Actually, yes. Apparently he was known to have made remarks about inciting a coup, so he was put under surveillance, found to not be a threat to US interests, and the surveillance was stopped.
Ah, there's the crux of your argument! It seems that you don't consider design or engineering to be actual work.
And another thing, copyright wasn't even created to protect the artist/creator. The was a time when they were not even considered in the law. It was made to protect the distribution/publishing industry, to whom the artist/creator had to give up all his rights.
That's a fantastic bit of revisionism you've got there, but it's not how things actually happened. The first publishing laws were effectively censorship, requiring all books to be approved by the state, lest they spread any bad ideas. There was no concern for authors, who usually were removed from their works entirely. There was also no concept of intellectual property, but rather the first publisher to register a book with the government received a transferable monopoly on its production. Unregistered (and thus unapproved) books were illegal to print, and government agents would routinely search for illegal printing operations. These laws, however, have no relationship to modern copyright laws, and had lapsed 15 years prior to the legal invention of copyright.
In the early 1700s (250 years after Gutenberg's press), the first actual copyright law (the Statute of Anne) permitted anyone to publish and have legal protection against unauthorized reproduction. It explicitly granted rights to authors, not publishers, and actually undermined the publishing industry by legalizing the resale of books by those outside the printing industry. The authors then had an exclusive right to their intellectual work, and could license it to publishers.
I will grant you are making a fine 570 year old argument for the old writers guild against Gutenberg's printing press.
570 years ago Gutenberg hadn't printed his bible, the press hadn't spread through Europe, and the censorship laws hadn't yet been enacted. The "writers guild", as much as such a thing existed, was a bunch of scribes copying manuscripts at the direction of the state religious leaders.
I didn't ask about the craftsmen building the sofas and hot tubs. I asked about the designers who did the design work that you're duplicating with your printer just fine.
Similarly, the folks designing fine Interni sofas and real Jacuzzis would likely rather sit on their porches than design such luxuries for you if they aren't being paid. What makes your time and effort worth so much more than theirs?
You can be self-sufficient for that, too. All you have to do is spend a bit of time learning your laws and legal procedures. Start at your local library.
Well, yes. As with any new legislation, there will be court cases to establish its reasonable limits as precedent. There will be a claim that a simple chair is copyrighted, and another claim that it is public domain, and the courts will have to explain the reasons for their decisions. In time, the laws and interpretations become predictable.
...you assholes pushed for more and more extensions and restrictions...
That's fascinating... I've not mentioned my opinion of copyright duration in this discussion at all. Since you brought it up, I'll say that I think copyright terms should be much more complicated than they are now, with certain protections (like characters and exact text) renewable and longer-lasting than other aspects (like design and details). Nearly a century after Mickey Mouse was first sketched, I don't think you should be free to produce your own Mickey Mouse cartoons, but dropping a clip of Steamboat Willie into a compilation shouldn't bring legal risk.
If you're willing to work to grow your own food, why not work to design your own furniture?
Go study ergonomics. Go measure your biometrics. Go compute the load factors and necessary structural supports. Go design the contours and material attachments required to make something that is perfectly comfortable for you, rather than just cribbing someone else's work. Then if it happens to look like a commercial design, you have a nice solid legal ground to stand on and say "I made this on my own".
So yes, if a man wants to built a chair from wood, even without designing it on paper they will already have a base picture in the head of what will come out based on the definition of a chair and its purpose, and any form which characterizes the chair will come from the individual's personality/character influencing the end design.
So if he wants to build a chair with a 3D printer, then he can build his own chair. He can throw some blocks together in a modeler, print it out, and let his personality influence the end design, not mine. Of course, then there's the material engineering to be added, like bracing on the legs or a dished seat, or design features like a reclining mechanism, or an adjustable armrest. What figured out how to make those function and fit the chair's design was my personality and character, combined with my time and effort, not his.
Also, compensating some foreigner not from my nation, for having the gal[l] to know what a chair looks like by its very definition?
Frankly, I don't care what nation you're from. The vast majority of nations have signed treaties to respect the intellectual work of people regardless of their citizenship, so if I choose to pursue legal action because you blatantly copied my design work without the legal right to do so, you'll find your local law enforcement will care very little about how you define a chair.
I'll disagree about the "bullshit" part, but you're right. The theory is the same.
Someone put intellectual effort into a piece of work, and technology allows it to be cloned indefinitely, effectively dividing the value of the effort indefinitely. Whether that's something that you think should be protected against or not, it is no different from any other application of copyright.
...people can and will indeed be prosecuted for manufacturing their own furniture using their own tools...
...and someone else's design and engineering. That's a major effect of 3D printing now: someone else's design and engineering effort gets reduced to massively-replicated data. Sometimes it's intentional and done at the will of the creator, but with 3D scanners, it's a short jump to a lifestyle where if you want something, you only have to see it, and you can print a dozen. Why bother with commerce and incentivizing the design arts when you could just clone something for the cost of matierials?
