Thing is, the NSA and the DEA both do a lot of legitimately essential work across a number of important areas. Notwithstanding any argument whether in DEA's case there might be redundancy as one of many special focus law enforcement agencies, NSA performs some unique missions nobody else does, like crypto production, for example, or performs to the same level, like coordinating foreign focused Signals Intelligence among and serving the Military branches. Also, NSA itself is so stove-piped that even if one area really was "out of control" as alleged, other parts are regular, boring, but arguably essential grunt-work for no-kidding recognizable National Security functions. The key is that regulation and oversight, which is what legitimate bureaucracy is all about, has to be consistently enforced. Bureaucratic baboonery, though ordinary and pervasive, should be astutely and vigilantly guarded against. Like entropy, systems of people will always trend towards out-of-control conditions unless well managed.
Key questions include:
a. what budget line item did the $900K come from?;
b. what did the funding justification documentation look like?; and,
c. at what level was this approved, and by whom?
If DEA has so much money laying about that they can toss it around without adult supervision, then I suggest that there may be some oversight committees who might want to have some hearings.
You are beneath contempt, and it would be otherwise intuitive that you should be ignored as an aberration. However, it is extremely important that decent people of good will realize that their opposites, people like you, are not an aberration, that you exist in the environment as a pervasive and pernicious evil, and therefore appropriate countermeasures must be put in place and vigilance maintained.
..here's a bunny... Your message is weak and garbled unless it's really only to express gratuitous rage against the U. S. intelligence community, in which case, OK, at least that part is loud and clear. If, however, your point is to discourage participation of an informed and interested party in a useful forum that, independently, addresses a valid global concern, cyber security, then your message is both muddy and unsupported.
The confusing part of the conversation, I think, is the straw man idea of "releasing" the source code in order for it to be determined secure. What does "release" in that context even mean? If security is in question (which I assume to mean the constituent attributes of Confidentiality, Integrity and Availability), which security should always be for such a system, then one could use a trusted broker to examine and report on inspection and test of the architecture and code without "releasing" the code so that anyone could examine it, presumably to facilitate vulnerability discovery.
I was making an observation, not an apology. Notice that I never added, "...and this is always good thing." That said, neither is it always a bad thing.
All countries conduct espionage to the extent that they prioritize their capabilities, and against targets where they perceive threats and/or opportunities.
A wise Buckaroo once observed that wherever you go, well, there you are. This describes exactly how I feel about a new Windows version: "okey-dokey." I'll politely wield it sans pause or undue drama when some employer supplies it and/or circumstances requires it. In the mean time, I'll continue to happily and productively employ OS X and Gnu/Linux on machines that I purchase and use. Ain't diversity grand?
Because, since the mainframe days, a new and unforeseen computer/user pairing had evolved. For emphasis, I'll say it again, evolved; never designed from the ground up. Smaller cheaper, but nonetheless ever more powerful, computers became available to a class of consumers spanning the general population, now networked to many other such computer/user pairs. These general-population consumers find themselves operating systems far beyond their ability (or time, inclination, etc.) to understand and safely control except as mediated by a deceptively enabling and presumed (to the user) protective interfaces. The problem is that computers are mechanisms designed to automate and execute instructions. That's what they are; and, networks are necessarily designed to facilitate communication. That's what they do. Yet, underlying system architectures and interfaces, though enabling, never evolved commensurately to the task of satisfactory trade-offs between function and security for ubiquitous employment in a general population. I have no idea what the solution is, but I suspect that we need to do some fundamental rethinking of secure architectures and user interfaces. Architectures need to more safely isolate data and logical functionality, and interfaces need to more safely mediate users interaction with devices. I confidently assert that the current architectures simply can't be secured, no matter how much junk is kludged to the task. Prove me wrong, please.
...so wouldn't it be more accurate to to say that computers, like bull-dozers, can be dangerous in the hands of malicious, ill-informed, inattentive, or incompetent users? If you know of any of these archetypes, try to make them smarter, but don't allow them root privileges to anything taller than an ankle-high weed. Give them some locked-down version of Windows, without admin privileges, lots of monitoring tools and features. Consider helmets, knee-pads and child safety locks.
