabee might be a talking snake person who believes that the rapture will render all national security interests moot too. Did you see his platform? Memorable note was the politically suicidal attempt to introduce THE FAIR TAX PLAN http://www.fairtax.org/site/PageServer [grass roots people just like Obama]. He made a political statement, and let a (presumably) more electable candidate have the nomination. He stinks of being RATIONAL, NOT "Talking snake!"

    2. Re:Huckabee 2012 by Anonymous Coward · · Score: 0

      Arkansan here. Huckabee is a joke and most of us know it but just a correction, he was only Governor until Jan 2007 (being replaced by Mike Beebe in the 2006 elections).

    3. Re:Huckabee 2012 by Doc+Ruby · · Score: 2, Insightful

      #1: Obama is not a "grass roots person", he was the Democratic candidate, which is the largest political organization in the world. Nice try at making Huckabee look like Obama, when they're totally different. Especially since Huckabee isn't at all grass roots in any way.

      #2: Just because a snaky Rapture peddler says something rational doesn't mean the snake oil inside the sensible bottle is going to save you.

      #3: Huckabee didn't "let" McCain have the nomination. McCain ripped the nomination away from Huckabee. Or, more accurately, Republicans ignored Huckabee in favor of McCain. And not over the "fair tax"

      FWIW, I myself prefer a national sales tax (with all bare necessities exempted for everyone) replacing the income taxes. But I prefer Huckabee spend more time playing bass than playing president.

      Click the links I provided to see exactly what batshit crazy faithy government Huckabee has actually been working on his whole career. That is, if you prefer facts to faithy propaganda.

      --

      --
      make install -not war

    4. Re:Huckabee 2012 by Doc+Ruby · · Score: 0, Troll

      I just linked to just a few demonstrations of Huckabee's corruption, and there's plenty more. Like how he got the "gifts to the governor" laws revised while in office so he could keep all the "gifts" given him while governor, rather than leaving them to the next governor as had been the case for all his predecessors. That's bribery. Then there's the rapist/murderer he freed who then raped and killed again, evidently because the rapist was jailed for killing a cousin of Bill Clinton's. And on and on.

      Sure, Huckabee's predecessor Turner was corrupt. That doesn't excuse Huckabee from being corrupt. There's corruption all over Huckabee's career, including the covert Wikipedia propagandizing we're discussing in this Slashdot story.

      Yeah, you're "just saying". Just saying stuff you're making up, and not even bothering to back up - because you can't. Whereas I'm just linking to evidence and connecting the dots with simple logic. Maybe "just saying" passes for political reasoning in Arkansas, but not with me.

      --

      --
      make install -not war

    5. Re:Huckabee 2012 by Doc+Ruby · · Score: 1

      What are you correcting? I didn't say he was governor past January 2007. I said he "ran for 2008", which every exhausted American in the electorate knows used up all of 2007 campaigning, too, like all the candidates did. He did evidently leave enough staff buried in the government that they're still busy doctoring his Wikipedia article.

      BTW, since most of you Arkansans know Huckabee is a joke, how do you explain those who don't get it?

      --

      --
      make install -not war

    6. Re:Huckabee 2012 by Anonymous Coward · · Score: 0

      Blowjob... and lying about it under oath. The "savage partisan hatred of the truth" is not very specific to partisan Republicans, as you're perfectly demonstrating.

    7. Re:Huckabee 2012 by Z34107 · · Score: 2, Funny

      Click the links I provided to see exactly what batshit crazy faithy government Huckabee has actually been working on his whole career. That is, if you prefer facts to faithy propaganda.

      Funny... but most of those links are to the dailykos...

      --
      DATABASE WOW WOW
    8. Re:Huckabee 2012 by Doc+Ruby · · Score: 0

      He didn't lie about it under oath, which is why he was acquitted.

      Because the fool Republican prosecutor wrote a definition of sex that required mutual genital contact, which didn't happen.

      You Republicans are really stupid, which is sometimes a blessing. But not really.