It's reasonable to see the analogy to literary copyright. A similar design effort and craftsmanship goes into writing, and legislators over the last few centuries have found the value of such to be worthy of legal protection. Designed material goods did not need such protection, primarily because the labor cost to replicate a design makes copying a low-profit business. Now we have 3D printers virtually eliminating that cost, as Gutenberg's printing press did for literature, and we must again consider the socioeconomic impacts.
Mounting something reflective means that's something extra the missile can track, negating the whole point of evasion training. The idea is that the pilot learns the effects of various tactics while a missile's tracking them.
They'd need something the SAM launcher can track to give the missile an initial lock, without altering the missile's characteristics. A transponder they can turn on (for the initial launch) and off (once the missile sees them and starts tracking) would do the job nicely.
I've worked for the government, and yes, it's as bad as you say. However, I find it very hard to believe that any other large country does any better. Bureaucracy has the same faults everywhere.
...And yet, other outlets manage to do just fine getting dirt on Russia, or at least don't editorialize so much.
It's not an excuse. It's an explanation. Those are different things.
The problem with the emails is their source. WikiLeaks has shown great interest in anti-US material, and comparatively very little interest in anything that disparages Russia. Their bias has been analysed pretty thoroughly, and it calls their motives into question. That, in turn, means we must question the integrity of anything they release.
For example, consider the differences in the edited and un-edited versions of the Collateral Murder video. The raw footage shows a pretty typical battle, where a group of men, some of them armed, are loitering in an area where American troops have been under attack all morning. The edited version shows a group of men, and highlights that two of them are not armed, and in a slow-motion frame comparison, shows that one of the apparent weapons was actually a telephoto camera lens, then shows them being attacked by American fire. There are numerous other differences.
There's a huge difference in context between the two versions, which Assange himself has said was intentional for "political effect". In the raw video, the soldiers' actions are justified, though mistaken. In the edited version, they're portrayed as ruthless killers intentionally targeting civilians.
Now WikiLeaks has released a bunch of emails. That's great, but we must ask: what editing has been done here? Did they (or their possibly-Russian source) strip out any emails that conflict with the "DNC is corrupt" narrative? Are the emails signed? Is it possible or probable that some of the damning emails edited or completely faked?
These sorts of questions should be raised every time a leak is made public. The leakers always have an agenda, and it may not necessarily be to "inform the public".
With all that in mind, consider again what's being said. There is no denial of the emails' existence, and little discussion of the emails' content. Instead, at this point there's just a request to consider the trail the emails have followed, and the impact that has on their credibility.
A) actual skills, not just a script-kiddy with corporate backing.
Elitism. Got it.
B) when they were done, they would leave a place relatively more secure. For example, I can go to a place and say, "look, your windows are insecure, and if you put bars on the windows, it will be more secure." That will be 100% accurate, but not particularly useful, and in practice doesn't address most threats companies face.
That depends entirely on the client. Bars on the windows are important for a convenience store in a bad neighborhood. Similarly, a reinforced perimeter is important for any facility whose risk is more physical than electronic. One example that comes to mind is a store's cash supply. I've seen a restaurant whose cash was stored in the manager's office, which had a single-pane window into the dining area.
C) the primary focus generally should be on securing against remote attacks, because that's where your highest exposure is. Anyone can plop down a wifi pineapple, but most people who do so are security consultants. In practice, black-hats favor remote exploits.
Black-hats favor whatever gets to their target. Remote exploits are easy and safe, but also easily foiled by a suitable firewall. Rogue wi-fi is also already very common in business-oriented hotels, sometimes even going so far as to spoof the hotel's captive portal. Their goal is to capture corporate logins, providing easy access for corporate espionage. The only effective defense is user education.
Here again, it depends on the client's needs. If the attack is worth more than the price of a plane ticket, any suitably-motivated attacker could come to the office for a visit. If the company regularly sends travelers to hotels, those travelers should be aware of the risks they face. In a very obvious example, I once heard of a political convention with some rogue APs set up monitoring users' traffic. They could have easily injected drive-by downloads to try to get malware behind corporate firewalls, or even directly onto target devices.
The reality of information security is that the least-impressive attacks are often the most effective. The single most effective step to make a company safer is to ensure that they are thinking about all aspects of security, not just focusing on one particular class of attack.
You can't just hire a security consultant to run a test, then stick on his list of band-aid fixes and be done with it.
And yet that's what many snake-oil consultants offer.
...but a comprehensive practical test is what you complained about in the first place!
they set up a fake wireless access point in an office, and when a lot of people accidentally connect to it, th[e]y sniff some passwords. After that, they show it to the boss and say, "look how insecure you are!" The boss is shocked and they send a bill, even though they've done nearly nothing.
If they're a level up, they might have an automated Metasploit script to throw at servers.
So let me get this straight... a consultant who walks in and says "look how insecure you are!" and raises general awareness of security is a bad thing, per your earlier post. A consultant who offers a list of exploits is only "a level up" from that. Per your last post, you agree that a consultant delivering just a list of patches is bad.