Maintain a physically secure, access controlled, TEMPEST hardened room in a secret protected location. Verify through periodic repeated inspection and test that all production media in the room is physically isolated from all untrusted communications networks (ideally, all networks). When you absolutely must share secret information with Alice, invite Alice to your room. Verify her identity, physically hand her the the information to read, monitor her while she reads the information, then physically retrieve the information and escort Alice out of the room when she's done. Any and all discussions regarding the information remain in the room and allowed nowhere else. Alternately and less desirably, convey the information to Alice's corresponding secure room via trusted courier. In agreement with Alice, monitor her with proven effective investigation and surveillance techniques for the duration of your trusted relationship for any behavior or conditions in mitigation to continuing a relationship of trust. This is a proven system with high, but imperfect reliability. Nothing is perfect, but anything, IMI, anything on the Internet? Not as much.
If they're starting from scratch, I hope they will design for security rigor from the start. Recommend Multics as a case study. Not saying copy from architecture, but learn from intellectual approach. See http://www.multicians.org/hist...
Really. The bottom line that I'm hearing locally is that Cantor was perceived to be arrogant and detached, uninterested in his voting constituents' viewpoints (hasn't had a Town-Hall meeting, for example, for several years). He was perceived as focused exclusively on his Leadership position, and not so much in his responsibilities as Representative of the people of his district. All this bovine excrement that you're hearing in the press about this or that red-meat issue is largely DC beltway perspective, which was Cantor's focus, and his problem anyway. It is important that Representatives are occasionally reminded who they are, and why they're in Congress, so I have no problem with what took place.
That "'sketchy definition of "national sovereignty' when it isn't their own," is so unlike the other Five Eyes, the EU, Russia, BRICS, and, oh, say, China. Might I point out that we're all in one big round (or slightly oval) glass house, eh?
True. But professionally, like, "Led or participated in X Blue Team and Y Red Team reviews, resulting in discovery and remediation of z exploitable weaknesses." That's not bragging. If you sound like you're bragging, your credibility is diminished.
If you're a real White Hat, you're a professional. Professionals work. You complete your work tasking, while abiding by all rules, regulations, SOPS, and agreements associated with your work. Kids and amateurs play...and perhaps brag. Huge difference.
Slashdot Mirror
Thing is, the NSA and the DEA both do a lot of legitimately essential work across a number of important areas. Notwithstanding any argument whether in DEA's case there might be redundancy as one of many special focus law enforcement agencies, NSA performs some unique missions nobody else does, like crypto production, for example, or performs to the same level, like coordinating foreign focused Signals Intelligence among and serving the Military branches. Also, NSA itself is so stove-piped that even if one area really was "out of control" as alleged, other parts are regular, boring, but arguably essential grunt-work for no-kidding recognizable National Security functions. The key is that regulation and oversight, which is what legitimate bureaucracy is all about, has to be consistently enforced. Bureaucratic baboonery, though ordinary and pervasive, should be astutely and vigilantly guarded against. Like entropy, systems of people will always trend towards out-of-control conditions unless well managed.
Key questions include: a. what budget line item did the $900K come from?; b. what did the funding justification documentation look like?; and, c. at what level was this approved, and by whom? If DEA has so much money laying about that they can toss it around without adult supervision, then I suggest that there may be some oversight committees who might want to have some hearings.
...and hey, I thought that with "settled science" one is never allowed to question, or even more egregious, test, a theory, right?
You are beneath contempt, and it would be otherwise intuitive that you should be ignored as an aberration. However, it is extremely important that decent people of good will realize that their opposites, people like you, are not an aberration, that you exist in the environment as a pervasive and pernicious evil, and therefore appropriate countermeasures must be put in place and vigilance maintained.
..here's a bunny... Your message is weak and garbled unless it's really only to express gratuitous rage against the U. S. intelligence community, in which case, OK, at least that part is loud and clear. If, however, your point is to discourage participation of an informed and interested party in a useful forum that, independently, addresses a valid global concern, cyber security, then your message is both muddy and unsupported.
The confusing part of the conversation, I think, is the straw man idea of "releasing" the source code in order for it to be determined secure. What does "release" in that context even mean? If security is in question (which I assume to mean the constituent attributes of Confidentiality, Integrity and Availability), which security should always be for such a system, then one could use a trusted broker to examine and report on inspection and test of the architecture and code without "releasing" the code so that anyone could examine it, presumably to facilitate vulnerability discovery.
...are all about controlling OTHER peoples' behavior (and redistributing THEIR property).
I was making an observation, not an apology. Notice that I never added, "...and this is always good thing." That said, neither is it always a bad thing.
...and that's good. Loss of trust and confidence is the price one pays for getting caught breaching same.
All countries conduct espionage to the extent that they prioritize their capabilities, and against targets where they perceive threats and/or opportunities.
