I live in Texas. I paid for the Chattanooga fiber network. Do they want me to also pay for running fiber to rural areas of Tennessee? I'm not interested in paying for that. If people in those areas want fiber, they can pay the cost instead of forcing me to pay for their internet service.
Are you aware that you are paying half their bill for them? If you want to do more of that, you can pay half my bills.
It cost $300 million to build EPB's fiber network. Of that, $111 million, almost half, came from taxpayers outside of Chattanooga - people who can't get the service, but are required to pay for it.
$160 million, over half, was paid by EPB's electricity customers who can't or won't get the internet service.
Only $29 million, less than 10%, was paid for by internet customers recieving the service.
Chattanooga EPB and their fanbois are making a big deal about the fact that they are now paying for their own administrative costs, the ongoing costs of emailing out monthly bills and such, along with the occasional maintenance of the still rather new network than you and I paid to build. "EPB Internet is now self-supporting!", they crow. Well yeah it damn well better be aftee taxpayers already paid for the vast majority of the expense, building the fiber network.
And that's why these general types of attacks won't be going away any time, except on specialty processors.
These attacks are based on the fact that some operations are faster than others. To get rid of them, you need to make everything equally slow. Addressing one specific case may make the CPU 10% slower, but there are a hundred timing attacks. 10% slower a hundred times equals...
Your bank, and other web sites you log into, are trying to determine whether the person trying to log in as "nospam007" really is you - the same person who logged into your account the last eight times.
If you consistently use a weird setup, that makes it so much easier. Unless the hacker trying to access your account also uses the on-screen keyboard on a 60" TV, it's really easy to tell the difference.
What's less useful is when people use a very common set-up, with all defaults, and only the most common plugins. That makes it harder to tell the difference between the account holder and someone else trying to access their account.
I'm speaking as someone who developed a system like this ten years ago. For several years it was the most-used security system, used on the largest number of web sites. I've since taken a corporate job with a much larger company.
When I develop software, the valuable information that can help me improve a system is information about under what conditions it's not yet correct, what's going wrong. It's not too helpful to say "works for me in my prestine lab environment". I also don't develop many improvements based on "I haven't noticed any issues". We improve things by characterizing what's not working well.
If BMW has a lot of real-world examples of things that cause problems with a naive implementation, such as distingusiing between a crack sealant running parallel to the lane marking vs the lane marking itself, that's exactly the kind of data I would expect to be most useful for making improvements. I don't work for BMW, so I don't know exactly what kind of data they are gathering, either summary data or detail, or samples, but they certainly have a lot of sensors out in real-world conditions, getting experience with real-world problems. According to you, each and every one of their cars likely has some example problems they can work with. Millions of cars generating billions of data points is obviously much more "vast" than thousands of Tesla cars.
> The nets have been neutral LONG before Wheeler ran the FCC. "Market forces" kept them that way
Good point. Early on, companies like AOL, CompuServe, and Prodigy tried selling non-neutral services, featuring their partners. Purchasers, the market, chose neutral services instead.
That's certainly an important thing to think about! I'm glad you mentioned it. The thing is, the rules were not good.
One draft (not the final draft) was so outrageously stupid it made it illegal to refuse connections from well-known spammers generating millions of spams per day each. The final draft was slightly less stupid. Slightly.
I guarantee no national network was actually in compliance, because you can't run a carrier network, or probably even a mom and pop ISP, and actually comply. You'd be stuck with token ring or something, that level of technology, because that's about as deep as Wheeler understands.
I wouldn't be at all surprised if DOCIS (cable modems) were technically illegal, or IP. It's 2AM and I have to be up in a few hours, so no I'm not going to find and quote the subsection that accidentally makes IP illegal, but there's a pretty good chance it does.:)
Again, I'm all for the ideals that most people associate with the term network neutrality. I just don't think Washington is going to be able to legistlate it in detail, rather than letting the courts make some determinations based on more general rules. The technologies are too complex and change too fast. Even if you somehow magically legistlated configuration lines that work well in all situations currently, 5G, TLS1.3, and HTTP 2 are going to kick your ass next month.
Just don't confuse coral "bleaching" with dying. It's normal for coral to "bleach" (expel their algae) every few years, and there can be dozens of different causes.
Around 40% of the time, after the bleaching event a different composition of algae takes the place of the expelled algae, about 50% of the time the same type of algae re-colonizes the polyps, and about 10% of it dies.
I'm not the one you asked, but I can answer for me. You asked why a techie opposed the Wheeler rules, and I can answer that.
I'm definitely a nerd / techie - name in the kernel changelog and all that.