What do you think a good security consultant would deliver, exactly?
The weren't "practically" secure before the test, and given the extreme lack of protection, probably weren't even aware of it. Now they are aware of it, and can start pursuing better options for protection. The servers and networks haven't changed, but the improvement in awareness puts them in a much better position. Now they can improve.
Again, a consultant's job really boils down to the terms of the contract. If the contract says to evaluate the company security, that's what you do. If the result of that evaluation is to simply say "your company is horrifyingly insecure", then sometimes that's the job. To that end, it's rather silly to spend a week deeply probing Apache vulnerabilities or zero-day injection attacks when executives are broadcasting their passwords in plaintext. Attackers don't care if their exploits are inelegant or obvious. Low-hanging fruit is still fruit.
Security is not a checklist, despite what managers might think. You can't just hire a security consultant to run a test, then stick on his list of band-aid fixes and be done with it. Rather, every employee, vendor, contractor, and visitor must have the appropriate training and controls to ensure that the company is secure, and that diligence must continue even when the contractor's gone. From the manager's perspective, a consultant who's done a thorough investigation and turns in a textbook for a report has done impressive work... but a consultant who brings clear attention to an endemic problem of security negligence has done better work.
If I'm a manager, that kind of concise finding is something I can elevate and focus on fixing, rather than having it buried inside a report of a thousand low-exposure vulnerabilities.
So in other words, they did their job and got paid.
They were contracted to find vulnerabilities, and they accurately determined that user credentials were easily compromised with a basic attack. If they were not pentesters, but rather actual attackers, they would have everything they need to access the company servers and start wreaking havoc. Even if they only sniffed users' personal credentials, they still have enough access to start social engineering or coercion attacks against the employees.
Depending on the terms of the contract, the consultants may not be allowed to test passwords they find. They may only be allowed to report that they found something that looks like it should be a password.
Of course, it may also highlight some other key details, like company devices automatically connecting to known SSIDs, or a lack of encryption on the legitimate wireless network. If their attack went undetected by the company's security team, a suitably-paranoid company may want to install systems to detect rogue access points.
A colleague of mine once was hired to do a week of pentesting. The first morning, he tailgated through a locked door by carrying some boxes, found an unlocked network closet, and connected to the client's network and started sniffing unencrypted traffic, including plaintext passwords for the admins. Those let him access every server he tried, and he ended up cutting the test short by lunch. He delivered a brief report in the afternoon, essentially saying that the general approach to security was so bad that further testing wouldn't be productive. His recommendation was to cancel the security testing contract and move the budget to basic security training.
It indicates that their systems are so old as to require special purpose hardware.
A VGA monitor is now considered "special-purpose hardware"?
Having a CRT monitor indicates only that the system is compatible with a CRT monitor. If you're making further assumptions about the system's capabilities based on the age of a peripheral device, that's your fault, not the system's.
As one example, in the mid-2000s, I worked at a company whose main computer was built in 1988...
Sure, one single system in the back of one company did not get upgraded.
No, that was the main system running the whole industry-leading company.
I'd be willing to bet that the reason it didn't get upgraded was simple - it had got so old that it was at this point a major pain, and a major cost to upgrade.
That's only half of it. The other half was that it wouldn't bring any benefit. The company's production was limited by physical processes and market demand, not the computer's record-keeping.
Furthermore, how many of the systems sat on the desks of average employees were that old?
Outside of the customer service area (who had shiny new Windows XP boxes, with DSL Internet access!), there were three other new computers in the company, all for special-purpose workstations that needed to do processing-intensive tasks. Most desks had VT terminals (ranging from VT300s to VT520s) to connect to the mainframe.
Care to take a guess at the reason?
I'll go with "the cost/benefit analysis did not support an upgrade", since that was the CEO's answer when I asked. Each department did one thing, and one thing only. The system already existed, and was known to work well for the necessary tasks. The company had the source to the software, and made software changes when necessary to support improved workflows, but for the most part the process was mature.
It takes a bunch of literal paper pushing, and probably a bunch more employee time in the back office.
So it's not actually related to the CRT monitors?
In the UK, this is 5 minutes of the customer's time to fill on a form on the internet, and no time spent by employees at all (bar the amortised cost of the guys running the IT system and database).
...that you know of. Realistically, there could be a herd of paper-pushers in the back end that you'd never know about, because you're getting distracted by the shiny interface.
The act of...
Let me just interrupt this rant with "your mileage may vary". The last time I went to the DMV, it was for a full re-issue of a driver's license after a relocation, and required a test. The whole process, from entering the building to walking out, took about an hour.
After the queue, the agent scanned my old license to read the data, checked it for accuracy, and sent it to the back for processing while I waited for an available test machine. The tests were administered on kiosks built around CRT touchscreens, that looked like they had been operating since I was using that aforementioned mainframe. One test machine was being serviced, and I noticed that the kiosk was just a commodity desktop PC running Windows 7. The PC had a small form factor case, sitting in a cabinet just the right size for a full tower. Clearly, the machine had been upgraded, but the cabinet and interface was original.
