there is nothing illegal about a service provider handing over their own data
The Electronic Communications Privacy Act (ECPA) disagrees with you. This law restricts what communications information can be shared with government agencies. It still makes it too easy for the government to get information, but it at least requires the FBI to certify that the information requested is part of a counterterrorism investigation (in that case no judicial intervention is required). The report in the article points out that the FBI was not even following the ridiculously easy rules laid out by the ECPA and the phone companies were still providing information.
The ECPA laws were definitely violated. The phone company is guilty for not insisting that the letter of the law be followed. The FBI is also guilty for being lax in its policies and for flat out lying in many cases.
The implication is that if the users were not skimming Google News' headlines, they would instead be skimming them on the content provider's site, and whether or not they actually found an article of interest, the provider would end up with the view and the ad dollar.
The funny thing is that they are dead wrong in this. There is no way I would regularly browse the websites of my local news sources. Why? They are crappy sites. They throw popups at me and have these silly flashy animating ads that are of no interest to me. Why would I subject myself to that? Google provides an excellent alternative to that horrid experience. Without Google (or some other reasonable news aggregator), I would just go without those sources. I can do that because there are plenty of places to see the AP headlines and plenty of alternatives that provide greater depth of coverage (e.g. Newsweek, Time, The Economist, etc.).
Is Google News hurting the big players? I don't care; I only care about my own selfish needs. I don't cry when McDonalds takes business away from Burger King so why should I care about Reuters? If they are losing the competition for eyeballs, they need to step up and provide something more compelling.
When covering daily news, there is only so much the papers can do. The impact on the Massachusetts Senate election on the health care bill, Haiti, and the Virginia shooting really are the big stories of the day. The problem isn't the theme of the stories; it is that most articles are puff pieces that provide little additional information above what is in the headline. They throw in a few predictable quotes from the press conference and call it a story. There is no depth or investigation or significant background.
I am finding that I much prefer something like The Economist. It comes out once a week, but it provides a ton of background and analysis to go along with it. Combining a weeks worth of headlines and background into a single coherent story is a huge value and a better use of my time.
Well, there actually isn't a contract. Copyright provides monopolistic control of a work for a period of time. That is it. The receiver of those benefits has no duty or obligation to do anything when copyright expires.
You are right that CBS is being completely stupid in what it is doing (and I have written to them to complain), but they have no legal obligation to preserve anything.
But since there is no contract, there is no obligation by the people to preserve the length of the copyright protections. Congress is free to recognize that sleazebags like CBS do not need extraordinary lengths of time to exploit their copyrights. CBS enjoys their copyright protections because they have been granted by the voters through Congress. They should realize that arbitrarily pissing people off could result in a political backlash that could hurt them.
And economics. Economics is not a science, and never will be!
Why not? People making economic decisions are (mostly) rational. They have reasons for spending money the way that they do. When you aggregate all of these decisions, you get an economy. Economics is just trying to understand how people make their decisions (microeconomics) and what the results of these decisions are at a larger scale (macroeconomics). This certainly is something that can be rigorously studied and analyzed. Whether you call it science or not depends on your precise definition of science, I guess.
The main problem with economics is in its misuse. People want economics to predict interest rates, revenue growth, etc, but that is impossible. The entire economic system is complex and self-modifying and the mathematical models are a not-very-good approximation of that.
Economics is terrible at predicting the future, but it is great at understanding the past. What other field can help us understand the economic collapse in the Great Depression? By studying these types of cycles, economists can identify some patterns that we can apply to policies to help reduce these kinds of cycles. And when those policies prove to be imperfect, economists can study why and offer further improvements, ad nauseam.
I am familiar with Climategate. There is a reason that there is so much controversy surrounding it, and that is because it is unusual. It is not normal for academics to arbitrarily exclude papers that they disagree with. No one claims the system is perfect. Any system that has humans making decisions will have bias no matter how hard we try to eliminate it, but isolated incidents of abuse does not mean that peer review is broken.
I'm no climatologist, but it looks to me like the Climategate folks were trying to forcefully exclude bad papers from their report. It isn't necessarily wrong that the papers got rejected, but it is wrong that they were not subjected to peer review. The process really needs to be followed, even for crap science. (I certainly expect that when I submit my crap to a conference.)