One techie thing I've done is spend hundreds of hours learning how to configure large networks. I've studied literally thousands of pages, and I'm still nowhere near an expert. Just one of my low-level certs, CCNA routing and switching, is about 1300 pages of material. CCNA Security was a bit less. CCNA is an entry-level cert. If I wanted to study a few thousand pages more, I could go for a CCNP, and another few hundred hours of study could get me a CCIE. In ten or twenty years I could get mutiple CCIE certs in different areas of carrier network configuration and operations. It's THAT complicated.
Again, I'm not an expert by any means. My ~1500 pages of reading is only enough for me to realize how much I don't know. There are multiple levels of certifications higher than mine.
I see no reason to believe that Wheeler ever read the first chapter of the first book. The regulations that were in effect for 18 months or so, and the proposals I have read, don't evidence any knowledge of networking. As one might expect, the rules as written utterly fail to make any sense when you try to apply them to very large networks.
The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".
But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel, or any complex system you aren't an expert in. Rules that have the force of law - it MOST be done just this way, anything else is unfair. It can't be done even by someone who is a world-renowned expert on the topic. Neither Congresscritters nor Wheeler are experts in configuring the various queues, and the rules for shaping and policing those queues, inside a Cisco router. I'd bet money Wheeler doesn't even know what the term "traffic policing" MEANS, nor shaping. They are incompetent to legislate how it must be done. Even if they were experts, you just can't write laws that define exactly how "fairness" is done, or "openness".
Even if you COULD, Cisco and others come out with new features and capabilities every year. What would the network neutrality laws require me to do in my configuration of the Tonsay Routing Protocol? That's going to be awfully difficult to write such detailed rules for since the protocol doesn't yet exist, but new protocols are being created all the time.
There do exist some laws like "unfair competition" and "restraint of trade" that could be applied to the kinds of things NN proponents are afraid of. Courts look at specific, actual cases and use some defined principles to determine if specific actions or policies are unfair.
My experience indicates that may be a better approach. The FCC, or preferably the FTC, could announce policy PRINCIPLES, telling companies "if you do these sorts of things, we'll likely throw the book at you, if instead you do these other types of things to be fair and open, that's what we want to see and we'll give you some latitude in how you implement fair policies". Then let the courts apply established principles to decide if *specific* policies are unfair in specific situations, rather than Wheeler trying to play network admin.
A completely separate issue is that under our system of Constitutional government, Congress makes the law. Congress specifically chose NOT to give the FCC authority to promulgate NN regulations, preferring that be handled under existing law. That may have been bad or it may have been good, but that was the decision Congress made. The executive branch doesn't have the authority to make law. They can only implement the laws passed by Congress, and where Congress tells them what needs to be done, agencies can decide on the details of HOW they will implement the law passed by Congress. Wheeler is not Congress. He was not elected Dictat
One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.
In my experience, the saps who take jobs at government salaries aren't all that clever most of the time. Heck, look at who has the TOP job in the federal government.;)
I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.
Sixty years from now Telsa might beat Ford and GM (and Toyota and Volkswagen and Honda and BYD) in the same way that Walmart beat Sears. There's no telling what the industry will look like in 60 years, except to say that based on the lessons of history, most likely about half of the big players will still be there and about half won't.
Sixty DAYS from now, Tesla will still be trying to figure out how to run a production line, not bossing Volkswagen and Toyota around. In 60 years, if by chance Tesla becomes a significant automaker, they can reasonably start talking about drafting standards that other automakers might follow.
Yes, Volvo, an international car company at rhe time, had one good idea 55 years ago.
The fact that you have to go back 55 years to find an example of a single idea (not selecting and establishing overall protocol standards) tells us something, doesn't it.
If you've ever been to a military base, you might have noticed that everybody isn't just sitting on their ass all day. They are doing things. Which shows you that they are allowed to do things, inside the United States.
The Posse Comitatus Act says the Army and Air Force can't be used for domestic *law enforcement*, except as authorized by the Insurrection Act and certain other situations, including enforcing federal law (see Little Rock 1956).
Firefighting isn't law enforcement, so no Posse Comitatus issue here.
Originally it applied only to the Army. Later, the Air Force was added. There is no law applying it to the Navy or Marines, only policies put in place by those services.
"KVM" is often used to mean "qemu on top of KVM". Virt-manager actually calls qemu. Qemu internally uses KVM of it's available. Qemu runs fine without any CPU support for virtualization. I'd guesstimate maybe 10% slower than native if you use the right flags.