      --

      --
      make install -not war

    9. Re:Huckabee 2012 by plasmacutter · · Score: 1

      FWIW, I myself prefer a national sales tax (with all bare necessities exempted for everyone) replacing the income taxes.

      oh, so you're for massive tax cuts for the rich, and for heavily penalizing the middle class and poor, who often have to rely on debt to maintain their standard of living through the low points of the economic roller coaster.

      I wonder how much faster the economic crash would have happened if everyone's credit card bills were 15 to 20% fatter.

      you see, even though the wealthy consume more, they spend far far less relative to their income than "*name* the *profession*". The only thing "fair" about the so called "fair tax" is the growth of the wealthy's bank accounts, most of which will never be spent, simply sitting there earning interest.

      --
      VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
  13. location, location, location by DotDotSlashDot · · Score: 2, Insightful

    Knowing the name of the agency and the building would make it easier for reporters to pursue the truth about who did the editing and why. You can't question a suspect until you obtain knowledge about their current location and their presence at the place and time of the incident being investigated. It's not about computer security. It's about government agency PR and legal liability.

  14. But if it only appears to be secure... by Chmcginn · · Score: 3, Interesting

    A map of a bank's safe isn't much use if the bank is secure.

    But the architect's drawing of the bank could reveal it's actually not very secure at all, if it reveals a point of attack that's easier than going after the vault door.

    --
    Have you been touched by his noodly appendage?
    1. Re:But if it only appears to be secure... by unlametheweak · · Score: 2, Insightful

      But the architect's drawing of the bank could reveal it's actually not very secure at all, if it reveals a point of attack that's easier than going after the vault door.

      It's one of the concepts of open source software; such things can more easily be spotted and fixed when they are in the open.

    2. Re:But if it only appears to be secure... by johnsonav · · Score: 0, Troll

      Its funny, though, how no one ever open sources their password. Everyone knows that weak passwords "can more easily be spotted and fixed when they are in the open."

      --
      ... and that's when the C.H.U.D.'s came at me.
    3. Re:But if it only appears to be secure... by ijakings · · Score: 1

      like hunter2?

    4. Re:But if it only appears to be secure... by Symbolis · · Score: 1

      I think you mean *******

    5. Re:But if it only appears to be secure... by gparent · · Score: 1

      Your analogy fails hard. It's gonna be quite harder to rebuild a bank than it is to submit a software patch.

    6. Re:But if it only appears to be secure... by unlametheweak · · Score: 1

      Your analogy fails hard. It's gonna be quite harder to rebuild a bank than it is to submit a software patch.

      People don't generally completely rebuild anything when there are faults found (software or banks).

    7. Re:But if it only appears to be secure... by vyrus128 · · Score: 1

      Replying to cancel accidental moderation. :-\

    8. Re:But if it only appears to be secure... by Anonymous Coward · · Score: 0

      For example.... an exhaust pipe could lead right to the reactor^H^H^H^H^H^H^H vault. I think we all know how that could turn out.

  15. Depends on whose ox is gored... by Stanislav_J · · Score: 0, Flamebait

    I'll bet if the Huckabee staffers were accused not of whitewashing Wikipedia articles, but rather downloading copyrighted music on BitTorrent, the tone of this /. discussion would be entirely different. (I'm just sayin'...)

    That's OK -- we're all a bit hypocritical about some things. I, myself, have been known to indulge in the fine art of hypocrisy now and then...

    --
    "Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
    1. Re:Depends on whose ox is gored... by Communomancer · · Score: 1

      Actually, I'll bet if the Huckabee staffers were accused of d/l'ing copyrighted music on BitTorrent, and the people suing were the RIAA instead of some journalists, the judges ruling would have been different!