WTF The Economist's editorial staff doesn't understand math?
Having looked at that paper and the text surrounding the formula, I wouldn't say that I understand it and I almost certainly have a better math background than the editors at The Economist. It isn't that the formula is incomprehensible; it isn't. The formula is pretty straightforward, but that doesn't mean it is easy to understand. There are not many people on the planet qualified to judge the suitability of the formula for calculating temperature trends. The Economist is making the claim that the climate-change sceptic Willis Eschenbach is not one of those people and that seems like a reasonable claim. Eschenbach is claiming, with no basis, that the formula is an arbitrary adjustment to force a desired trend. The Economist article is stating that until a peer-reviewed journal publishes a paper that backs Eschenbach's claim, it just isn't worth the time fighting over this.
That is very well said. The bottom line is that if I became King of the World and had to make decisions affecting the environment, I really only have three choices:
1. Become an expert myself. This is totally impractical because it takes too long and I have a huge range of other responsibilities.
2. Listen to lots of random people and make decisions based on which things I hear sound right. The upside is that I will hear an extremely diverse set of opinions and that the best option will likely be submitted to me. The downside is that many of the opinions are baseless claims by crackpots or people with selfish interests.
3. Listen to the opinions of experts whose sole job is to study and test these issues. Baseless ideas will not pass this filter and so I will be presented with a narrower range of views, but the best options should still be present. The major issue here is making sure the experts are really experts and that they have no other axe to grind.
Of these options, it seems like 3 is the most reasonable option and that is what our current peer review process is. It is always reasonable to question the expertise of the experts, but that same questioning should be targetted at random bloggers, too.
I don't think you understand what peer-reviewed means. In a peer-reviewed journal, a submitted paper is sent to a small number of experts in the field. These experts carefully review the paper and submit a report to the editor (or conference organizer). This report addresses originality, importance, clarity, and soundness of the research. The authors get a chance to respond to the criticisms and a decision is then made to accept or reject the paper. This is definitely not censorship of the masses. People regularly accept papers that challenge their own research.
In the case of scientific research, being outdated is not an issue. This isn't like a weekly news magazine. Real research takes a long time to do and it can take quite a while just to even fully digest a scientific paper. Peer-review certainly increases the latency of getting a paper published, but the benefit is that bad papers with unsubstantiated ideas do not waste a lot of people's time. This is important because it means that people know that when a respected journal published a paper, it is worth reading.
The way it works (in the US) is that Congress allocates funds for research in general. Agencies like the NSF (National Science Foundation), DARPA, etc actually administer the grants. They take applications and decide which are the best ideas that should be funded. The people running these agencies are academics, not politicos. For example, the National Science Board, which oversees the NSF, is listed here. While these groups control which projects get funded, they do not control the results of the research. If a funded project disproved existing theory, it is up to peer reviewed journals to publish or not.
A common criticism of the system is that it encourages a sort of orthodoxy in research. So if the NSF things "dark matter" is a great explanation, then projects which try to find alternative explanations may receive less funding because it is viewed as a waste. This is unfortunate, but there is not enough money to fund all the possible projects so some sort of prioritization must be made. It is much better to have experts do this, even though they have biases.
If the political parties really had that much control of research funding and the results of that research, you would expect that over the last several years you would see lots of peer reviewed research disproving human caused climate change. After all, Republicans were running congress and the White House for a long time.
This is for a kid, not a professional scientist. Pen and paper was good enough for Newton, so I'm sure it will work out fine for the kinds of experiments a kid will likely do. Even for many professionals, a notebook is very valuable. Archaeologists are known to have problems using software to accurately represent stratigraphic data and they often just draw things out by hand.
Pen and paper are still used by many professionals so I see no reason to make a kid jump through hoops to learn a word processor or spreadsheet when he can just write the stuff down.
So let him defend himself. It's not that hard, and the judge is required to ensure that the proceedings are fair, and that the gov't doesn't abuse its' position.
