Not the experience in Texas, where deregulation has pushed the price of electricity down so far that some of the companies that originally pushed for deregulation are starting to publicly discuss some level of regulation. (Also, the Texas grid is pretty reliable, and those people able to choose their providers don't seem to complain that much about contact methods.)
At least in the US, most (all?) states that experience severe temperature dips in the winter have provisions preventing utilities from cutting off service no matter the payment status until spring to prevent exactly what you're talking about.
Deregulation isn't an automatic panacea (see California's semi-deregulation of the late '90s/early 2000's), but it's also not an automatic disaster.
The international jihadi movement was fragmented in the 60s, 70s, and 80s, but it started to coalesce around two groups in the 90s: al-Qaeda and the Taliban. (Hamas and Hezbollah are mostly specific to a Israel/Palestine and Lebanon, respectively, with a little bit of overlap to neighboring states.) Since then, the movement has been fragmenting again: Boko Haram arose in Nigeria, ISIS in Iraq (out of what was once al-Qaeda in Iraq), and the Taliban have split at least once and maybe twice. Al-Qaeda has tried to reinvent itself, with reports of strategic changes limiting acts against civilians (particularly Muslims) and an attempt to portray themselves as somewhat more gentle than they were, especially in the face of the savagery that ISIS has taken up.
But with all of the attention to al-Qaeda over the years, the leadership really has dwindled, and their ability to adequately train operatives to undertake attacks against Western targets has similarly declined. The group has also proved to be far less adept at social media than is ISIS, limiting their recruiting capability for both front line forces and leadership. Most of their recruits come from areas that don't have strong connections to the outside world, limiting recruitment to more personal means. ISIS is also widely seen as the more effective group, since it's taken territory across large swaths of Iraq and Syria (though word of their losses has not been widely reported in the media and the group isn't keen to play them up), while al-Qaeda's holdings are mostly limited to small parts of Syria, Somalia, and Yemen.
I would not be at all surprised to see that al-Qaeda ultimately outlives ISIS. The former has more experience surviving losses than the latter, which has changed names about a dozen times since forming in the late 1990s as it keeps reinventing itself.
There are several dozen distros that have not moved to systemd. You're free to use any of them.
Tutorials become outdated. This happens with Windows tutorials, Linux tutorials, and BSD tutorials. It's the nature of the moving target that is technology. The ones you mention might still work on some distros, but not on some of those that have moved to systemd.
They do, but not in the form they used to run. Once a relatively tight-knit group (if large at several hundred individuals), they've mostly allowed their name to be used by other groups (al-Qaeda in Iraq [now ISIS after a falling-out], in the Islamic Maghreb, in Yemen, etc.) that theoretically follow their cause. They're not completely incapacitated, but their ability to operate in modern economies has been severely hampered.
And that's good for BSD, but it's still a shrinking number of people. If there are as many holdouts as are claimed, we should be seeing a striking rise in the use of non-systemd distros, or of BSD variants, but so far as I can tell, we don't really see that.
And even if I sincerely doubt that systemd, as you are implying, is responsible for the increased usage of those distributions
You're probably right. The use of those distros is partially responsible for the rise of systemd, not really the other way around. Most admins don't care. They just want something that works, and systemd-based distros work well enough for them, and so systemd becomes more common because it comes with the distros they use.
Do you break into systems without getting permission first? If so, I do hope your attorney's retainer is paid up.
I get the issue here, that an elections office is ridiculously insecure and that it can literally have a national effect after what happened in 2000. That doesn't grant permission for someone to break in. He should have known better, he seems to have said he should have known better, and there are established ways for handling these kinds of issues if you choose to undertake these activities. But if you do go that route and you get caught, you're extremely likely to face a judge.
People here are trusting that all he did was dump and test some creds, but is that where he stopped? Did he get any internal creds? Did he leave any code behind? Did he alter any internal data? What if this had been someone from a presidential campaign? Slashdot would be climbing over itself calling for heads to roll because of course someone did something untoward, even if they did exactly what Levin has purportedly done.