By the time I had finished the test, my forms had been processed, and the agent handled the registration of my vehicle while my license was being printed. The agent submitted the vehicle paperwork to be processed while retrieving the license and handling payment. Once the vehicle processing was finished, I was handed new vehicle plates and wished a pleasant day.
The problem is that that assertion doesn't line up with reality. Go down to your DMV some time, and observe the kinds of systems that they're using. They're using databases built in the 80s and 90s on top of DOS, running on ancient computers with CRT monitors (at least around here).
...And is that a problem? Does the thickness of the monitor really impact how legibly they can print your drivers' license?
What reasonable business do you know of that hasn't upgraded their systems since that time to allow for more efficiency savings, faster processing, reduced staff costs etc?
As one example, in the mid-2000s, I worked at a company whose main computer was built in 1988, with only minor upgrades (disk capacity, and a modem that was occasionally plugged in so it could be maintained remotely) since its construction. It had survived the obsolescence of its product line, the rise of DOS and Windows, and had only a minor stumble for Y2K. For a system whose primary purpose was tracking orders moving through departments, and tracking employees' time cards, it did the job perfectly well. That particular company was in the top 10% of the industry by order volume and profits, so it seems to have done just fine by most standards of "reasonable".
There's a lack of investment in this kind of system, plain and simple, being disguised as "government efficiency" by the republicans.
Again, to show the other perspective, there is grossly excessive spending in other kinds of systems, being disguised as "upgrades" by the Democrats.
I'm not promoting any particular political party here. Rather, my point is to illustrate that every partisan criticism in this thread has an equally-valid counterpoint that is too-often glossed over. When the Republicans shout about "spending", the Democrats shout "obsolescence". Nobody ever seems to want "get what's useful and nothing more", or "review the cost/benefit analysis for every component in the system".
I've worked for the federal government before, notably on one particular system whose lifespan was about 20 years. The system was designed and built to be state-of-the-art, using top-of-the-line COTS hardware available at the time (as a cost-saving measure, naturally). Ten years into the system life, those original components were obsolete, and being replaced with new top-of-the-line hardware, with the promises you mentioned: efficiency savings, faster processing, reduced costs, et cetera.
However, the basic workflow hadn't changed at all, and the software hadn't been rewritten (as that'd be prohibitively expensive), but only ported up to newer technologies. Even though each part of the process was indeed faster, the system as a whole hadn't changed significantly. It could run perfectly fine on modern (for the day) mid-grade or even low-end hardware, but because "upgrades" were seen as desirable, the system continued to be built with top-of-the-line parts, for about triple the cost.
Towards the end of the project lifespan, there was an effort to re-engineer it using minimal hardware, but by that point the idea had grown into something of a legend. The managers (and bureaucrats) who had seen the system's early versions and knew its original cost couldn't believe the system could actually run on such a low hardware budget. Every actual test was successful, but the mantra that "you get what you pay for" had become such an integral part of common sense that actually getting approval for a cost-efficient system was impossible. Eventually, my team ended up inflating our quoted costs to get approval, then delivering a working system under budget and getting extra praise.
That tale doesn't meet my idea of "reasonable", but it was definitely the reality that I saw.
Political flamebait works both ways. The other side of the coin is that Democrats set up overly complicated systems that can't work without an ever-increasing price tag, then complain (loudly) that they just aren't getting the support they need.
Let's move on.
When the Federal government is [involved], don't blame on intentional malice that which can be explained by...
...anything else.
Bureaucracy in general is a breeding ground for unintentional malice. There are literally thousands of people in the federal government with the ability to influence programs like this, and they often have conflicting priorities. Some are mostly concerned about the economic cost, thinking that a strong economy is the clearest path to "general welfare". Others want social support services, being of the opinion that minimizing hardship makes everyone's lives better. Some think that government should do as little as possible, allowing individuals to decide for themselves how to pursue happiness, while still others believe that a life led according to religious principles leads to a better eternity.
Those are only a few examples, and not terribly nuanced, either. People can have multiple opinions, conflicting opinions, and even different opinions for different subjects derived from the same principles. The representative government reflects the opinions of the people, and in a country of over 300 million people, it is perfectly reasonable to have a very complicated set of opinions in government.
The most that we as individuals can hope for is that occasionally, enough people agree on an issue that they'll do something matching one of our strong opinions.
They broke British laws, and when some of those leaders were caught in British territory, they were indeed made to face the punishments for their crimes.
Slashdot Mirror
Actually, yes. Apparently he was known to have made remarks about inciting a coup, so he was put under surveillance, found to not be a threat to US interests, and the surveillance was stopped.
In other words, due process worked just fine.
They can get paid for working, just like I do.
Ah, there's the crux of your argument! It seems that you don't consider design or engineering to be actual work.