With all due respect, you are crazy. It really is that hard. The legal machine is incredibly complex and you absolutely need an expert on your side. Without knowing about the rules of evidence, you are liable to end up having exonerating evidence being ruled inadmissible. How could you possibly know when and how to object to evidence that should not be admitted? Judges make sure the proceedings are fair, but each side must make their own case and that often involves researching previous decisions for precedence.
This isn't small claims court. This is a huge undertaking for an untrained lay person and even a small mistake can leave you in jail for years.
Yes, and this is indistinguishable from the concept of "a server," which makes the "cloud" part of "private cloud" even more meaningless than usual. As I said.
This is incorrect. The cloud makes the server an abstraction. From the perspective of the user, it looks like you have the same server you have always had. In reality, the cloud could have your virtual server sharing hardware with other servers. The cloud can then migrate virtual servers to achieve the most efficient usage of hardware based on current usage. The cloud can also provide for temporary servers to be turned on and off on demand without requiring an internal department to requisition the hardware.
The cloud gives you what appears to be a server but it does it far more efficiently than having each server be a separate box. Don't let all the hype around "cloud computing" tempt you into thinking that there is no substance. There really is value in finding efficient ways to use the vast amount of computing resources that large organizations tend to acquire over time.
the important part is that you're handing total control over your data to a third party
There is nothing inherently wrong with trusting third parties. Trusting others is the basis for our modern society. We all trust others for critical things like water, food, and electricity. If I can trust others to provide this for me, surely I should be able to trust someone to store some bits for me.
The issue is finding a trustworthy third party. I won't argue whether Google is trustworthy or not, but in this case they sure seem to be stupid. It seems ridiculous for them to be scanning documents to see whether they are acceptable or not. A good "cloud provider" should simply focus on storing things reliably and leave the judgement of appropriateness to the users.
In a 4 year program, there is only room for a few senior level computer science electives. Almost all programs will offer a Database course but it usually will not be required. As an undergrad, I took OS, Computer Graphics, Programming Languages, and Distributed Computing as my electives. I don't see where a Database course would have necessarily been a better choice than any of these (and I have since taken a grad-level Database class). There are many jobs out there that require very little use of a database so there is no reason to expect every graduate to know about them. They really aren't that hard to learn, either. Most of what I was taught in class I had already picked up on the job by reading documentation and playing with a real database application.
Patents on software are immoral, as is locking up your source code
Software patents (and other forms of stupid patents) are not morality issues. It is just stupid policy to allow dumb patents. It does not further innovation and in fact just wastes people's time and energy. There are plenty of ways to argue against these bad patents, but claiming they are immoral is a stretch and just causes people to dismiss the issue.
The same can be said of deciding whether to release the source code to a program or not. If I write a piece of software, what I do with it is my business. If I want to hide the source code, that is up to me and I am not immoral by doing so. I might be stupid or short sighted or naive, but I am not immoral.
Morality is not just a question of whether you like something or not. I think buying lottery tickets is dumb, but not immoral.
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Because no one has tried to do it. My car has never been stolen. It is not because I have a super secure system on it; it is because no one has tried. Anyone who knew what he was doing, could drive off in that thing in 30 seconds. On September 10, 2001, many people would have said that if our planes were so vulnerable to being hijacked and being used as missles, how come no one had done it? After all, Al-Qaeda had been attacking us in various places for years.
I would imagine that there are governments that have the knowledge and capability to launch an attack on our infrastructure, but there is no reason to do this. The US is a major trading partner with everyone who would have this capability so there is nothing to gain right now. There probably are not a lot of non-government groups that have the knowledge and capability necessary for this kind of attack, but that might change one day.
Things like this make me wonder why mission- and life-critical systems are (presumably) set up on Internet-facing systems.
No one is stupid enough to intentionally setup critical systems on an internet facing network. What happens is that there ends up being some link between the secure and externally facing networks. This could be due to network misconfiguration or transferring a laptop from one network to the other or accidentally plugging something into the wrong network. It takes a lot of work to guarantee that things are properly segregated and the utility companies just don't want to do that.
Those with the ability to secure the system need to be the ones paying for breeches.