You're a vocal minority that is shrinking. I know several Linux admins who have changed their minds about systemd once they started writing scripts for it.
Ubuntu, RHEL/CentOS, Fedora, Debian, openSUSE, Arch, and Mint all default to systemd, are planning to, or have it as the only option in the most recent versions. Gentoo maintains it as an option. Among major distros (for various definitions of "major") only Slackware seems not to have moved yet. One could call Amazon Linux AMI a major distro given its relatively widespread use, but IIRC it's based on RHEL6, so the next version could easily use systemd.
That list will grow as other software starts using systemd by default instead of an option. You can continue resisting systemd, but it will require a great deal of ongoing work to do so.
I'm in favor of whistleblower protection laws, and that they should be extended to contractors. But whistleblowers are almost always insiders in some form.
Levin is not a whistleblower. He's a random outsider who happens to have some testing skills. The flaw should be fixed, and the county should get a pen test from a reputable company. But he still broke the law, and appears to have admitted as much. Whether he gets a plea deal, or can present a successful defense, is up to the DA and his defense counsel.
Excellent point. Thank you. I will use this later when others suggest that they should get access to some government property because the people own it.
"...when the person knows or should reasonably believe that the other will regard the contact as offensive or provocative."
If the other person knew that a piano was falling toward him and couldn't move, there's a reasonable belief that he would want to be moved out of the way and would not regard such contact as "offensive or provocative."
"...willful and unlawful use of force..."
Assault first, battery second. If there's no assault because there's no intent to harm, there's no battery.
I've done pen tests against county governments before. I even got permission before doing it!
You won't get permission to do it without a contract. You can get permission if they're looking for someone to do it. If you're that gung-ho about it, be the low bidder.
No, a single quote to see what happens is rattling the doorknob (which if a cop sees you doing it can itself be grounds for attempted breaking an entering). Actually modifying the SQL statement to potentially return data you're not supposed to see is against the law.
Where do you draw the line on good intent? What if someone gets in and changes the results because they believe that the otherwise-winning candidate would be a disaster for the county or state or country?
Yeah, it's unfortunate that we have to have these laws, but it's better that we have them than that we don't. For the better part of a decade, quiet disclosure has been possible and performed. He should have done it this time.
You're thinking of malicious intent, and that's not how the laws are always written. Someone walking on to a property with no intent except to shorten their walking time (like crossing an empty lot) is guilty of trespass if they have been told not to do it, or if there are "no trespassing" signs posted. Good or ill will has nothing to do with whether someone is guilty.
Likewise, hacking laws don't have to involve malicious intent. From the CFAA (18 USC 1030(a)(2)(C):
'Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer shall be punished as provided in subsection (c) of this section.'
Whether you think it's a good or bad law, it's still the law, and no malicious intent is required. The intent is not malicious, but just to gain higher access than allowed. All that has to happen is for someone to seek greater access than they're allowed, whether express or implied. Most states have similar laws.
A lot of these groups do get pen tests. Unfortunately, they're not always good pen tests. This is very much a field where you get what you pay for, and a lot of "pen testers" are working for pen test puppy mills making $20/hr (if that, especially if they're overseas). They run Nessus and Metasploit, and if they can't get in, they call it secure.
There should be some minimum standards, but it's really difficult to effectively measure that. You can get known good companies, but you risk shutting own good people who are breaking out on their own. Trying to make a list of acceptable companies that can test in is at least as difficult, as the test environment will eventually leak, and even requiring certifications can be hard because in some cases, it's not difficult to fake who is taking the test.
Yes, you stop poking and send something through one channel or another. You don't keep trying to see how far you can get.
I'm in the same field as Levin. I have no sympathy for him because the first rule of our field is "Get permission!" I have occasionally seen iffy things on sites, but I don't go probing them. I send an email with what I see with an explanation of how I saw it and how it could be accidentally discovered, and then leave it at that.
