Well, it's that stuff without business logic. Basically a GUI interface to a database, that you could have generated out of the SQL with a script. (I have created something like this myself as it's really simple.)
And all of that is rooted in math and Boolean logic. Representing the letter 'A' from the bits that make it up onto your screen is all math. SQL and UIs and everything else you see on your machine is built from thousands of those bits of math, each wrapped in semantically easier-to-understand layered abstractions. Just because some people don't remember that it takes math to decide to light up a pixel doesn't mean the math is gone, it's just very well abstracted so that people can understand it, reuse it, and build upon it.
Now, lets have that lead to jobs for the west, rather than simply giving the tech to China. All fo this American paid for RD, should require that the work stay in the west.
Do you really want to deny the West the advances in manufacturing that the Chinese have contributed?
[...]stupid as the idea that the mouse you use matters.
I disagree with that last sentiment, because the mouse definitely matters on one level. A cheap, generic, shipped-with-the-PC mouse flat out sucks. The buttons wear out, or the Teflon pads peel off. Much worse (and more subtle) is a mouse that's not very precise: I was having unexplained hand-cramps for a while until I realized I had to fine-tune every mouse click -- the cheapo mouse was not accurate, and I was subconsciously compensating for it with finger and hand muscles. I threw that mouse away and bought a decent optical mouse, and haven't had a problem since.
But no, I don't think any programmer ever needs a 27-button mouse with four scroll wheels, a built-in joystick, thumbprint scanner, and 128x80 OLED touch display, either. Two buttons plus a scroll wheel is pretty standard, and serves my purposes well. More buttons than that and not only does it bring an extra learning curve, but all the magical shortcuts and crutches are gone when you use someone else's vanilla mouse.
You guys are arguing like this is a boolean issue. It's not. I use corded mice for my desktops, and a Bluetooth mouse for my laptop. Both work flawlessly for me in each environment. The Bluetooth mouse is lighter and smaller than either of my corded mice (almost too light, as I prefer a bit of inertial feedback.) I've never had a reception issue with the Bluetooth mouse, and I've had it for over six months and have not had to change the batteries.
As for wired, cord routing isn't really a problem if you deal with it correctly. I use a binder clip with about a foot of free play between it and the mouse, and it's never been an issue since. And I do like the look of a lit-up mouse, which I can't get with a wireless mouse. (A glowing, battery-sucking mouse doesn't make much sense.)
Seriously, it's not worth getting all defensive over. There are easy solutions to the corded mouse problems. And spending about $40-$50 can get you a very reliable, very precise Bluetooth mouse. Paying $9.99 for a cheap-ass cordless mouse out of the bargain bin at Micro Center is going to set you up for serious disappointment. And I've found that paying $9.99 for a cheap-ass corded mouse can give me hand cramps. Don't be a cheap-ass and you won't have the problems.
I use google maps a lot, but I've also seen it come up with incredibly stupid ways of getting places. (Or not so stupid routes, but routes you would never give to someone unfamiliar with the area. Just too many backroads that are easy to miss)
My father-in-law complained that the "computer was no damn good" at finding directions. It wanted him to go 10 miles north, catch a state highway across the state, then head 10 miles south to his destination. He wanted to drive the straight-line county roads all the way across the state. I insisted that Google had provided a much better route, I showed him that Google figured the time into the calculation, and that the longer trip was actually 90 minutes faster than following his direct route. He continued to insist that the "computer don't know what it's talkin' about."
Finally I got him to admit the real problem: "well that route takes me past these weigh scales here." He needed a goat-trail route so he could take a crappy overloaded truck full of junk across the state with less chance of running into the commercial vehicle inspectors! I was not impressed.
This reminds me of a neat map trick I learned when I started riding a motorcycle. It's called the "String Test". It's a simple test: lay a piece of string along a road that has the mileage displayed on it, then measure the string on the provided map scale. If the printed distance is longer than the measured distance, that means the cartographer artificially straightened the road for the purpose of drawing the map. And that means it's a twisty, windy road, and will be a lot more fun on a motorcycle!