The bad thing now is that if you were going to create a risk model for this, the utility companies have very few benefits to gain. If they secure themselves, it will cost them money and lower profits. Since their competitors are not doing this, investors will punish them for being less profitable than everyone else. On top of that securing their infrastructure only reduces their risk; it doesn't eliminate it.
So what happens if they are successfully attacked? If there is physical destruction, they will appeal to the government for relief and they will get it because they are "too big to fail". Most of the costs for a security breach can be transferred to the government so why spend money on prevention? The economics of securing the infrastructure is so bad that the rational decision is not to spend any money on prevention and that needs to be changed.
Their greed was not checked by adequate government oversight.
I'm not sure that more government oversight would have avoided this latest crisis. The key problem is that risk was not appropriately priced. I.e. companies were able to make risky bets without having a clear idea of the risk. Since companies were making tons of money on the risky behavior, it forced other companies to try to match those profits. Since almost everyone was making the same risky bets, when things went south, there were no strong companies around to benefit from the stupidity of others, which is what free markets depend on.
Without an accurate risk model, it doesn't matter how much government oversight is involved. I don't see anything to indicate that any of the regulatory agencies understood the risks that were being taken. I think that better accounting rules that make risky bets negatively affect your financial statements would allow investors to reward companies that can make money without being stupid.
Surely there must be some security regulations there?
I think that is the whole point of the 60 Minutes report. You would think there would be basic security regulations and penalties for not following them and auditors to check on this. You would be wrong. If we had all of this, there would be nothing for 60 Minutes to report.
Social engineering is a threat, but it really isn't that dangerous because you still have the capability of getting the power system back up and running within a day or so. Social engineering will cause the power stations to go offline in a nice orderly fashion.
A good attack on the power control systems can actually set parameters such that a power generator will physically destroy itself. The 60 Minutes report showed a video of this being done. If that were to happen, you could have large portions of the country with no power generation capabilities at all because every generator is destroyed and getting replacements could take months. Rolling blackouts and brownouts are inconveniences but remote destruction of power stations is exponentially more expensive.
As we all should know by now, impenetrable security doesn't exist. What we should probably have is tighter backup power for essential services and places like hospitals, where local redundancy could help in the face of a remote 'hacker' type attack
Places where there is a lot of danger for people without electrical power don't need billions spent on the security of their power systems. They need redundancy, generators in their buildings that could be used to keep people alive, batteries, and common sense.
This isn't about impenetrable security. This is about taking basic precautions about known attack vectors. For example, many of these systems are not fail safe so an attacker can actually cause a generator to physically destroy itself. Since these generators are very specialized pieces of equipment, you don't just go to Home Depot and pick up another one.
It is not enough to protect hospitals, etc. A prolonged loss of power to the northern part of the US in the depths of winter would be devastating. Even with backup power supplies, no one has plans to deal with a month of no electricity.
This isn't about spending money on fear. It is about naively ignoring a threat and hoping it will never happen. We need to find a way to force utility companies to take these threats seriously and the only way to do that is to have financial penalties for lax security.
easily go get a job on Wall Street. Then he could make millions just as unethically, but legally.
It still isn't that easy because of competition. On Wall Street, there are thousands of ruthless, smart people who would do anything to be super rich. Don't be fooled by what you see in the media. Most people on Wall Street are not super rich just like most actors in Hollywood are not super stars. The vast majority are working really hard to give themselves a chance to hit it big. Being super smart and super unethical doesn't make you special on Wall Street. By being a spammer, he didn't have competition so it was easy.
If that's the case, then why do I need to get mine in the form of a degree-shaped rubber stamp from a Socially Approved Education Provider (TM)?
Because then no one would believe that you had the education that you claimed. It would be too easy to lie and exaggerate about your learning. The degree is just a statement from experts in a field that you have proven some sort of knowledge in the field.
It is also hard to become an expert on you own. Sure, you can read all the right materials, but how do you know what to read? How can you sort the wheat from the chaff in a field when you are not an expert? This is the true value that education is providing. It can point you to the most essential elements to learning a new field.
If you just want to learn for the sake of learning, then study what you want and be happy without your degree. You really only need the degree if you need to prove to others that you have studied something.