      --
      "UNIX" is never having to say you're sorry.
  16. riaa could help them by Anonymous Coward · · Score: 0

    it does not matter if they get the ip addresses how are they going to prove who was sat at the computer unless they ask tha riaa for help

  17. On the other hand... by Somebody+Is+Using+My · · Score: 2, Insightful

    Obviously the notion that they can't provide the IP information for security reasons is bogus. But could we not look at this decision as a win because it may set a vital precedent for similar cases in the future? The government has ruled it cannot be forced to give out IP information on people accused of wrong-doing on the Internet. By this logic, neither should ISPs or people who run a website be forced to surrender their logs at request. Surely the government wouldn't take privileges unto itself that it would not give to its citizens, right?

    1. Re:On the other hand... by fishbowl · · Score: 1

      >Obviously the notion that they can't provide the IP information for security reasons is bogus.

      That determination is for the higher court to make. I read it more like a judge saying "That's all you've got, an IP address? You need better evidence in my court. Dismissed."

      I might be inclined to make the same judgment if you brought me and IP address from a log in a leaf node and said this was proof without reasonable doubt of a crime. Why didn't the original request ask for a name? I certainly would expect a court to respond more favorably to an accusation of a person, than one against a number.

      I agree that the stated rationale is bogus, but I disagree about the strength of the plaintiff's case.

      It might have been a better strategy, if the people at Wikipedia had alerted the state offices that they believed someone was spoofing their addresses...
      (If they investigated themselves, they would have tripped over their own clown shoes.)

      --
      -fb Everything not expressly forbidden is now mandatory.
    2. Re:On the other hand... by MarkusQ · · Score: 1

      That determination is for the higher court to make. I read it more like a judge saying "That's all you've got, an IP address? You need better evidence in my court. Dismissed."

      I might be inclined to make the same judgment if you brought me and IP address from a log in a leaf node and said this was proof without reasonable doubt of a crime. Why didn't the original request ask for a name? I certainly would expect a court to respond more favorably to an accusation of a person, than one against a number.

      The IP (and related edits) is evidence that a crime was committed, and where, but not evidence of who committed the crime. As such, it was pretty solid evidence and certainly warrants further investigation. The standard in such a case is probable cause, not reasonable doubt, and is certainly met by the evidence.

      Look at it this way: if someone was calling in fake bomb threats to hospitals and they got the persons number from caller ID, don't you think that would be a lead worth investigating? Even if you didn't have the name of the person making the calls yet?

      --MarkusQ

    3. Re:On the other hand... by Aetuneo · · Score: 1

      However, the IPs are already known, as they were logged in wikipedia edits. The issue is what offices those IPs belong to, which is necessary for the lawsuit to target the right people.

      --
      Everything is subjective.
    4. Re:On the other hand... by fishbowl · · Score: 1

      I guess, maybe, if it's "bomb threats." What if it's Tube Bar / Bart-Moe prank calls instead of bombs?

      Moe's Tavern, Moe speaking...
      Is Ms. Hanjib there? Her first name's Anita.

      --
      -fb Everything not expressly forbidden is now mandatory.
  18. Call the admins to testify by Anonymous Coward · · Score: 0

    Ask the state to confirm their claim about their security through obscurity. The network administrators can't alter the network configuration so the revealed IPs will connect to a different place?

  19. Obligatory by tinkertim · · Score: 1

    Sorry, no one else killed their karma with this one, so I felt compelled to do so:

    There was only one IP involved in the edits, apparently it was 127.0.0.1 ..

  20. Oh yeah? by Nick+Driver · · Score: 2, Insightful

    Internal network topology is a way of organizing a network for administrative purposes, and is in NOT designed, nor CAN be be designed, to provide security

    Ever heard of Network Admissions Controls?

    802.1x Authentication?

    The largest threats to IT security comes from internal users and internal physical access.

    Locking down internal access to your network resources is one of the biggest steps you can take towards improving security. The number of organizations who leave lots of unused RJ-45 wall jacks around their office buildings actively patched into hot switch ports is astounding. In that situation, all it takes is someone with a laptop and a few freeware software tools to plug in and do all kinds of "nifty things" on such a network.