And another thing, copyright wasn't even created to protect the artist/creator. The was a time when they were not even considered in the law. It was made to protect the distribution/publishing industry, to whom the artist/creator had to give up all his rights.
That's a fantastic bit of revisionism you've got there, but it's not how things actually happened. The first publishing laws were effectively censorship, requiring all books to be approved by the state, lest they spread any bad ideas. There was no concern for authors, who usually were removed from their works entirely. There was also no concept of intellectual property, but rather the first publisher to register a book with the government received a transferable monopoly on its production. Unregistered (and thus unapproved) books were illegal to print, and government agents would routinely search for illegal printing operations. These laws, however, have no relationship to modern copyright laws, and had lapsed 15 years prior to the legal invention of copyright.
In the early 1700s (250 years after Gutenberg's press), the first actual copyright law (the Statute of Anne) permitted anyone to publish and have legal protection against unauthorized reproduction. It explicitly granted rights to authors, not publishers, and actually undermined the publishing industry by legalizing the resale of books by those outside the printing industry. The authors then had an exclusive right to their intellectual work, and could license it to publishers.
I will grant you are making a fine 570 year old argument for the old writers guild against Gutenberg's printing press.
570 years ago Gutenberg hadn't printed his bible, the press hadn't spread through Europe, and the censorship laws hadn't yet been enacted. The "writers guild", as much as such a thing existed, was a bunch of scribes copying manuscripts at the direction of the state religious leaders.
I didn't ask about the craftsmen building the sofas and hot tubs. I asked about the designers who did the design work that you're duplicating with your printer just fine.
Similarly, the folks designing fine Interni sofas and real Jacuzzis would likely rather sit on their porches than design such luxuries for you if they aren't being paid. What makes your time and effort worth so much more than theirs?
You don't. When you say you want to be "self-sufficient", exactly what resource do you think you're going to spend?
You can be self-sufficient for that, too. All you have to do is spend a bit of time learning your laws and legal procedures. Start at your local library.
...people will wind up in court...
Well, yes. As with any new legislation, there will be court cases to establish its reasonable limits as precedent. There will be a claim that a simple chair is copyrighted, and another claim that it is public domain, and the courts will have to explain the reasons for their decisions. In time, the laws and interpretations become predictable.
...you assholes pushed for more and more extensions and restrictions...
That's fascinating... I've not mentioned my opinion of copyright duration in this discussion at all. Since you brought it up, I'll say that I think copyright terms should be much more complicated than they are now, with certain protections (like characters and exact text) renewable and longer-lasting than other aspects (like design and details). Nearly a century after Mickey Mouse was first sketched, I don't think you should be free to produce your own Mickey Mouse cartoons, but dropping a clip of Steamboat Willie into a compilation shouldn't bring legal risk.
If you're willing to work to grow your own food, why not work to design your own furniture?
Go study ergonomics. Go measure your biometrics. Go compute the load factors and necessary structural supports. Go design the contours and material attachments required to make something that is perfectly comfortable for you, rather than just cribbing someone else's work. Then if it happens to look like a commercial design, you have a nice solid legal ground to stand on and say "I made this on my own".
So yes, if a man wants to built a chair from wood, even without designing it on paper they will already have a base picture in the head of what will come out based on the definition of a chair and its purpose, and any form which characterizes the chair will come from the individual's personality/character influencing the end design.
So if he wants to build a chair with a 3D printer, then he can build his own chair. He can throw some blocks together in a modeler, print it out, and let his personality influence the end design, not mine. Of course, then there's the material engineering to be added, like bracing on the legs or a dished seat, or design features like a reclining mechanism, or an adjustable armrest. What figured out how to make those function and fit the chair's design was my personality and character, combined with my time and effort, not his.
Also, compensating some foreigner not from my nation, for having the gal[l] to know what a chair looks like by its very definition?
Frankly, I don't care what nation you're from. The vast majority of nations have signed treaties to respect the intellectual work of people regardless of their citizenship, so if I choose to pursue legal action because you blatantly copied my design work without the legal right to do so, you'll find your local law enforcement will care very little about how you define a chair.
I'll disagree about the "bullshit" part, but you're right. The theory is the same.
Someone put intellectual effort into a piece of work, and technology allows it to be cloned indefinitely, effectively dividing the value of the effort indefinitely. Whether that's something that you think should be protected against or not, it is no different from any other application of copyright.
Only terrorists seek self sufficiency.
Exploiting the work of others without compensation is a far cry from self-sufficiency.
Do you think the furniture designs itself?
(From TFS))
...people can and will indeed be prosecuted for manufacturing their own furniture using their own tools...
...and someone else's design and engineering. That's a major effect of 3D printing now: someone else's design and engineering effort gets reduced to massively-replicated data. Sometimes it's intentional and done at the will of the creator, but with 3D scanners, it's a short jump to a lifestyle where if you want something, you only have to see it, and you can print a dozen. Why bother with commerce and incentivizing the design arts when you could just clone something for the cost of matierials?