Slashdot Mirror
there is nothing illegal about a service provider handing over their own data
The Electronic Communications Privacy Act (ECPA) disagrees with you. This law restricts what communications information can be shared with government agencies. It still makes it too easy for the government to get information, but it at least requires the FBI to certify that the information requested is part of a counterterrorism investigation (in that case no judicial intervention is required). The report in the article points out that the FBI was not even following the ridiculously easy rules laid out by the ECPA and the phone companies were still providing information.
The ECPA laws were definitely violated. The phone company is guilty for not insisting that the letter of the law be followed. The FBI is also guilty for being lax in its policies and for flat out lying in many cases.
The implication is that if the users were not skimming Google News' headlines, they would instead be skimming them on the content provider's site, and whether or not they actually found an article of interest, the provider would end up with the view and the ad dollar.
The funny thing is that they are dead wrong in this. There is no way I would regularly browse the websites of my local news sources. Why? They are crappy sites. They throw popups at me and have these silly flashy animating ads that are of no interest to me. Why would I subject myself to that? Google provides an excellent alternative to that horrid experience. Without Google (or some other reasonable news aggregator), I would just go without those sources. I can do that because there are plenty of places to see the AP headlines and plenty of alternatives that provide greater depth of coverage (e.g. Newsweek, Time, The Economist, etc.).
Is Google News hurting the big players? I don't care; I only care about my own selfish needs. I don't cry when McDonalds takes business away from Burger King so why should I care about Reuters? If they are losing the competition for eyeballs, they need to step up and provide something more compelling.
When covering daily news, there is only so much the papers can do. The impact on the Massachusetts Senate election on the health care bill, Haiti, and the Virginia shooting really are the big stories of the day. The problem isn't the theme of the stories; it is that most articles are puff pieces that provide little additional information above what is in the headline. They throw in a few predictable quotes from the press conference and call it a story. There is no depth or investigation or significant background.
I am finding that I much prefer something like The Economist. It comes out once a week, but it provides a ton of background and analysis to go along with it. Combining a weeks worth of headlines and background into a single coherent story is a huge value and a better use of my time.
There's a social contract at work
Well, there actually isn't a contract. Copyright provides monopolistic control of a work for a period of time. That is it. The receiver of those benefits has no duty or obligation to do anything when copyright expires.
You are right that CBS is being completely stupid in what it is doing (and I have written to them to complain), but they have no legal obligation to preserve anything.
But since there is no contract, there is no obligation by the people to preserve the length of the copyright protections. Congress is free to recognize that sleazebags like CBS do not need extraordinary lengths of time to exploit their copyrights. CBS enjoys their copyright protections because they have been granted by the voters through Congress. They should realize that arbitrarily pissing people off could result in a political backlash that could hurt them.
And economics. Economics is not a science, and never will be!
Why not? People making economic decisions are (mostly) rational. They have reasons for spending money the way that they do. When you aggregate all of these decisions, you get an economy. Economics is just trying to understand how people make their decisions (microeconomics) and what the results of these decisions are at a larger scale (macroeconomics). This certainly is something that can be rigorously studied and analyzed. Whether you call it science or not depends on your precise definition of science, I guess.
The main problem with economics is in its misuse. People want economics to predict interest rates, revenue growth, etc, but that is impossible. The entire economic system is complex and self-modifying and the mathematical models are a not-very-good approximation of that.
Economics is terrible at predicting the future, but it is great at understanding the past. What other field can help us understand the economic collapse in the Great Depression? By studying these types of cycles, economists can identify some patterns that we can apply to policies to help reduce these kinds of cycles. And when those policies prove to be imperfect, economists can study why and offer further improvements, ad nauseam.
I am familiar with Climategate. There is a reason that there is so much controversy surrounding it, and that is because it is unusual. It is not normal for academics to arbitrarily exclude papers that they disagree with. No one claims the system is perfect. Any system that has humans making decisions will have bias no matter how hard we try to eliminate it, but isolated incidents of abuse does not mean that peer review is broken.
I'm no climatologist, but it looks to me like the Climategate folks were trying to forcefully exclude bad papers from their report. It isn't necessarily wrong that the papers got rejected, but it is wrong that they were not subjected to peer review. The process really needs to be followed, even for crap science. (I certainly expect that when I submit my crap to a conference.)