Parks was a calculated test case. She was part of a plan to get arrested so that the issue could be taken to the Supreme Court. She knew there was a risk of arrest, conviction, and punishment, and that it was likely but not guaranteed that appeals would be accepted.
Assange has done nothing legally wrong pertaining to his receipt and possession of classified information. As a citizen of Australia and having a presence in Sweden and the UK at the time, he was not subject to US jurisdiction. Even if he had been in the US, it's questionable whether receipt and possession of such material in the absence of taking an oath as an employee or member of the military would make him subject to espionage laws. (Doesn't mean the US wouldn't attempt a trial.)
Manning knew what she was doing and that she could get burned doing it.
Felt also knew he could get burned, and that's why he took such serious precautions and kept quiet for three decades.
Ellsberg likewise knew what kind of trouble he could and did get into. The government screwed up a fairly easy case by illegally gathering evidence that resulted in the trial being too badly tainted to continue, and charges were dismissed.
Assault involves intent to harm. Example from California Penal Code Section 240:
"An assault is an unlawful attempt, coupled with a present ability, to commit a violent injury on the person of another."
An attempt to commit a violent injury is an action undertaken with the intent to harm. Pushing someone out of the way of danger is not an intent to harm but an intent to prevent harm. Assault does not apply.
Throwing a single quote in a field and having it throw an error isn't the same thing as dumping credentials, which is what Levin did. That takes a modicum of effort and involves an intent to access data that is not intended to be public.
Not high treason, but he did break the law. It's one of the risks of being a whisteblower: you do something that's going to piss off powerful people, and you often have to break the law to do it. As much as I appreciate what Snowden did, he still should stand trial. The problem is that there is a high likelihood that his version of motive will get suppressed at trial.
Breaking into or executing code on a system without permission is a criminal offense. Even if he was doing it ostensibly for the greater good, Levin should know better (and a tweet from him suggests that he knows he should have known better). The courts aren't going to let this slide just because he's a "good guy," because that sets a bad precedent.
If you're going to try to break into a system, get permission. If you absolutely must do it without permission, use a burner name and address to make the notification, or go through an attorney to make the notification.
You're talking about 18 USC 2071. That wouldn't block election to the presidency. The Constitution runs supreme over everything else; a statutory prohibition to holding office of the president due to a violation of criminal law would be above and beyond the requirements set in the Constitution, and therefore void.
There's precedent for this, too. In the 1990s, a bunch of states added term limits to their congressional representatives, but the Supreme Court overturned these in 1995, saying that states couldn't add requirements not present in the Constitution. Even earlier, in Powell v. McCormack, the Supreme Court found that "the Constitution leaves the House without authority to exclude any person, duly elected by his constituents, who meets all the requirements for membership expressly prescribed in the Constitution." A footnote extends this holding to include the Senate. Other cases have held that felons can seek the office of the president even if state laws barring felons from holding public office would preclude them from doing so, and felons have run for president.
Prof. Seth Barrett Tillman goes into much more detail at this Washington Post article where he responded to claims by former Attorney General Michael Mukasey that Clinton would be barred from office under 18 USC 2071. For his part, Mukasey demurred, saying that Tillman was correct and that if elected, Clinton could serve as president.
A criminal conviction does not legally bar one from running for or being elected president. Here is the entire list of qualifications required:
"No Person except a natural born Citizen, or a Citizen of the United States, at the time of the Adoption of this Constitution, shall be eligible to the Office of President; neither shall any Person be eligible to that Office who shall not have attained to the Age of thirty five Years, and been fourteen Years a Resident within the United States."
Natural born citizen, 35 years or older, and 14 years a resident of the United States.
Felons generally aren't viewed favorably and so usually don't get far, but if they got enough votes, they can be president.