It's reasonable to see the analogy to literary copyright. A similar design effort and craftsmanship goes into writing, and legislators over the last few centuries have found the value of such to be worthy of legal protection. Designed material goods did not need such protection, primarily because the labor cost to replicate a design makes copying a low-profit business. Now we have 3D printers virtually eliminating that cost, as Gutenberg's printing press did for literature, and we must again consider the socioeconomic impacts.
We're not training the missile ops to use their radar, though.
We're training the pilots on how to use their plane's stealth to evade missiles. Undermining that stealth capability doesn't help.
Mounting something reflective means that's something extra the missile can track, negating the whole point of evasion training. The idea is that the pilot learns the effects of various tactics while a missile's tracking them.
They'd need something the SAM launcher can track to give the missile an initial lock, without altering the missile's characteristics. A transponder they can turn on (for the initial launch) and off (once the missile sees them and starts tracking) would do the job nicely.
I've worked for the government, and yes, it's as bad as you say. However, I find it very hard to believe that any other large country does any better. Bureaucracy has the same faults everywhere.
...And yet, other outlets manage to do just fine getting dirt on Russia, or at least don't editorialize so much.
It's not an excuse. It's an explanation. Those are different things.
The problem with the emails is their source. WikiLeaks has shown great interest in anti-US material, and comparatively very little interest in anything that disparages Russia. Their bias has been analysed pretty thoroughly, and it calls their motives into question. That, in turn, means we must question the integrity of anything they release.
For example, consider the differences in the edited and un-edited versions of the Collateral Murder video. The raw footage shows a pretty typical battle, where a group of men, some of them armed, are loitering in an area where American troops have been under attack all morning. The edited version shows a group of men, and highlights that two of them are not armed, and in a slow-motion frame comparison, shows that one of the apparent weapons was actually a telephoto camera lens, then shows them being attacked by American fire. There are numerous other differences.
There's a huge difference in context between the two versions, which Assange himself has said was intentional for "political effect". In the raw video, the soldiers' actions are justified, though mistaken. In the edited version, they're portrayed as ruthless killers intentionally targeting civilians.
Now WikiLeaks has released a bunch of emails. That's great, but we must ask: what editing has been done here? Did they (or their possibly-Russian source) strip out any emails that conflict with the "DNC is corrupt" narrative? Are the emails signed? Is it possible or probable that some of the damning emails edited or completely faked?
These sorts of questions should be raised every time a leak is made public. The leakers always have an agenda, and it may not necessarily be to "inform the public".
With all that in mind, consider again what's being said. There is no denial of the emails' existence, and little discussion of the emails' content. Instead, at this point there's just a request to consider the trail the emails have followed, and the impact that has on their credibility.
A) actual skills, not just a script-kiddy with corporate backing.
Elitism. Got it.
B) when they were done, they would leave a place relatively more secure. For example, I can go to a place and say, "look, your windows are insecure, and if you put bars on the windows, it will be more secure." That will be 100% accurate, but not particularly useful, and in practice doesn't address most threats companies face.
That depends entirely on the client. Bars on the windows are important for a convenience store in a bad neighborhood. Similarly, a reinforced perimeter is important for any facility whose risk is more physical than electronic. One example that comes to mind is a store's cash supply. I've seen a restaurant whose cash was stored in the manager's office, which had a single-pane window into the dining area.
C) the primary focus generally should be on securing against remote attacks, because that's where your highest exposure is. Anyone can plop down a wifi pineapple, but most people who do so are security consultants. In practice, black-hats favor remote exploits.
Black-hats favor whatever gets to their target. Remote exploits are easy and safe, but also easily foiled by a suitable firewall. Rogue wi-fi is also already very common in business-oriented hotels, sometimes even going so far as to spoof the hotel's captive portal. Their goal is to capture corporate logins, providing easy access for corporate espionage. The only effective defense is user education.
Here again, it depends on the client's needs. If the attack is worth more than the price of a plane ticket, any suitably-motivated attacker could come to the office for a visit. If the company regularly sends travelers to hotels, those travelers should be aware of the risks they face. In a very obvious example, I once heard of a political convention with some rogue APs set up monitoring users' traffic. They could have easily injected drive-by downloads to try to get malware behind corporate firewalls, or even directly onto target devices.
The reality of information security is that the least-impressive attacks are often the most effective. The single most effective step to make a company safer is to ensure that they are thinking about all aspects of security, not just focusing on one particular class of attack.
You can't just hire a security consultant to run a test, then stick on his list of band-aid fixes and be done with it.
And yet that's what many snake-oil consultants offer.
...but a comprehensive practical test is what you complained about in the first place!
they set up a fake wireless access point in an office, and when a lot of people accidentally connect to it, th[e]y sniff some passwords. After that, they show it to the boss and say, "look how insecure you are!" The boss is shocked and they send a bill, even though they've done nearly nothing.