WTF The Economist's editorial staff doesn't understand math?
Having looked at that paper and the text surrounding the formula, I wouldn't say that I understand it and I almost certainly have a better math background than the editors at The Economist. It isn't that the formula is incomprehensible; it isn't. The formula is pretty straightforward, but that doesn't mean it is easy to understand. There are not many people on the planet qualified to judge the suitability of the formula for calculating temperature trends. The Economist is making the claim that the climate-change sceptic Willis Eschenbach is not one of those people and that seems like a reasonable claim. Eschenbach is claiming, with no basis, that the formula is an arbitrary adjustment to force a desired trend. The Economist article is stating that until a peer-reviewed journal publishes a paper that backs Eschenbach's claim, it just isn't worth the time fighting over this.
That is very well said. The bottom line is that if I became King of the World and had to make decisions affecting the environment, I really only have three choices:
1. Become an expert myself. This is totally impractical because it takes too long and I have a huge range of other responsibilities.
2. Listen to lots of random people and make decisions based on which things I hear sound right. The upside is that I will hear an extremely diverse set of opinions and that the best option will likely be submitted to me. The downside is that many of the opinions are baseless claims by crackpots or people with selfish interests.
3. Listen to the opinions of experts whose sole job is to study and test these issues. Baseless ideas will not pass this filter and so I will be presented with a narrower range of views, but the best options should still be present. The major issue here is making sure the experts are really experts and that they have no other axe to grind.
Of these options, it seems like 3 is the most reasonable option and that is what our current peer review process is. It is always reasonable to question the expertise of the experts, but that same questioning should be targetted at random bloggers, too.
I don't think you understand what peer-reviewed means. In a peer-reviewed journal, a submitted paper is sent to a small number of experts in the field. These experts carefully review the paper and submit a report to the editor (or conference organizer). This report addresses originality, importance, clarity, and soundness of the research. The authors get a chance to respond to the criticisms and a decision is then made to accept or reject the paper. This is definitely not censorship of the masses. People regularly accept papers that challenge their own research.
In the case of scientific research, being outdated is not an issue. This isn't like a weekly news magazine. Real research takes a long time to do and it can take quite a while just to even fully digest a scientific paper. Peer-review certainly increases the latency of getting a paper published, but the benefit is that bad papers with unsubstantiated ideas do not waste a lot of people's time. This is important because it means that people know that when a respected journal published a paper, it is worth reading.
The way it works (in the US) is that Congress allocates funds for research in general. Agencies like the NSF (National Science Foundation), DARPA, etc actually administer the grants. They take applications and decide which are the best ideas that should be funded. The people running these agencies are academics, not politicos. For example, the National Science Board, which oversees the NSF, is listed here. While these groups control which projects get funded, they do not control the results of the research. If a funded project disproved existing theory, it is up to peer reviewed journals to publish or not.
A common criticism of the system is that it encourages a sort of orthodoxy in research. So if the NSF things "dark matter" is a great explanation, then projects which try to find alternative explanations may receive less funding because it is viewed as a waste. This is unfortunate, but there is not enough money to fund all the possible projects so some sort of prioritization must be made. It is much better to have experts do this, even though they have biases.
If the political parties really had that much control of research funding and the results of that research, you would expect that over the last several years you would see lots of peer reviewed research disproving human caused climate change. After all, Republicans were running congress and the White House for a long time.
This is for a kid, not a professional scientist. Pen and paper was good enough for Newton, so I'm sure it will work out fine for the kinds of experiments a kid will likely do. Even for many professionals, a notebook is very valuable. Archaeologists are known to have problems using software to accurately represent stratigraphic data and they often just draw things out by hand.
Pen and paper are still used by many professionals so I see no reason to make a kid jump through hoops to learn a word processor or spreadsheet when he can just write the stuff down.
So let him defend himself. It's not that hard, and the judge is required to ensure that the proceedings are fair, and that the gov't doesn't abuse its' position.