    1. Re:Oh yeah? by Hotawa+Hawk-eye · · Score: 1

      Why are you leaving a visitor alone with a network jack? When my company brings in a visitor, about the only time we leave them unattended is when they're in the cafeteria in the morning eating breakfast (and as far as I know there are no network jacks in there) and when they're in the restroom (no network jacks in there, either.)

  21. Yeah. by schon · · Score: 1

    Nice straw man. Care to explain how locking down your network has anything to do with telling people about your network?

    As Gorshkov said, a network is either secure, or it isn't. Disclosing the topology doesn't change that.

  22. An invitation by put_the_cat_out · · Score: 1

    Isn't this sort of court decision nothing more than an invitation to hackers to break into the computers at the known IP addresses to discover which state office they lead to?

  23. TRACK THIS! by Anonymous Coward · · Score: 0

    Proxys FTW :)

  24. Ban Them Entirely by Nom+du+Keyboard · · Score: 1

    Just ban the entire Arkansas government IP range from Wikipedia edits until they become more reasonable. Small amount of effort - big payoff.

    As for the IP address, you already have that. What else is given away by tying it to the computer used?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  25. So cange the IPs by JerryLove · · Score: 1

    If, for the sake of argument, we assume that tying the IPs in question to a department poses an ongoing risk... then change the IP subnet assignment in the specified range. It can be done in a night.

    Of course it's silly to assume that knowing which department uses which IP creates some added risk of attack.

  26. not a crime by ffflala · · Score: 1

    It sounds like doing so is at worst a violation of the state employee handbook.

    Using AK state property to edit Wikipedia, while an inappropriate and partisan use of state resources, was almost certainly not a crime.

    1. Re:not a crime by Anonymous Coward · · Score: 0

      What the hell does Alaska has to do with this story?

  27. Passwords != Security Through Obscurity by cromar · · Score: 1

    The password is obscure, sure, but the underlying security mechanism shouldn't be. If you rely on the your password-checking algorithm being secret for security, this is "security through obscurity" (no security at all really because it will likely be easily reverse-engineered or discovered some other way). If, instead, the password-checking algorithm is publicly available and yet still cannot be defeated without knowing the password, you've been doing your job right. That's security.

  28. Easy solution by AftanGustur · · Score: 1
    There are many ways to impliment this but Wikipedia could let each user from the same network see a popup whenever they access the side.

    The popup would say something like "In order to improve the quality of Wikipedia, please specify your ISP (or company) and general location"

    I'm sure someone would eventually give away their location.

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  29. I'm iffy by Anonymous Coward · · Score: 0

    I work in city government. So you are telling me that I'm not allowed to post/edit anything on wikipedia that might be political? Hmm...

    I want to tell you the one time that I remember government resources actually being used for political purposes. A "mandatory" meeting was held where everyone in our agency had to show up and listen to the pitch of the state guy over all of us as he was now running for some office. You don't know how that boiled my blood. Wasting my and everyone else in our offices time because the head of our department thought that it was a good idea to lend that little bit of political support to that other guy.

    Generally the rule is you can do what ever political stuff you want as long as... you don't wear that government shirt that says you are from this office and makes it look like that office is supporting whatever your platform is. The other general rule is that you aren't generally allowed to wear/spread your political stuff over work e-mail.

    Now if you are assigned a car and it's your take home car it gets tricky. The rules on that change depending on the current weather. ;) Generally they don't care if you use it for going to church, getting food, or if you are supporting any of the local candidates. (As long as you are paying for the gas.) It becomes an issue if someone complains. Then what you'll see is memo sent out an everyone is supposed to only use their assigned cars only to travel from home to work or around on work business. You know how log that really lasts. It lasts a year or two, or until the given supervisor that made that rule changes and then it slowly goes back to hey no one cares if you go to walmart or church in your city car. Until that one day a reporter complains that you are using a city car for political purposes.

    Now compare that to your assigned laptop or desktop with internet access.