Slashdot Mirror
Not the experience in Texas, where deregulation has pushed the price of electricity down so far that some of the companies that originally pushed for deregulation are starting to publicly discuss some level of regulation. (Also, the Texas grid is pretty reliable, and those people able to choose their providers don't seem to complain that much about contact methods.)
At least in the US, most (all?) states that experience severe temperature dips in the winter have provisions preventing utilities from cutting off service no matter the payment status until spring to prevent exactly what you're talking about.
Deregulation isn't an automatic panacea (see California's semi-deregulation of the late '90s/early 2000's), but it's also not an automatic disaster.
The international jihadi movement was fragmented in the 60s, 70s, and 80s, but it started to coalesce around two groups in the 90s: al-Qaeda and the Taliban. (Hamas and Hezbollah are mostly specific to a Israel/Palestine and Lebanon, respectively, with a little bit of overlap to neighboring states.) Since then, the movement has been fragmenting again: Boko Haram arose in Nigeria, ISIS in Iraq (out of what was once al-Qaeda in Iraq), and the Taliban have split at least once and maybe twice. Al-Qaeda has tried to reinvent itself, with reports of strategic changes limiting acts against civilians (particularly Muslims) and an attempt to portray themselves as somewhat more gentle than they were, especially in the face of the savagery that ISIS has taken up.
But with all of the attention to al-Qaeda over the years, the leadership really has dwindled, and their ability to adequately train operatives to undertake attacks against Western targets has similarly declined. The group has also proved to be far less adept at social media than is ISIS, limiting their recruiting capability for both front line forces and leadership. Most of their recruits come from areas that don't have strong connections to the outside world, limiting recruitment to more personal means. ISIS is also widely seen as the more effective group, since it's taken territory across large swaths of Iraq and Syria (though word of their losses has not been widely reported in the media and the group isn't keen to play them up), while al-Qaeda's holdings are mostly limited to small parts of Syria, Somalia, and Yemen.
I would not be at all surprised to see that al-Qaeda ultimately outlives ISIS. The former has more experience surviving losses than the latter, which has changed names about a dozen times since forming in the late 1990s as it keeps reinventing itself.
There are several dozen distros that have not moved to systemd. You're free to use any of them.
Tutorials become outdated. This happens with Windows tutorials, Linux tutorials, and BSD tutorials. It's the nature of the moving target that is technology. The ones you mention might still work on some distros, but not on some of those that have moved to systemd.
They do, but not in the form they used to run. Once a relatively tight-knit group (if large at several hundred individuals), they've mostly allowed their name to be used by other groups (al-Qaeda in Iraq [now ISIS after a falling-out], in the Islamic Maghreb, in Yemen, etc.) that theoretically follow their cause. They're not completely incapacitated, but their ability to operate in modern economies has been severely hampered.
And that's good for BSD, but it's still a shrinking number of people. If there are as many holdouts as are claimed, we should be seeing a striking rise in the use of non-systemd distros, or of BSD variants, but so far as I can tell, we don't really see that.
You're probably right. The use of those distros is partially responsible for the rise of systemd, not really the other way around. Most admins don't care. They just want something that works, and systemd-based distros work well enough for them, and so systemd becomes more common because it comes with the distros they use.
Do you break into systems without getting permission first? If so, I do hope your attorney's retainer is paid up.
I get the issue here, that an elections office is ridiculously insecure and that it can literally have a national effect after what happened in 2000. That doesn't grant permission for someone to break in. He should have known better, he seems to have said he should have known better, and there are established ways for handling these kinds of issues if you choose to undertake these activities. But if you do go that route and you get caught, you're extremely likely to face a judge.
People here are trusting that all he did was dump and test some creds, but is that where he stopped? Did he get any internal creds? Did he leave any code behind? Did he alter any internal data? What if this had been someone from a presidential campaign? Slashdot would be climbing over itself calling for heads to roll because of course someone did something untoward, even if they did exactly what Levin has purportedly done.