With all due respect, you are crazy. It really is that hard. The legal machine is incredibly complex and you absolutely need an expert on your side. Without knowing about the rules of evidence, you are liable to end up having exonerating evidence being ruled inadmissible. How could you possibly know when and how to object to evidence that should not be admitted? Judges make sure the proceedings are fair, but each side must make their own case and that often involves researching previous decisions for precedence.
This isn't small claims court. This is a huge undertaking for an untrained lay person and even a small mistake can leave you in jail for years.
Yes, and this is indistinguishable from the concept of "a server," which makes the "cloud" part of "private cloud" even more meaningless than usual. As I said.
This is incorrect. The cloud makes the server an abstraction. From the perspective of the user, it looks like you have the same server you have always had. In reality, the cloud could have your virtual server sharing hardware with other servers. The cloud can then migrate virtual servers to achieve the most efficient usage of hardware based on current usage. The cloud can also provide for temporary servers to be turned on and off on demand without requiring an internal department to requisition the hardware.
The cloud gives you what appears to be a server but it does it far more efficiently than having each server be a separate box. Don't let all the hype around "cloud computing" tempt you into thinking that there is no substance. There really is value in finding efficient ways to use the vast amount of computing resources that large organizations tend to acquire over time.
the important part is that you're handing total control over your data to a third party
There is nothing inherently wrong with trusting third parties. Trusting others is the basis for our modern society. We all trust others for critical things like water, food, and electricity. If I can trust others to provide this for me, surely I should be able to trust someone to store some bits for me.
The issue is finding a trustworthy third party. I won't argue whether Google is trustworthy or not, but in this case they sure seem to be stupid. It seems ridiculous for them to be scanning documents to see whether they are acceptable or not. A good "cloud provider" should simply focus on storing things reliably and leave the judgement of appropriateness to the users.
In a 4 year program, there is only room for a few senior level computer science electives. Almost all programs will offer a Database course but it usually will not be required. As an undergrad, I took OS, Computer Graphics, Programming Languages, and Distributed Computing as my electives. I don't see where a Database course would have necessarily been a better choice than any of these (and I have since taken a grad-level Database class). There are many jobs out there that require very little use of a database so there is no reason to expect every graduate to know about them. They really aren't that hard to learn, either. Most of what I was taught in class I had already picked up on the job by reading documentation and playing with a real database application.
Patents on software are immoral, as is locking up your source code
Software patents (and other forms of stupid patents) are not morality issues. It is just stupid policy to allow dumb patents. It does not further innovation and in fact just wastes people's time and energy. There are plenty of ways to argue against these bad patents, but claiming they are immoral is a stretch and just causes people to dismiss the issue.
The same can be said of deciding whether to release the source code to a program or not. If I write a piece of software, what I do with it is my business. If I want to hide the source code, that is up to me and I am not immoral by doing so. I might be stupid or short sighted or naive, but I am not immoral.
Morality is not just a question of whether you like something or not. I think buying lottery tickets is dumb, but not immoral.
Yet it hasn't happened here or Western Europe or most modern Asian countries. Why?
Because no one has tried to do it. My car has never been stolen. It is not because I have a super secure system on it; it is because no one has tried. Anyone who knew what he was doing, could drive off in that thing in 30 seconds. On September 10, 2001, many people would have said that if our planes were so vulnerable to being hijacked and being used as missles, how come no one had done it? After all, Al-Qaeda had been attacking us in various places for years.
I would imagine that there are governments that have the knowledge and capability to launch an attack on our infrastructure, but there is no reason to do this. The US is a major trading partner with everyone who would have this capability so there is nothing to gain right now. There probably are not a lot of non-government groups that have the knowledge and capability necessary for this kind of attack, but that might change one day.
Things like this make me wonder why mission- and life-critical systems are (presumably) set up on Internet-facing systems.
No one is stupid enough to intentionally setup critical systems on an internet facing network. What happens is that there ends up being some link between the secure and externally facing networks. This could be due to network misconfiguration or transferring a laptop from one network to the other or accidentally plugging something into the wrong network. It takes a lot of work to guarantee that things are properly segregated and the utility companies just don't want to do that.
Those with the ability to secure the system need to be the ones paying for breeches.