The twists and turns may be immaterial if your only purpose is to get from A to B, but different people have different purposes. On a bike, the fun comes from the ride, and freeways are flat and boring. In an truck, the purpose is to move cargo, and there a twisty road may indicate danger or even an impassable situation. Straight roads are more profitable.
It doesn't have to detect a "threat" and perform complex Identify Friend or Foe logic. All it has to do is trigger some signal that your real eye detects as motion. Your retina, brain, and body can process the rest.
Put another way, if we had evolved with a light sensing organ on the back of our heads that couldn't focus or discern shapes, but could at least give us some sense of motion, we wouldn't complain that it's useless because it's not reliable. It would keep predators from sneaking up on us, and we'd quickly adapt to dealing with the "false positives".
Or a risky implementation of racetrack memory. At least with the racetrack you don't lose your data if dust, a satellite or other debris passes between you and your mirror. And you have access latency of 10 ns instead of 10,000,000,000 ns.
Things have changed, at least for ordinary commercial accounts. Money transfers are done via web browser. And nobody except a couple of imaginative slashdotters said anything about USB drives -- TFA says only that it was a "zbot Trojan" but doesn't identify the infection path.
The auditors and security people obviously approved the "two people requirement" but failed to identify the weaknesses in the implementation. Yes, that's certainly a failing, but unless you have a CISSP on staff you probably don't even know that you need one. An auditor who learned his trade 25 years ago (and hasn't kept up his education) might not recognize what needs to be secured in this environment.
I don't know anyone who would be competent in that job who could be persuaded to relocate to Kentucky.
I know plenty of people who are out of work (through no fault of their own) and would relocate just about anywhere for a paycheck. When you've got a steadily growing pile of bills to pay and a kid to feed, you become less choosy.
They stole from someone who had a commercial account who installed their Trojan. It probably didn't matter to the thief if it was a county in Kentucky, a business in Miami, or a police department in New York. It was someone who had a bank balance of at least half a million dollars. And that someone had a crappy authentication scheme.
It seems like a crime of opportunity, like robbing the first armored car that drives by instead of waiting for one that just came from the Federal Reserve Bank with a load of newly minted money.
Idiots live everywhere (and keep in mind the plural of 'anecdote' isn't 'data'.) It might be that Kentucky has less money than other states, but I wouldn't say they're correspondingly "dumber" than other states.
Also, isn't that the same state that moron senator X is from?
My wife has long had to transfer money between various commercial accounts at her jobs. As far back as I can remember, the banks issued her RSA tokens which were required to authorize the transfers.
I can't imagine a commercial bank NOT using a secure crypto system with an air gap. If the county is concerned about two authorizations, so much the better: issue the judge his own token.
Even that could be compromised by a hacker who owned the treasurer's computer, but it would have been almost impossible to run the scam 500 times in a few days like this guy did.
Yahoo! does a lot more than just search or portal services. I wouldn't be surprised to learn if most of their revenue comes from providing secure web stores.
The world is filled with different kinds of people. Some can roll with the punches. Others are more vulnerable. Out of a group of a couple thousand, there will statistically be some who would kill themselves if things went horribly wrong. Did he murder them? No. Was he responsible for their deaths? Maybe ask a different question: would anyone else have been in a position to push them over that edge? Sure, it could have been anything or anyone else. But in this case it was Madoff who pushed.
I'd say he's more like an airline that deliberately didn't maintain their planes, and then had a crash. People who trusted him are dead as a result. But it's worse than criminal negligence resulting in death, because it was a deliberate, active fraud.
So no, I agree with you that he's not a murderer. But he's a menace to society, and deserves each of the 150 years he was given.
I like big grants and I can not lie
You other post-docs can't deny
That when a sponsor walks in with a stupid-ass proposal
A fat wallet at your disposal
You get sprung
Wanna pull up tough
Cuz you notice that purse was stuffed
Full of the cash you're needing
I'm hooked and I can't stop spending
Baby's got cash
Baby's got cash
Little in tha middle but she got big backers
And Google and Bing and Yahoo! have all cooperated with China (and other chronic human rights abusers) by censoring their search results.