Yes, I am. When you make your living in this field, permission is the key to everything. Even port scans are usually preceded by permission.
Verbal assault involves an attempt at emotional or psychological harm.
You're a vocal minority that is shrinking. I know several Linux admins who have changed their minds about systemd once they started writing scripts for it.
Ubuntu, RHEL/CentOS, Fedora, Debian, openSUSE, Arch, and Mint all default to systemd, are planning to, or have it as the only option in the most recent versions. Gentoo maintains it as an option. Among major distros (for various definitions of "major") only Slackware seems not to have moved yet. One could call Amazon Linux AMI a major distro given its relatively widespread use, but IIRC it's based on RHEL6, so the next version could easily use systemd.
That list will grow as other software starts using systemd by default instead of an option. You can continue resisting systemd, but it will require a great deal of ongoing work to do so.
I'm in favor of whistleblower protection laws, and that they should be extended to contractors. But whistleblowers are almost always insiders in some form.
Levin is not a whistleblower. He's a random outsider who happens to have some testing skills. The flaw should be fixed, and the county should get a pen test from a reputable company. But he still broke the law, and appears to have admitted as much. Whether he gets a plea deal, or can present a successful defense, is up to the DA and his defense counsel.
Excellent point. Thank you. I will use this later when others suggest that they should get access to some government property because the people own it.
"...when the person knows or should reasonably believe that the other will regard the contact as offensive or provocative."
If the other person knew that a piano was falling toward him and couldn't move, there's a reasonable belief that he would want to be moved out of the way and would not regard such contact as "offensive or provocative."
"...willful and unlawful use of force..."
Assault first, battery second. If there's no assault because there's no intent to harm, there's no battery.
In neither case is a law broken.
I've done pen tests against county governments before. I even got permission before doing it!
You won't get permission to do it without a contract. You can get permission if they're looking for someone to do it. If you're that gung-ho about it, be the low bidder.
No, a single quote to see what happens is rattling the doorknob (which if a cop sees you doing it can itself be grounds for attempted breaking an entering). Actually modifying the SQL statement to potentially return data you're not supposed to see is against the law.
Where do you draw the line on good intent? What if someone gets in and changes the results because they believe that the otherwise-winning candidate would be a disaster for the county or state or country?
Yeah, it's unfortunate that we have to have these laws, but it's better that we have them than that we don't. For the better part of a decade, quiet disclosure has been possible and performed. He should have done it this time.
You're thinking of malicious intent, and that's not how the laws are always written. Someone walking on to a property with no intent except to shorten their walking time (like crossing an empty lot) is guilty of trespass if they have been told not to do it, or if there are "no trespassing" signs posted. Good or ill will has nothing to do with whether someone is guilty.
Likewise, hacking laws don't have to involve malicious intent. From the CFAA (18 USC 1030(a)(2)(C):
'Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer shall be punished as provided in subsection (c) of this section.'
Whether you think it's a good or bad law, it's still the law, and no malicious intent is required. The intent is not malicious, but just to gain higher access than allowed. All that has to happen is for someone to seek greater access than they're allowed, whether express or implied. Most states have similar laws.
A lot of these groups do get pen tests. Unfortunately, they're not always good pen tests. This is very much a field where you get what you pay for, and a lot of "pen testers" are working for pen test puppy mills making $20/hr (if that, especially if they're overseas). They run Nessus and Metasploit, and if they can't get in, they call it secure.
There should be some minimum standards, but it's really difficult to effectively measure that. You can get known good companies, but you risk shutting own good people who are breaking out on their own. Trying to make a list of acceptable companies that can test in is at least as difficult, as the test environment will eventually leak, and even requiring certifications can be hard because in some cases, it's not difficult to fake who is taking the test.
Yes, you stop poking and send something through one channel or another. You don't keep trying to see how far you can get.