The bad thing now is that if you were going to create a risk model for this, the utility companies have very few benefits to gain. If they secure themselves, it will cost them money and lower profits. Since their competitors are not doing this, investors will punish them for being less profitable than everyone else. On top of that securing their infrastructure only reduces their risk; it doesn't eliminate it.
So what happens if they are successfully attacked? If there is physical destruction, they will appeal to the government for relief and they will get it because they are "too big to fail". Most of the costs for a security breach can be transferred to the government so why spend money on prevention? The economics of securing the infrastructure is so bad that the rational decision is not to spend any money on prevention and that needs to be changed.
Their greed was not checked by adequate government oversight.
I'm not sure that more government oversight would have avoided this latest crisis. The key problem is that risk was not appropriately priced. I.e. companies were able to make risky bets without having a clear idea of the risk. Since companies were making tons of money on the risky behavior, it forced other companies to try to match those profits. Since almost everyone was making the same risky bets, when things went south, there were no strong companies around to benefit from the stupidity of others, which is what free markets depend on.
Without an accurate risk model, it doesn't matter how much government oversight is involved. I don't see anything to indicate that any of the regulatory agencies understood the risks that were being taken. I think that better accounting rules that make risky bets negatively affect your financial statements would allow investors to reward companies that can make money without being stupid.
Surely there must be some security regulations there?
I think that is the whole point of the 60 Minutes report. You would think there would be basic security regulations and penalties for not following them and auditors to check on this. You would be wrong. If we had all of this, there would be nothing for 60 Minutes to report.
Social engineering is a threat, but it really isn't that dangerous because you still have the capability of getting the power system back up and running within a day or so. Social engineering will cause the power stations to go offline in a nice orderly fashion.
A good attack on the power control systems can actually set parameters such that a power generator will physically destroy itself. The 60 Minutes report showed a video of this being done. If that were to happen, you could have large portions of the country with no power generation capabilities at all because every generator is destroyed and getting replacements could take months. Rolling blackouts and brownouts are inconveniences but remote destruction of power stations is exponentially more expensive.
As we all should know by now, impenetrable security doesn't exist. What we should probably have is tighter backup power for essential services and places like hospitals, where local redundancy could help in the face of a remote 'hacker' type attack
Places where there is a lot of danger for people without electrical power don't need billions spent on the security of their power systems. They need redundancy, generators in their buildings that could be used to keep people alive, batteries, and common sense.
This isn't about impenetrable security. This is about taking basic precautions about known attack vectors. For example, many of these systems are not fail safe so an attacker can actually cause a generator to physically destroy itself. Since these generators are very specialized pieces of equipment, you don't just go to Home Depot and pick up another one.
It is not enough to protect hospitals, etc. A prolonged loss of power to the northern part of the US in the depths of winter would be devastating. Even with backup power supplies, no one has plans to deal with a month of no electricity.
This isn't about spending money on fear. It is about naively ignoring a threat and hoping it will never happen. We need to find a way to force utility companies to take these threats seriously and the only way to do that is to have financial penalties for lax security.
easily go get a job on Wall Street. Then he could make millions just as unethically, but legally.
It still isn't that easy because of competition. On Wall Street, there are thousands of ruthless, smart people who would do anything to be super rich. Don't be fooled by what you see in the media. Most people on Wall Street are not super rich just like most actors in Hollywood are not super stars. The vast majority are working really hard to give themselves a chance to hit it big. Being super smart and super unethical doesn't make you special on Wall Street. By being a spammer, he didn't have competition so it was easy.
If that's the case, then why do I need to get mine in the form of a degree-shaped rubber stamp from a Socially Approved Education Provider (TM)?
Because then no one would believe that you had the education that you claimed. It would be too easy to lie and exaggerate about your learning. The degree is just a statement from experts in a field that you have proven some sort of knowledge in the field.
It is also hard to become an expert on you own. Sure, you can read all the right materials, but how do you know what to read? How can you sort the wheat from the chaff in a field when you are not an expert? This is the true value that education is providing. It can point you to the most essential elements to learning a new field.
If you just want to learn for the sake of learning, then study what you want and be happy without your degree. You really only need the degree if you need to prove to others that you have studied something.