I guess the U.S. government is just going to have to fall back to using Altavista for a search engine. Don't forget their motto: "Over one million pages indexed!"
These men are equally as dead as any two other murder victims, and were apparently in no trouble or danger prior to Madoff's criminal activity.
And just in case you want to blame the victims, consider the phrase "danger to society" doesn't necessarily mean "physical danger". Compare what he did to a mugger pointing a gun at you, but not shooting you: you might lose $200 bucks from your wallet, you might have crapped your pants, but you're still alive, and still have a job. Causing the collapse of hundreds of businesses, the unemployment of thousands, the destruction of retirement funds of tens of thousands of people -- I'd say he ranks right up there with any weapon of mass destruction in terms of the damage done to our society. "Danger to society" isn't exclusively the province of the barrel of a gun.
Prison is exactly the right place for him to spend the next 150 years. My only complaint is that he didn't start serving it when he began his fraud, which federal investigators place about 1975. He got to live too many good years outside of the gray bars.
Go ahead, move to a Scandinavian country. Regarding cold, it's overrated as a problem. As the temperature drops, you can always put on another layer of clothing and stay warm. But in a hot clime, there's only so much you can take off before you're roasting under the sun. Besides, the dramatic change in seasons is nice. You get very used to a rhythmic year of variations. And living in England you're used to the four seasons, although it never gets too hot or too cold. But if you go someplace tropical, the lack of variation in the weather can slowly drive you mad.
It's funny how you can seriously miss things that sound bad, like cold weather.
If I was a batshit crazy Islamic fundamentalist and random people on the train started ranting about Tom Bombadil not being in the film, I'd probably blow myself up just to shut them all up.
Not for everyone. Creating toxic waste by destroying a useful article may financially be the optimal choice, but it's objectionable on other grounds; morality, social responsibility. But apparently you don't think these matter.
My opinion matters some, in that I have a say in how my corporation disposes of some of our used equipment. But my post is not just our experience, it's an observation of how most big corporations do business, and how engineers and managers are taught to evaluate decisions like these. Corporations make most decisions based on money, because it's the only universal score card they know. Some corporations certainly try to "do good" or "be green", (or at least take credit for it when it's easy to do so) but that's still no excuse for being stupid or careless with sensitive or regulated data.
And I've seen people make all kinds of mistakes. When you're dealing with hundreds of locally contracted service people and installers, not every one turns out to be a rocket scientist. Simple instructions ("remove drive, record serial number on form, smash drive with big hammer, give smashed drive to supervisor, supervisor counts smashed drives, puts smashed drives in box") are the most reliable. The shipping errors, box confusion errors, all those are very real problems we've experienced. Smashing the drives on site is the most reliable protection mechanism we have. (Even though any remaining sensitive data would be public key encrypted, it's just not worth the risk.)
Personally, I think that the drives should be recycled instead of resold for a different reason: drives older than just a few years are not clean. They are not RoHS compliant. They are not energy inefficient. Their motors consume twice the power of newer drives, and if you're trying to achieve the same storage with four 100GB drives that you can do with a single terabyte drive, you're now wasting eight times as much electricity. I also think that buying old drives is a poor value: drives have a very finite lifetime, and the previous owner used up the best part of it. You're buying a pre-lit fuse.
Finally, you are all worried about "toxic waste". Yes, in this news story the drives were irresponsibly sent to a third-world country where they are being dumped on the ground and probably delivering heavy metal toxins to the local people's ground water. But I know there are smelters (at least here in the United States) who can responsibly recycle the components. It takes about 1% of the energy to recycle aluminum than it did to refine the ore. Smelters also recover gold and other precious metals from the slag. The lead is recovered. The silica is inert. Filters (when installed) can trap the particulates. It doesn't have to be a "dirty" process, if you're willing to pay for responsible disposal.