  30. Vandalism erased by pingveno · · Score: 1

    Is this even that big of an issue? I know that that state owned computers shouldn't be used for political purposes, but it's not like there's lasting damage. The vandalism probably disappeared within a few minutes (tip of the hat to counter-vandals). This looks like making a mountain out of a mole hill.

    --
    "it's not about aptitude, it's the way you're viewed" - Galinda
  31. Subject. Why do I need a stupid subject? by z-j-y · · Score: 1

    The sole purpose of the governments is to promote politicians in their career path.

  32. Should have used Tor... by xiando · · Score: 1

    The IP could be traced, eh? I guess they should have used https://www.torproject.org/ to do those edits... if Tor users are not blocked from creating users at the moment, which is frequently is. "We traced those edits to some IP in China which happens to be a Tor server, now what do we do?"

    --
    9/11: Never forget it was a false-flag operation
  33. DOS by theleoandtherat · · Score: 1

    Maybe we should proxy DOS all the state address until they get off their ass.

    Well at least they didn't say, that with only an address wouldn't tell them who it was. They would also need a date and time, which would make people able to hack time and space.

  34. Why not just block them? by sunderland56 · · Score: 1

    The IP addresses of all government institutions are known. Why not just block them from editing Wikipedia pages?

  35. What fucking retards modded this up? by GuloGulo · · Score: 1

    "If you aren't investigating private persons, then you don't need a PI license."

    There needs to be a word for "so incredibly wrong and stupid that the person responsible should be bludgeoned about the head", so I could use it for your post.

    You're wrong, and the mods who agreed with your VERY WRONG statement need my as yet uncoined word applied to their idiotic mods as well.

    --
    "The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
    1. Re:What fucking retards modded this up? by Smallpond · · Score: 1

      Are you so stupid that you believe that you need a government issued license in order to investigate the government? Woodward and Bernstein applied to Nixon for a license to investigate him? Do your homework. We still live in a country that claims to have a free press.

  36. Um, no. by GuloGulo · · Score: 1

    "The real problem for Gov Huckabee is that if he plans to run again for President this will become an issue "

    BWAHAHAAHAHAHAHAAA.

    BWAHAHAHAAHAHAHAAHAHAHAHA.

    You HONESTLY think that some anonymous fucking edits will matter one iota if Huckabee decides to run again?

    I don't know what's worse, that you choose to voice your naivety of politics so openly and pretend you are saying something that isn't colossally stupid and wrong, or that some other fucking idiot agreed with you and wasted a mod point.

    No, this isn't an "issue" it will NEVER be an "issue" and the only people who give a fuck about it are either looking to make their bones any way they can, or are too stupid, oblivious, and partisan to understand NO ONE GIVES A FUCK ABOUT SILLY INSIGNIFICANT SHIT LIKE THIS. If you DO give a fuck about shit like this, your opinion isn't worth listening to.

    And stop throwing around the word "cover up" you fuckwit, you using it demonstrates you haven't even bothered to inform yourself about this story.

    --
    "The government grants you rights, not the other way around."-- beav007. Yes, these people really exist...
    1. Re:Um, no. by Anonymous Coward · · Score: 0

      And stop throwing around the word "cover up" you fuckwit, you using it demonstrates you haven't even bothered to inform yourself about this story.

      Of course it's a cover-up - Reverend Huckabee hasn't come clean about why he had employees alter is his Wikipedia entry. What is he hiding?

      Of course, this is Arkansas, so the people who did it probably died under *mysterious* circumstances. Can't have that come out, can we?

      And fuck wit is two words, and its your not you, you dipshit

  37. But if you're a lazy programmer by Chmcginn · · Score: 1

    It's one of the concepts of open source software; such things can more easily be spotted and fixed when they are in the open.

    Of course, if you're more interested in getting it done fast than right, making it closed source makes it more likely to get the code released before someone finds a vulnerability.

    --
    Have you been touched by his noodly appendage?