I'm in the same field as Levin. I have no sympathy for him because the first rule of our field is "Get permission!" I have occasionally seen iffy things on sites, but I don't go probing them. I send an email with what I see with an explanation of how I saw it and how it could be accidentally discovered, and then leave it at that.
Parks was a calculated test case. She was part of a plan to get arrested so that the issue could be taken to the Supreme Court. She knew there was a risk of arrest, conviction, and punishment, and that it was likely but not guaranteed that appeals would be accepted.
Assange has done nothing legally wrong pertaining to his receipt and possession of classified information. As a citizen of Australia and having a presence in Sweden and the UK at the time, he was not subject to US jurisdiction. Even if he had been in the US, it's questionable whether receipt and possession of such material in the absence of taking an oath as an employee or member of the military would make him subject to espionage laws. (Doesn't mean the US wouldn't attempt a trial.)
Manning knew what she was doing and that she could get burned doing it.
Felt also knew he could get burned, and that's why he took such serious precautions and kept quiet for three decades.
Ellsberg likewise knew what kind of trouble he could and did get into. The government screwed up a fairly easy case by illegally gathering evidence that resulted in the trial being too badly tainted to continue, and charges were dismissed.
Assault involves intent to harm. Example from California Penal Code Section 240:
"An assault is an unlawful attempt, coupled with a present ability, to commit a violent injury on the person of another."
An attempt to commit a violent injury is an action undertaken with the intent to harm. Pushing someone out of the way of danger is not an intent to harm but an intent to prevent harm. Assault does not apply.
Throwing a single quote in a field and having it throw an error isn't the same thing as dumping credentials, which is what Levin did. That takes a modicum of effort and involves an intent to access data that is not intended to be public.
Not high treason, but he did break the law. It's one of the risks of being a whisteblower: you do something that's going to piss off powerful people, and you often have to break the law to do it. As much as I appreciate what Snowden did, he still should stand trial. The problem is that there is a high likelihood that his version of motive will get suppressed at trial.
Breaking into or executing code on a system without permission is a criminal offense. Even if he was doing it ostensibly for the greater good, Levin should know better (and a tweet from him suggests that he knows he should have known better). The courts aren't going to let this slide just because he's a "good guy," because that sets a bad precedent.
If you're going to try to break into a system, get permission. If you absolutely must do it without permission, use a burner name and address to make the notification, or go through an attorney to make the notification.
You're talking about 18 USC 2071. That wouldn't block election to the presidency. The Constitution runs supreme over everything else; a statutory prohibition to holding office of the president due to a violation of criminal law would be above and beyond the requirements set in the Constitution, and therefore void.
There's precedent for this, too. In the 1990s, a bunch of states added term limits to their congressional representatives, but the Supreme Court overturned these in 1995, saying that states couldn't add requirements not present in the Constitution. Even earlier, in Powell v. McCormack, the Supreme Court found that "the Constitution leaves the House without authority to exclude any person, duly elected by his constituents, who meets all the requirements for membership expressly prescribed in the Constitution." A footnote extends this holding to include the Senate. Other cases have held that felons can seek the office of the president even if state laws barring felons from holding public office would preclude them from doing so, and felons have run for president.
Prof. Seth Barrett Tillman goes into much more detail at this Washington Post article where he responded to claims by former Attorney General Michael Mukasey that Clinton would be barred from office under 18 USC 2071. For his part, Mukasey demurred, saying that Tillman was correct and that if elected, Clinton could serve as president.
A criminal conviction does not legally bar one from running for or being elected president. Here is the entire list of qualifications required:
"No Person except a natural born Citizen, or a Citizen of the United States, at the time of the Adoption of this Constitution, shall be eligible to the Office of President; neither shall any Person be eligible to that Office who shall not have attained to the Age of thirty five Years, and been fourteen Years a Resident within the United States."
Natural born citizen, 35 years or older, and 14 years a resident of the United States.
Felons generally aren't viewed favorably and so usually don't get far, but if they got enough votes, they can be president.