For example, I had a few dozen hard drives laying around my house and I decided to get rid of them earlier this year. Rather than try to spin them up and erase them all, I opened the cases, recovered the magnets, pulled the platters, stripped all circuit boards and any solder connections I saw, and brought them to the smelter. It cost me $0.15 per pound to dispose of the items that had lead (it totaled less than a dollar.) The rest of the pieces, copper wires, aluminum frames, steel bearings and such, all were accepted for free. It probably took me twenty minutes each to strip them, though; the instructions to do it would have been too complex for my manager let alone the dozens of remote install crews, and I don't know if a corporation would budget that much money for disposal.
I also now have an awesome collection of neodymium magnets!:-)
And it has cost: you have turned a useful piece of hardware into electronic waste.
That's the problem. You seem to be saying that "waste" and "cost" have some magically significant difference. But everything boils down to cost: smashing the drive into aluminum and glass and fiberglass shards costs you time, labor, disposal fees, and the lost opportunity to resell or reuse the device. Wiping the drive has a different cost: labor, tracking, and the risk that the drive will not be properly wiped before resale. My point is that risk has a higher cost than anything else above, by a very wide margin.*
(Whether or not a 10GB six-year-old hard disk has any actual "useful" value is a different discussion. And a smashed drive can certainly be recycled into component minerals, and does not have to pollute anything anywhere. Disposing of it in an ecologically responsible manner is always an option.)
Also keep in mind that this is not simply wiping and reselling a dozen drives from the sales department. With a company the size of Northrup Grumman, we might be talking about 30,000 drives a year from each round of desktop upgrades. That volume requires a well defined process to ensure that each and every drive is properly end-of-lifed.
I have a lot of experience watching Corporate America screwing up the simplest of tasks (including hard drive disposal.) So you hire a firm to wipe those drives but forget to ship them to him. Or the contractor in Tulsa who disconnects them from the desktop doesn't know about the wiping step. Or the instructions get confused and the shipper sends them from the desktop location directly to the reseller. Or the shipping label falls off the box and the drives end up at FedEx's lost-packages auction. Or the wiping guy you hire screws up pallet #37 and doesn't wipe them. Mistakes happen.
It doesn't matter if wiping is 100% effective or 99% effective, or if the NSA can or cannot recover the data. Failing to wipe the drive is the real risk; even a PBS reporter can recover unwiped data!
The best way to avoid those mistakes (to mitigate the risk) is to make the end-state for the drives be a slag furnace instead of a reseller. Even if the guy forgets to smash all of them, the next stop is to drop them in a vat of molten aluminum, not to send them to Ghana.
John
* The risk can be roughly calculated as: the chance that the wiping of a specific drive will be missed, times the number of drives to wipe, divided by the percent of drives that might have value on them, times the cost of the exposure of that valuable data. If you're a government contractor with Top Secret data on a drive, that cost might be the value of your entire business plus penalties plus jail time. If you're a retailer the cost might be lawsuits from Visa and a bunch of angry customers. If you're at home with a drive full of the kid's homework and some downloaded games, the cost might be nothing.
While destroying the HD physically is a solution, it prevents the drive being reused.
Destroying the drive physically has a benefit beyond the obvious that the data is rendered unrecoverable. The more critical benefit is that if you have two crates of disk drives to destroy, you can look at them and know that the crate full of smashed drives is the "done" crate. That's especially important when you have an unskilled labor pool doing the work. You post a guy at the door with a clipboard ensuring only smashed drives are allowed to leave the building. It doesn't take a computer scientist to do that job correctly.
Wiping the drive and selling it has much less benefit than you might think. The value of the used drive is tiny -- especially since you still have to pay someone to track it through the wiping process, and you have to pay someone to wipe it. When you finally sell it, you might make a dollar or two at most.
Compared to the cost of the risk of losing data, it's a false economy to think that salvaging drives is a smart choice. Just the legal costs Northrup Grumman is about to go through over this one far exceeds the amount of money they have now or ever will make selling used drives.
Well, it's that stuff without business logic. Basically a GUI interface to a database, that you could have generated out of the SQL with a script. (I have created something like this myself as it's really simple.)