KVM itself uses VT-d, but that's not a big deal for light usage
There are a number of options you can use to optimize performance. For example, use -cpu host to set the right CPU type. If you don't, you could end up emulating a generic (old) x86, when you'd be a lot better off with -cpu core2duo or whatever is appropriate.
BYD actually has a headquarters in Los Angeles and a factory in Lancaster, California. Rather than selling one car at a time (and maybe deliver it five years later), BYD see vehicles 100 at a time, providing fleets of taxis and buses. If you've ridden the bus in New York or Chicago you were probably riding in a BYD electric vehicle.
Yes, under their Customer Responsibility Model, AWS says the customer is responsible carefully avoiding the dangers inherent in the design of their product. That was a common, and arguably legal, position to take until 1963.
Since 1963, you may have noticed that self-propelled lawnmowers have deadman switches that automatically shit off the mower and apply a brake if the operator let's go of the handle for a second. All openings are covered by a metal plate held closed with a powerful spring any time the attachment isn't attached. In general, products have every reasonable safeguard in place in order to eliminate any foreseeable danger. That's because companies are legally required to put safeguards in place to guard against dangers whenever it's reasonably possible. "It's the customer's responsibility to avoid the clear dangers we designed into our product" hasn't been a legitimate or legal stance since at least 1963.
> all major automakers with two cents to rub together (i.e. everyone but Mazda and FCA) is bringing out at least one better-than-compliance EV.
So they're emulating BYD, the largest maker of electric cars? If they promised super-expensive cars, took deposits from customers, and didn't deliver cars for years, that would be following Tesla. BYD actually mass produces electric cars, in higher quanities than Ford produced the Model A in 1913.
Tesla has the production of 1913 Ford, before the model T, with the hype of PT Barnum. Like Barnum's endeavors, Tesla is a show, which may eventually become a car company in 50 or 80 years.
An audit script that runs as new resources are created, and the again periodically, is on my to-do list. We're a small team with hundreds of dollars per month of AWS spend. If we can do it, certainly AWS themselves can and should have such a script for internal use.
We have two major errors here, or three, all by AWS and their employees.
An AWS employee created this bucket with it set to be accessible by everyone in the world.
Why did the set it to be accessible to anyone and everyone? They didn't set it, that's the DEFAULT on AWS. AWS says Security Groups is their implementation of a firewall. Just about the only firewall that defaults to wide open, no security at all.
Amazon's sales process apparently involves employees manually clicking on the generic UI to create resources for each customer, rather than having a Cloud Formation or other script for "create customer file".
There are many failures here. The failure of the AWS employee to override the really stupid defaults is, to me, the least significant. Had he never been hired, other employees would be frequently creating buckets with the default, and stupidly insecure, settings. Had the default been to be secure, and let the let customer select places it SHOULD be accessible from, this wouldn't have happened and it wouldn't be a common occurrence.
I've spent 20 years full time IT security. I'm very much security aware. I've forgotten to change the incredibly stupid AWS defaults, thereby leaving a security problem.
Perhaps so. There are a few of us who understand security. There are many on Slashdot who think they do, and steadfastly refuse to pay any attention to those of us who have been doing security as a lifelong career.
Not knowing is okay - smart people can learn. Refusing to learn because you think you know it all ensures failure.
Slashdot Mirror
I live in Texas. I paid for the Chattanooga fiber network.
Do they want me to also pay for running fiber to rural areas of Tennessee? I'm not interested in paying for that. If people in those areas want fiber, they can pay the cost instead of forcing me to pay for their internet service.
Are you aware that you are paying half their bill for them? If you want to do more of that, you can pay half my bills.
It cost $300 million to build EPB's fiber network.
Of that, $111 million, almost half, came from taxpayers outside of Chattanooga - people who can't get the service, but are required to pay for it.
$160 million, over half, was paid by EPB's electricity customers who can't or won't get the internet service.
Only $29 million, less than 10%, was paid for by internet customers recieving the service.
Chattanooga EPB and their fanbois are making a big deal about the fact that they are now paying for their own administrative costs, the ongoing costs of emailing out monthly bills and such, along with the occasional maintenance of the still rather new network than you and I paid to build. "EPB Internet is now self-supporting!", they crow. Well yeah it damn well better be aftee taxpayers already paid for the vast majority of the expense, building the fiber network.
On that note, check out the New York City map. It's ridiculous. Three providers in five blocks, each with a franchise for that particular block.
And that's why these general types of attacks won't be going away any time, except on specialty processors.
These attacks are based on the fact that some operations are faster than others. To get rid of them, you need to make everything equally slow. Addressing one specific case may make the CPU 10% slower, but there are a hundred timing attacks. 10% slower a hundred times equals ...