If they're a level up, they might have an automated Metasploit script to throw at servers.
So let me get this straight... a consultant who walks in and says "look how insecure you are!" and raises general awareness of security is a bad thing, per your earlier post. A consultant who offers a list of exploits is only "a level up" from that. Per your last post, you agree that a consultant delivering just a list of patches is bad.
What do you think a good security consultant would deliver, exactly?
No, just ones about laser-wielding martian AI robots.
It's funny, and Slashdot has never been a particularly serious place.
The weren't "practically" secure before the test, and given the extreme lack of protection, probably weren't even aware of it. Now they are aware of it, and can start pursuing better options for protection. The servers and networks haven't changed, but the improvement in awareness puts them in a much better position. Now they can improve.
Again, a consultant's job really boils down to the terms of the contract. If the contract says to evaluate the company security, that's what you do. If the result of that evaluation is to simply say "your company is horrifyingly insecure", then sometimes that's the job. To that end, it's rather silly to spend a week deeply probing Apache vulnerabilities or zero-day injection attacks when executives are broadcasting their passwords in plaintext. Attackers don't care if their exploits are inelegant or obvious. Low-hanging fruit is still fruit.
Security is not a checklist, despite what managers might think. You can't just hire a security consultant to run a test, then stick on his list of band-aid fixes and be done with it. Rather, every employee, vendor, contractor, and visitor must have the appropriate training and controls to ensure that the company is secure, and that diligence must continue even when the contractor's gone. From the manager's perspective, a consultant who's done a thorough investigation and turns in a textbook for a report has done impressive work... but a consultant who brings clear attention to an endemic problem of security negligence has done better work.
If I'm a manager, that kind of concise finding is something I can elevate and focus on fixing, rather than having it buried inside a report of a thousand low-exposure vulnerabilities.
So in other words, they did their job and got paid.
They were contracted to find vulnerabilities, and they accurately determined that user credentials were easily compromised with a basic attack. If they were not pentesters, but rather actual attackers, they would have everything they need to access the company servers and start wreaking havoc. Even if they only sniffed users' personal credentials, they still have enough access to start social engineering or coercion attacks against the employees.
Depending on the terms of the contract, the consultants may not be allowed to test passwords they find. They may only be allowed to report that they found something that looks like it should be a password.
Of course, it may also highlight some other key details, like company devices automatically connecting to known SSIDs, or a lack of encryption on the legitimate wireless network. If their attack went undetected by the company's security team, a suitably-paranoid company may want to install systems to detect rogue access points.
A colleague of mine once was hired to do a week of pentesting. The first morning, he tailgated through a locked door by carrying some boxes, found an unlocked network closet, and connected to the client's network and started sniffing unencrypted traffic, including plaintext passwords for the admins. Those let him access every server he tried, and he ended up cutting the test short by lunch. He delivered a brief report in the afternoon, essentially saying that the general approach to security was so bad that further testing wouldn't be productive. His recommendation was to cancel the security testing contract and move the budget to basic security training.
Please try reading.
It indicates that their systems are so old as to require special purpose hardware.
A VGA monitor is now considered "special-purpose hardware"?
Having a CRT monitor indicates only that the system is compatible with a CRT monitor. If you're making further assumptions about the system's capabilities based on the age of a peripheral device, that's your fault, not the system's.
As one example, in the mid-2000s, I worked at a company whose main computer was built in 1988...
Sure, one single system in the back of one company did not get upgraded.
No, that was the main system running the whole industry-leading company.
I'd be willing to bet that the reason it didn't get upgraded was simple - it had got so old that it was at this point a major pain, and a major cost to upgrade.
That's only half of it. The other half was that it wouldn't bring any benefit. The company's production was limited by physical processes and market demand, not the computer's record-keeping.
Furthermore, how many of the systems sat on the desks of average employees were that old?
Outside of the customer service area (who had shiny new Windows XP boxes, with DSL Internet access!), there were three other new computers in the company, all for special-purpose workstations that needed to do processing-intensive tasks. Most desks had VT terminals (ranging from VT300s to VT520s) to connect to the mainframe.
Care to take a guess at the reason?
I'll go with "the cost/benefit analysis did not support an upgrade", since that was the CEO's answer when I asked. Each department did one thing, and one thing only. The system already existed, and was known to work well for the necessary tasks. The company had the source to the software, and made software changes when necessary to support improved workflows, but for the most part the process was mature.
It takes a bunch of literal paper pushing, and probably a bunch more employee time in the back office.
So it's not actually related to the CRT monitors?
In the UK, this is 5 minutes of the customer's time to fill on a form on the internet, and no time spent by employees at all (bar the amortised cost of the guys running the IT system and database).
...that you know of. Realistically, there could be a herd of paper-pushers in the back end that you'd never know about, because you're getting distracted by the shiny interface.
The act of ...
Let me just interrupt this rant with "your mileage may vary". The last time I went to the DMV, it was for a full re-issue of a driver's license after a relocation, and required a test. The whole process, from entering the building to walking out, took about an hour.