And all of that is rooted in math and Boolean logic. Representing the letter 'A' from the bits that make it up onto your screen is all math. SQL and UIs and everything else you see on your machine is built from thousands of those bits of math, each wrapped in semantically easier-to-understand layered abstractions. Just because some people don't remember that it takes math to decide to light up a pixel doesn't mean the math is gone, it's just very well abstracted so that people can understand it, reuse it, and build upon it.
Now, lets have that lead to jobs for the west, rather than simply giving the tech to China. All fo this American paid for RD, should require that the work stay in the west.
Do you really want to deny the West the advances in manufacturing that the Chinese have contributed?
It's a global economy now. Get used to it.
[...]stupid as the idea that the mouse you use matters.
I disagree with that last sentiment, because the mouse definitely matters on one level. A cheap, generic, shipped-with-the-PC mouse flat out sucks. The buttons wear out, or the Teflon pads peel off. Much worse (and more subtle) is a mouse that's not very precise: I was having unexplained hand-cramps for a while until I realized I had to fine-tune every mouse click -- the cheapo mouse was not accurate, and I was subconsciously compensating for it with finger and hand muscles. I threw that mouse away and bought a decent optical mouse, and haven't had a problem since.
But no, I don't think any programmer ever needs a 27-button mouse with four scroll wheels, a built-in joystick, thumbprint scanner, and 128x80 OLED touch display, either. Two buttons plus a scroll wheel is pretty standard, and serves my purposes well. More buttons than that and not only does it bring an extra learning curve, but all the magical shortcuts and crutches are gone when you use someone else's vanilla mouse.
You guys are arguing like this is a boolean issue. It's not. I use corded mice for my desktops, and a Bluetooth mouse for my laptop. Both work flawlessly for me in each environment. The Bluetooth mouse is lighter and smaller than either of my corded mice (almost too light, as I prefer a bit of inertial feedback.) I've never had a reception issue with the Bluetooth mouse, and I've had it for over six months and have not had to change the batteries.
As for wired, cord routing isn't really a problem if you deal with it correctly. I use a binder clip with about a foot of free play between it and the mouse, and it's never been an issue since. And I do like the look of a lit-up mouse, which I can't get with a wireless mouse. (A glowing, battery-sucking mouse doesn't make much sense.)
Seriously, it's not worth getting all defensive over. There are easy solutions to the corded mouse problems. And spending about $40-$50 can get you a very reliable, very precise Bluetooth mouse. Paying $9.99 for a cheap-ass cordless mouse out of the bargain bin at Micro Center is going to set you up for serious disappointment. And I've found that paying $9.99 for a cheap-ass corded mouse can give me hand cramps. Don't be a cheap-ass and you won't have the problems.
I use google maps a lot, but I've also seen it come up with incredibly stupid ways of getting places. (Or not so stupid routes, but routes you would never give to someone unfamiliar with the area. Just too many backroads that are easy to miss)
My father-in-law complained that the "computer was no damn good" at finding directions. It wanted him to go 10 miles north, catch a state highway across the state, then head 10 miles south to his destination. He wanted to drive the straight-line county roads all the way across the state. I insisted that Google had provided a much better route, I showed him that Google figured the time into the calculation, and that the longer trip was actually 90 minutes faster than following his direct route. He continued to insist that the "computer don't know what it's talkin' about."
Finally I got him to admit the real problem: "well that route takes me past these weigh scales here." He needed a goat-trail route so he could take a crappy overloaded truck full of junk across the state with less chance of running into the commercial vehicle inspectors! I was not impressed.
This reminds me of a neat map trick I learned when I started riding a motorcycle. It's called the "String Test". It's a simple test: lay a piece of string along a road that has the mileage displayed on it, then measure the string on the provided map scale. If the printed distance is longer than the measured distance, that means the cartographer artificially straightened the road for the purpose of drawing the map. And that means it's a twisty, windy road, and will be a lot more fun on a motorcycle!
The twists and turns may be immaterial if your only purpose is to get from A to B, but different people have different purposes. On a bike, the fun comes from the ride, and freeways are flat and boring. In an truck, the purpose is to move cargo, and there a twisty road may indicate danger or even an impassable situation. Straight roads are more profitable.
