Slashdot Mirror
US Government Sets Up Online "App Store"
krapper writes "The Obama administration has unveiled a government 'app store' designed to push the federal bureaucracy into the era of cloud computing. The change means some federal employees will begin using services like YouTube, Gmail and WordPress, which store data on private internet servers instead of on those paid for with public money. The process will start small but will ramp up quickly, Vivek Kundra, the US chief information officer, said in a blog post on Tuesday. 'Our policies lag behind new trends, causing unnecessary restrictions on the use of new technology,' Kundra writes in the post on WhiteHouse.gov. 'We are dedicated to addressing these barriers and to improving the way government leverages new technology.' The app store is designed for federal employees doing official government business and is not intended for use by the public."
federal employees will begin using services like YouTube, Gmail and WordPress
Maybe this means Joe Wilson can troll 4chan instead.
...they'll be too important to fail?
Since when did the term 'App Store' come to describe any server offering applications for download? I swear, once the marketers get their hands on a new tech term, what comes out the other end is pure and unadulterated bullshit. Soon the term 'App Store' will have about as much meaning as 'The Cloud' and the marketers will have moved on to their next buzzword kill.
..With transparency? Hell the federal government can't account for the money it's spending (by knowing where it's being spent), much less keep track of many of its records. I'm curious to see how spewing them all over the Internet is going to help us track on everything.
I'm not sure how a TPM can establish identity. Fundamentally, a TPM is a cryptographic token that can accept a key or a passphrase, and has the option to seal it and keep it sealed until the right boot code is passed through it. Other than that, it is fundamentally just a smart card fixed onto a computer's motherboard.
A TPM wouldn't be good for validating a user, who can be using that machine, a phone, a jaw harp, or a beer mug with an IP stack for access. A TPM can validate that the first part of an OS boot was not tampered with on a machine, as well as store some private keys that are usable only on that box. The advantage of this would be for this is ensuring that an attacker can't just replace the MBR with a keylogger, then later on, steal the laptop in a two phase black bag attack.
For a single sign on for users, the US government already has a large and well established system, the DoD's Common Access Card.
Fears of a national ID card aside, using a smart card for access can be a very good thing. No passwords can be sniffed, it is quite easy to use client certificates (the server doesn't have to care one whit if a client's key is on a card, in Firefox's key storage, or in a TPM), and allows shorter passwords to be used, because all it would take is 3-15 (usual default settings on smart cards) bad attempts, and the smart card will either block further attempts until reset, or permanently brick itself needing replacement. Phishing would be useless because all a phisher would get is "yay, this user has connected to your web server with a valid certificate". The main way a smart card can be compromised would be malware that would grab the user's PIN via a keylogger, then use the smart card (if inserted) to sign/decrypt stuff in the background.
Finally, a large number of security programs like TrueCrypt can use smart cards. I have on a laptop TC protected volumes for a VM that runs my Quicken. If someone steals the laptop and manages to get past BitLocker (RAM dump while the box is on), they would need to have the passphrase, the PIN from the eToken, and the eToken itself, to be able to mount that volume. A couple wrong guesses, the eToken zaps itself, so that gets rid of the brute forcing route in. (Of course, rubber hose crypto does work, but my biggest security scenario is silent theft of the laptop, not seizure and interrogation of the owner.)
Disclaimer: TPMs are double edged swords, and they can be used to enforce DRM stacks, but I consider them a good thing in general. Especially because by the TCG spec, they are to be shipped disabled and unowned, so software companies cannot assume every computer user has one and can use it for copy protection.
haha.. can you say - security breach?
i trust google more than i trust the lowest bidder for a government contract.
There's an app for that.
#DeleteChrome
The first link is about Obama staffer's former colleague being investigated for crime. I don't even know what or whose fault are you trying to imply with that.
The second link is about the said staffer having committed a crime before. He shoplifted as a lot younger man, over a decade (13 years, to be exact) ago. He pleaded guilty and paid the fine... The "once a thief, always a thief" doesn't really apply to stuff like that. I myself shoplifted a few times when I was a teenager. I can understand a young man getting the small rush of doing something wrong there, with immediate risk of getting caught... It doesn't even imply that 13 years later one would have tendency to become corrupted or something.
So, what could possibly go wrong?
I think this is a great idea, as long as the programs the government will use will encrypt the data properly before storing it outside their servers. (though even that won't be necessary. I'm sure they won't use gmail for "top secret documents ;) )
Fantastic. An App Store puts democracy back into the hands of the ordinary citizen.
In fact, I think open an account right now, and buy myself a congressman.
---- It won't be as bad as you fear or as good as you hope, but it will take twice as long as you plan.
How about completely opening the entire authentication systems up? All the methods being proposed are closed systems. There are systematic refusal to accept new corporation/sites/etc as a form of authentication without being celebrity, monopolist or payment for certificates, etc. Recently, I created a browser-based trust initiative here: JRep project Although I initially came up by means of browser-based trust transfer but I believe this can be tweaked for authentication transfer. Bonus: It's completely open and free because I want it that way.
My economics textbook reads: "Where socialism sought totalitarian control of a societyâ(TM)s economic processes through direct state operation of the means of production, fascism sought that control indirectly, through domination of nominally private owners. Where socialism nationalized property explicitly, fascism did so implicitly, by requiring owners to use their property in the âoenational interestââ"that is, as the autocratic authority conceived it. (Nevertheless, a few industries were operated by the state.) Where socialism abolished all market relations outright, fascism left the appearance of market relations while planning all economic activities. Where socialism abolished money and prices, fascism controlled the monetary system and set all prices and wages politically. In doing all this, fascism denatured the marketplace."
This actually does sound a lot like what the Obama administration is doing with healthcare reform, the economy, and the auto industry to a limited extent.
I think the assumption that you're uneducated is a fair charge. I don't even know where to begin, except maybe to suggest you should read an actual history book, probably starting with the definition of important terms. Hitler's idea of a state was a genocidal, deeply racist, right-wing extremist, fascist junta presiding over a society run purely on hierarchical peer pressure, a state further corrupted and held in power by an overreaching military-industrial complex. It was the poster child of a surveilance state that really deserved the label "totalitarian".
If you absolutely must compare today's political ideologies with that you'd find that our contemporary right-wing parties are actually much closer to this than the left - but even Dick Cheney and Pat Robertson are not quite in the same leage as Hitler, and that's saying something. By the way, the actual socialists came in the time after Nazi Germany - so comparing Obama to Honnecker would probably make more sense for the charges you are making, which are incidentally also complete bullshit.
I'm sorry, I don't normally go for ad hominem attacks like this, but I'm a German (so please excuse my English) and I feel very strongly about people getting their facts right as opposed to the mindless parroting of hopelessly corrupt historical fiction.
I can't help but wonder: why didn't you people cry out when our civil liberties were taken away progressively in the time after 9/11? Now that was a lost opportunity, that was the last time when freedom was actually at stake. Not only did we lose that fight so thoroughly during the Bush administration, Obama is now actually legitimizing those changes. That would have been a fight worth our time. That would have been the moment to stand up for liberty. What did you do to prevent that? I sincerely hope you didn't just sit on your ass like I did.
People who are shaking at the knees about google and the federal government obviously are not aware that the government has been outsourcing data processing to offsite contractors for decades.
Sheesh. Google is no different than ANY other contractor when it comes to the Federal government and has to abide by the same contracting rules as everybody else.
Does this mean that it's any SAFER than at EDS, Booze Allen, Perot Systems, HP, IBM, etc? No. But it's not any less either.