The bargain lies in the relatively low cost of relatively skilled labor. Other considerations, where there might be awareness, are secondary, or less.
“Power attracts the corruptible. Suspect any who seek it.” Frank Herbert, Chapterhouse: Dune
A wise Buckaroo once observed that wherever you go, well, there you are. This describes exactly how I feel about a new Windows version: "okey-dokey." I'll politely wield it sans pause or undue drama when some employer supplies it and/or circumstances requires it. In the mean time, I'll continue to happily and productively employ OS X and Gnu/Linux on machines that I purchase and use. Ain't diversity grand?
Because, since the mainframe days, a new and unforeseen computer/user pairing had evolved. For emphasis, I'll say it again, evolved; never designed from the ground up. Smaller cheaper, but nonetheless ever more powerful, computers became available to a class of consumers spanning the general population, now networked to many other such computer/user pairs. These general-population consumers find themselves operating systems far beyond their ability (or time, inclination, etc.) to understand and safely control except as mediated by a deceptively enabling and presumed (to the user) protective interfaces. The problem is that computers are mechanisms designed to automate and execute instructions. That's what they are; and, networks are necessarily designed to facilitate communication. That's what they do. Yet, underlying system architectures and interfaces, though enabling, never evolved commensurately to the task of satisfactory trade-offs between function and security for ubiquitous employment in a general population. I have no idea what the solution is, but I suspect that we need to do some fundamental rethinking of secure architectures and user interfaces. Architectures need to more safely isolate data and logical functionality, and interfaces need to more safely mediate users interaction with devices. I confidently assert that the current architectures simply can't be secured, no matter how much junk is kludged to the task. Prove me wrong, please.
...so wouldn't it be more accurate to to say that computers, like bull-dozers, can be dangerous in the hands of malicious, ill-informed, inattentive, or incompetent users? If you know of any of these archetypes, try to make them smarter, but don't allow them root privileges to anything taller than an ankle-high weed. Give them some locked-down version of Windows, without admin privileges, lots of monitoring tools and features. Consider helmets, knee-pads and child safety locks.
Agreed. Serves the little buggers right for being so tasty.
Maintain a physically secure, access controlled, TEMPEST hardened room in a secret protected location. Verify through periodic repeated inspection and test that all production media in the room is physically isolated from all untrusted communications networks (ideally, all networks). When you absolutely must share secret information with Alice, invite Alice to your room. Verify her identity, physically hand her the the information to read, monitor her while she reads the information, then physically retrieve the information and escort Alice out of the room when she's done. Any and all discussions regarding the information remain in the room and allowed nowhere else. Alternately and less desirably, convey the information to Alice's corresponding secure room via trusted courier. In agreement with Alice, monitor her with proven effective investigation and surveillance techniques for the duration of your trusted relationship for any behavior or conditions in mitigation to continuing a relationship of trust. This is a proven system with high, but imperfect reliability. Nothing is perfect, but anything, IMI, anything on the Internet? Not as much.
If they're starting from scratch, I hope they will design for security rigor from the start. Recommend Multics as a case study. Not saying copy from architecture, but learn from intellectual approach. See http://www.multicians.org/hist...
Really. The bottom line that I'm hearing locally is that Cantor was perceived to be arrogant and detached, uninterested in his voting constituents' viewpoints (hasn't had a Town-Hall meeting, for example, for several years). He was perceived as focused exclusively on his Leadership position, and not so much in his responsibilities as Representative of the people of his district. All this bovine excrement that you're hearing in the press about this or that red-meat issue is largely DC beltway perspective, which was Cantor's focus, and his problem anyway. It is important that Representatives are occasionally reminded who they are, and why they're in Congress, so I have no problem with what took place.
That "'sketchy definition of "national sovereignty' when it isn't their own," is so unlike the other Five Eyes, the EU, Russia, BRICS, and, oh, say, China. Might I point out that we're all in one big round (or slightly oval) glass house, eh?
So, isn't gcc one source? Just compile the compil...oh...
make that "rumor"...too early and it's raining
This have anything to do with that monolith the Chinese rover found on the moon? (...just thought I'd start that roomer.)
True. But professionally, like, "Led or participated in X Blue Team and Y Red Team reviews, resulting in discovery and remediation of z exploitable weaknesses." That's not bragging. If you sound like you're bragging, your credibility is diminished.
If you're a real White Hat, you're a professional. Professionals work. You complete your work tasking, while abiding by all rules, regulations, SOPS, and agreements associated with your work. Kids and amateurs play...and perhaps brag. Huge difference.