It doesn't have to detect a "threat" and perform complex Identify Friend or Foe logic. All it has to do is trigger some signal that your real eye detects as motion. Your retina, brain, and body can process the rest.
Put another way, if we had evolved with a light sensing organ on the back of our heads that couldn't focus or discern shapes, but could at least give us some sense of motion, we wouldn't complain that it's useless because it's not reliable. It would keep predators from sneaking up on us, and we'd quickly adapt to dealing with the "false positives".
Or a risky implementation of racetrack memory. At least with the racetrack you don't lose your data if dust, a satellite or other debris passes between you and your mirror. And you have access latency of 10 ns instead of 10,000,000,000 ns.
Carrying a cellphone isn't displaying any expectation of privacy. By having it, you're explicitly granting permission for people to find you.
Things have changed, at least for ordinary commercial accounts. Money transfers are done via web browser. And nobody except a couple of imaginative slashdotters said anything about USB drives -- TFA says only that it was a "zbot Trojan" but doesn't identify the infection path.
The auditors and security people obviously approved the "two people requirement" but failed to identify the weaknesses in the implementation. Yes, that's certainly a failing, but unless you have a CISSP on staff you probably don't even know that you need one. An auditor who learned his trade 25 years ago (and hasn't kept up his education) might not recognize what needs to be secured in this environment.
I don't know anyone who would be competent in that job who could be persuaded to relocate to Kentucky.
I know plenty of people who are out of work (through no fault of their own) and would relocate just about anywhere for a paycheck. When you've got a steadily growing pile of bills to pay and a kid to feed, you become less choosy.
They stole from someone who had a commercial account who installed their Trojan. It probably didn't matter to the thief if it was a county in Kentucky, a business in Miami, or a police department in New York. It was someone who had a bank balance of at least half a million dollars. And that someone had a crappy authentication scheme.
It seems like a crime of opportunity, like robbing the first armored car that drives by instead of waiting for one that just came from the Federal Reserve Bank with a load of newly minted money.
Idiots live everywhere (and keep in mind the plural of 'anecdote' isn't 'data'.) It might be that Kentucky has less money than other states, but I wouldn't say they're correspondingly "dumber" than other states.
Also, isn't that the same state that moron senator X is from?
That pretty much describes all 50 states.
My wife has long had to transfer money between various commercial accounts at her jobs. As far back as I can remember, the banks issued her RSA tokens which were required to authorize the transfers.
I can't imagine a commercial bank NOT using a secure crypto system with an air gap. If the county is concerned about two authorizations, so much the better: issue the judge his own token.
Even that could be compromised by a hacker who owned the treasurer's computer, but it would have been almost impossible to run the scam 500 times in a few days like this guy did.
Yahoo! does a lot more than just search or portal services. I wouldn't be surprised to learn if most of their revenue comes from providing secure web stores.
The world is filled with different kinds of people. Some can roll with the punches. Others are more vulnerable. Out of a group of a couple thousand, there will statistically be some who would kill themselves if things went horribly wrong. Did he murder them? No. Was he responsible for their deaths? Maybe ask a different question: would anyone else have been in a position to push them over that edge? Sure, it could have been anything or anyone else. But in this case it was Madoff who pushed.
I'd say he's more like an airline that deliberately didn't maintain their planes, and then had a crash. People who trusted him are dead as a result. But it's worse than criminal negligence resulting in death, because it was a deliberate, active fraud.
So no, I agree with you that he's not a murderer. But he's a menace to society, and deserves each of the 150 years he was given.
I like big grants and I can not lie
You other post-docs can't deny
That when a sponsor walks in with a stupid-ass proposal
A fat wallet at your disposal
You get sprung
Wanna pull up tough
Cuz you notice that purse was stuffed
Full of the cash you're needing
I'm hooked and I can't stop spending
Baby's got cash
Baby's got cash
Little in tha middle but she got big backers
And Google and Bing and Yahoo! have all cooperated with China (and other chronic human rights abusers) by censoring their search results.