After the queue, the agent scanned my old license to read the data, checked it for accuracy, and sent it to the back for processing while I waited for an available test machine. The tests were administered on kiosks built around CRT touchscreens, that looked like they had been operating since I was using that aforementioned mainframe. One test machine was being serviced, and I noticed that the kiosk was just a commodity desktop PC running Windows 7. The PC had a small form factor case, sitting in a cabinet just the right size for a full tower. Clearly, the machine had been upgraded, but the cabinet and interface was original.
By the time I had finished the test, my forms had been processed, and the agent handled the registration of my vehicle while my license was being printed. The agent submitted the vehicle paperwork to be processed while retrieving the license and handling payment. Once the vehicle processing was finished, I was handed new vehicle plates and wished a pleasant day.
The problem is that that assertion doesn't line up with reality. Go down to your DMV some time, and observe the kinds of systems that they're using. They're using databases built in the 80s and 90s on top of DOS, running on ancient computers with CRT monitors (at least around here).
...And is that a problem? Does the thickness of the monitor really impact how legibly they can print your drivers' license?
What reasonable business do you know of that hasn't upgraded their systems since that time to allow for more efficiency savings, faster processing, reduced staff costs etc?
As one example, in the mid-2000s, I worked at a company whose main computer was built in 1988, with only minor upgrades (disk capacity, and a modem that was occasionally plugged in so it could be maintained remotely) since its construction. It had survived the obsolescence of its product line, the rise of DOS and Windows, and had only a minor stumble for Y2K. For a system whose primary purpose was tracking orders moving through departments, and tracking employees' time cards, it did the job perfectly well. That particular company was in the top 10% of the industry by order volume and profits, so it seems to have done just fine by most standards of "reasonable".
There's a lack of investment in this kind of system, plain and simple, being disguised as "government efficiency" by the republicans.
Again, to show the other perspective, there is grossly excessive spending in other kinds of systems, being disguised as "upgrades" by the Democrats.
I'm not promoting any particular political party here. Rather, my point is to illustrate that every partisan criticism in this thread has an equally-valid counterpoint that is too-often glossed over. When the Republicans shout about "spending", the Democrats shout "obsolescence". Nobody ever seems to want "get what's useful and nothing more", or "review the cost/benefit analysis for every component in the system".
I've worked for the federal government before, notably on one particular system whose lifespan was about 20 years. The system was designed and built to be state-of-the-art, using top-of-the-line COTS hardware available at the time (as a cost-saving measure, naturally). Ten years into the system life, those original components were obsolete, and being replaced with new top-of-the-line hardware, with the promises you mentioned: efficiency savings, faster processing, reduced costs, et cetera.
However, the basic workflow hadn't changed at all, and the software hadn't been rewritten (as that'd be prohibitively expensive), but only ported up to newer technologies. Even though each part of the process was indeed faster, the system as a whole hadn't changed significantly. It could run perfectly fine on modern (for the day) mid-grade or even low-end hardware, but because "upgrades" were seen as desirable, the system continued to be built with top-of-the-line parts, for about triple the cost.
Towards the end of the project lifespan, there was an effort to re-engineer it using minimal hardware, but by that point the idea had grown into something of a legend. The managers (and bureaucrats) who had seen the system's early versions and knew its original cost couldn't believe the system could actually run on such a low hardware budget. Every actual test was successful, but the mantra that "you get what you pay for" had become such an integral part of common sense that actually getting approval for a cost-efficient system was impossible. Eventually, my team ended up inflating our quoted costs to get approval, then delivering a working system under budget and getting extra praise.
That tale doesn't meet my idea of "reasonable", but it was definitely the reality that I saw.
Political flamebait works both ways. The other side of the coin is that Democrats set up overly complicated systems that can't work without an ever-increasing price tag, then complain (loudly) that they just aren't getting the support they need.
Let's move on.
When the Federal government is [involved], don't blame on intentional malice that which can be explained by...
...anything else.
Bureaucracy in general is a breeding ground for unintentional malice. There are literally thousands of people in the federal government with the ability to influence programs like this, and they often have conflicting priorities. Some are mostly concerned about the economic cost, thinking that a strong economy is the clearest path to "general welfare". Others want social support services, being of the opinion that minimizing hardship makes everyone's lives better. Some think that government should do as little as possible, allowing individuals to decide for themselves how to pursue happiness, while still others believe that a life led according to religious principles leads to a better eternity.
Those are only a few examples, and not terribly nuanced, either. People can have multiple opinions, conflicting opinions, and even different opinions for different subjects derived from the same principles. The representative government reflects the opinions of the people, and in a country of over 300 million people, it is perfectly reasonable to have a very complicated set of opinions in government.
The most that we as individuals can hope for is that occasionally, enough people agree on an issue that they'll do something matching one of our strong opinions.
They broke British laws, and when some of those leaders were caught in British territory, they were indeed made to face the punishments for their crimes.