I guess the U.S. government is just going to have to fall back to using Altavista for a search engine. Don't forget their motto: "Over one million pages indexed!"
There were at least two people who took their own lives directly because of their losses from his theft:
These men are equally as dead as any two other murder victims, and were apparently in no trouble or danger prior to Madoff's criminal activity.
And just in case you want to blame the victims, consider the phrase "danger to society" doesn't necessarily mean "physical danger". Compare what he did to a mugger pointing a gun at you, but not shooting you: you might lose $200 bucks from your wallet, you might have crapped your pants, but you're still alive, and still have a job. Causing the collapse of hundreds of businesses, the unemployment of thousands, the destruction of retirement funds of tens of thousands of people -- I'd say he ranks right up there with any weapon of mass destruction in terms of the damage done to our society. "Danger to society" isn't exclusively the province of the barrel of a gun.
Prison is exactly the right place for him to spend the next 150 years. My only complaint is that he didn't start serving it when he began his fraud, which federal investigators place about 1975. He got to live too many good years outside of the gray bars.
Go ahead, move to a Scandinavian country. Regarding cold, it's overrated as a problem. As the temperature drops, you can always put on another layer of clothing and stay warm. But in a hot clime, there's only so much you can take off before you're roasting under the sun. Besides, the dramatic change in seasons is nice. You get very used to a rhythmic year of variations. And living in England you're used to the four seasons, although it never gets too hot or too cold. But if you go someplace tropical, the lack of variation in the weather can slowly drive you mad.
It's funny how you can seriously miss things that sound bad, like cold weather.
Your imagination
We can fix that. Your appointment with O'Brian in Room 101 is scheduled for tomorrow morning at 8:00 AM. Don't be late.
If I was a batshit crazy Islamic fundamentalist and random people on the train started ranting about Tom Bombadil not being in the film, I'd probably blow myself up just to shut them all up.
But everything boils down to cost:
Not for everyone. Creating toxic waste by destroying a useful article may financially be the optimal choice, but it's objectionable on other grounds; morality, social responsibility. But apparently you don't think these matter.
My opinion matters some, in that I have a say in how my corporation disposes of some of our used equipment. But my post is not just our experience, it's an observation of how most big corporations do business, and how engineers and managers are taught to evaluate decisions like these. Corporations make most decisions based on money, because it's the only universal score card they know. Some corporations certainly try to "do good" or "be green", (or at least take credit for it when it's easy to do so) but that's still no excuse for being stupid or careless with sensitive or regulated data.
And I've seen people make all kinds of mistakes. When you're dealing with hundreds of locally contracted service people and installers, not every one turns out to be a rocket scientist. Simple instructions ("remove drive, record serial number on form, smash drive with big hammer, give smashed drive to supervisor, supervisor counts smashed drives, puts smashed drives in box") are the most reliable. The shipping errors, box confusion errors, all those are very real problems we've experienced. Smashing the drives on site is the most reliable protection mechanism we have. (Even though any remaining sensitive data would be public key encrypted, it's just not worth the risk.)
Personally, I think that the drives should be recycled instead of resold for a different reason: drives older than just a few years are not clean. They are not RoHS compliant. They are not energy inefficient. Their motors consume twice the power of newer drives, and if you're trying to achieve the same storage with four 100GB drives that you can do with a single terabyte drive, you're now wasting eight times as much electricity. I also think that buying old drives is a poor value: drives have a very finite lifetime, and the previous owner used up the best part of it. You're buying a pre-lit fuse.
Finally, you are all worried about "toxic waste". Yes, in this news story the drives were irresponsibly sent to a third-world country where they are being dumped on the ground and probably delivering heavy metal toxins to the local people's ground water. But I know there are smelters (at least here in the United States) who can responsibly recycle the components. It takes about 1% of the energy to recycle aluminum than it did to refine the ore. Smelters also recover gold and other precious metals from the slag. The lead is recovered. The silica is inert. Filters (when installed) can trap the particulates. It doesn't have to be a "dirty" process, if you're willing to pay for responsible disposal.
For example, I had a few dozen hard drives laying around my house and I decided to get rid of them earlier this year. Rather than try to spin them up and erase them all, I opened the cases, recovered the magnets, pulled the platters, stripped all circuit boards and any solder connections I saw, and brought them to the smelter. It cost me $0.15 per pound to dispose of the items that had lead (it totaled less than a dollar.) The rest of the pieces, copper wires, aluminum frames, steel bearings and such, all were accepted for free. It probably took me twenty minutes each to strip them, though; the instructions to do it would have been too complex for my manager let alone the dozens of remote install crews, and I don't know if a corporation would budget that much money for disposal.
I also now have an awesome collection of neodymium magnets! :-)
Destroying the drive physically has a benefit ...
And it has cost: you have turned a useful piece of hardware into electronic waste.
That's the problem. You seem to be saying that "waste" and "cost" have some magically significant difference. But everything boils down to cost: smashing the drive into aluminum and glass and fiberglass shards costs you time, labor, disposal fees, and the lost opportunity to resell or reuse the device. Wiping the drive has a different cost: labor, tracking, and the risk that the drive will not be properly wiped before resale. My point is that risk has a higher cost than anything else above, by a very wide margin.*
(Whether or not a 10GB six-year-old hard disk has any actual "useful" value is a different discussion. And a smashed drive can certainly be recycled into component minerals, and does not have to pollute anything anywhere. Disposing of it in an ecologically responsible manner is always an option.)
Also keep in mind that this is not simply wiping and reselling a dozen drives from the sales department. With a company the size of Northrup Grumman, we might be talking about 30,000 drives a year from each round of desktop upgrades. That volume requires a well defined process to ensure that each and every drive is properly end-of-lifed.
I have a lot of experience watching Corporate America screwing up the simplest of tasks (including hard drive disposal.) So you hire a firm to wipe those drives but forget to ship them to him. Or the contractor in Tulsa who disconnects them from the desktop doesn't know about the wiping step. Or the instructions get confused and the shipper sends them from the desktop location directly to the reseller. Or the shipping label falls off the box and the drives end up at FedEx's lost-packages auction. Or the wiping guy you hire screws up pallet #37 and doesn't wipe them. Mistakes happen.
It doesn't matter if wiping is 100% effective or 99% effective, or if the NSA can or cannot recover the data. Failing to wipe the drive is the real risk; even a PBS reporter can recover unwiped data!
The best way to avoid those mistakes (to mitigate the risk) is to make the end-state for the drives be a slag furnace instead of a reseller. Even if the guy forgets to smash all of them, the next stop is to drop them in a vat of molten aluminum, not to send them to Ghana.
John
* The risk can be roughly calculated as: the chance that the wiping of a specific drive will be missed, times the number of drives to wipe, divided by the percent of drives that might have value on them, times the cost of the exposure of that valuable data. If you're a government contractor with Top Secret data on a drive, that cost might be the value of your entire business plus penalties plus jail time. If you're a retailer the cost might be lawsuits from Visa and a bunch of angry customers. If you're at home with a drive full of the kid's homework and some downloaded games, the cost might be nothing.
While destroying the HD physically is a solution, it prevents the drive being reused.
Destroying the drive physically has a benefit beyond the obvious that the data is rendered unrecoverable. The more critical benefit is that if you have two crates of disk drives to destroy, you can look at them and know that the crate full of smashed drives is the "done" crate. That's especially important when you have an unskilled labor pool doing the work. You post a guy at the door with a clipboard ensuring only smashed drives are allowed to leave the building. It doesn't take a computer scientist to do that job correctly.
Wiping the drive and selling it has much less benefit than you might think. The value of the used drive is tiny -- especially since you still have to pay someone to track it through the wiping process, and you have to pay someone to wipe it. When you finally sell it, you might make a dollar or two at most.
Compared to the cost of the risk of losing data, it's a false economy to think that salvaging drives is a smart choice. Just the legal costs Northrup Grumman is about to go through over this one far exceeds the amount of money they have now or ever will make selling used drives.