Your bank, and other web sites you log into, are trying to determine whether the person trying to log in as "nospam007" really is you - the same person who logged into your account the last eight times.
If you consistently use a weird setup, that makes it so much easier. Unless the hacker trying to access your account also uses the on-screen keyboard on a 60" TV, it's really easy to tell the difference.
What's less useful is when people use a very common set-up, with all defaults, and only the most common plugins. That makes it harder to tell the difference between the account holder and someone else trying to access their account.
I'm speaking as someone who developed a system like this ten years ago. For several years it was the most-used security system, used on the largest number of web sites. I've since taken a corporate job with a much larger company.
When I develop software, the valuable information that can help me improve a system is information about under what conditions it's not yet correct, what's going wrong. It's not too helpful to say "works for me in my prestine lab environment". I also don't develop many improvements based on "I haven't noticed any issues". We improve things by characterizing what's not working well.
If BMW has a lot of real-world examples of things that cause problems with a naive implementation, such as distingusiing between a crack sealant running parallel to the lane marking vs the lane marking itself, that's exactly the kind of data I would expect to be most useful for making improvements. I don't work for BMW, so I don't know exactly what kind of data they are gathering, either summary data or detail, or samples, but they certainly have a lot of sensors out in real-world conditions, getting experience with real-world problems. According to you, each and every one of their cars likely has some example problems they can work with. Millions of cars generating billions of data points is obviously much more "vast" than thousands of Tesla cars.
> The nets have been neutral LONG before Wheeler ran the FCC. "Market forces" kept them that way
Good point. Early on, companies like AOL, CompuServe, and Prodigy tried selling non-neutral services, featuring their partners. Purchasers, the market, chose neutral services instead.
Before telling me what Wheeler's NN rules say, read them. Especially, read them and think about how you would comply with each point while operating:
A small "mom and pop" ISP providing service to schools, day cares, Mormon families, and others who want a family-friendly service.
OnStar
Also, how do you think web sites / web servers get connected to the internet?
> That's letting perfect be the enemy of good
That's certainly an important thing to think about! I'm glad you mentioned it. The thing is, the rules were not good.
One draft (not the final draft) was so outrageously stupid it made it illegal to refuse connections from well-known spammers generating millions of spams per day each. The final draft was slightly less stupid. Slightly.
I guarantee no national network was actually in compliance, because you can't run a carrier network, or probably even a mom and pop ISP, and actually comply. You'd be stuck with token ring or something, that level of technology, because that's about as deep as Wheeler understands.
I wouldn't be at all surprised if DOCIS (cable modems) were technically illegal, or IP. It's 2AM and I have to be up in a few hours, so no I'm not going to find and quote the subsection that accidentally makes IP illegal, but there's a pretty good chance it does. :)
Again, I'm all for the ideals that most people associate with the term network neutrality. I just don't think Washington is going to be able to legistlate it in detail, rather than letting the courts make some determinations based on more general rules. The technologies are too complex and change too fast. Even if you somehow magically legistlated configuration lines that work well in all situations currently, 5G, TLS1.3, and HTTP 2 are going to kick your ass next month.
Just don't confuse coral "bleaching" with dying. It's normal for coral to "bleach" (expel their algae) every few years, and there can be dozens of different causes.
Around 40% of the time, after the bleaching event a different composition of algae takes the place of the expelled algae, about 50% of the time the same type of algae re-colonizes the polyps, and about 10% of it dies.
I'm not the one you asked, but I can answer for me. You asked why a techie opposed the Wheeler rules, and I can answer that.
I'm definitely a nerd / techie - name in the kernel changelog and all that.
One techie thing I've done is spend hundreds of hours learning how to configure large networks. I've studied literally thousands of pages, and I'm still nowhere near an expert. Just one of my low-level certs, CCNA routing and switching, is about 1300 pages of material. CCNA Security was a bit less. CCNA is an entry-level cert. If I wanted to study a few thousand pages more, I could go for a CCNP, and another few hundred hours of study could get me a CCIE. In ten or twenty years I could get mutiple CCIE certs in different areas of carrier network configuration and operations. It's THAT complicated.
Again, I'm not an expert by any means. My ~1500 pages of reading is only enough for me to realize how much I don't know. There are multiple levels of certifications higher than mine.
I see no reason to believe that Wheeler ever read the first chapter of the first book. The regulations that were in effect for 18 months or so, and the proposals I have read, don't evidence any knowledge of networking. As one might expect, the rules as written utterly fail to make any sense when you try to apply them to very large networks.
The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".
But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel, or any complex system you aren't an expert in. Rules that have the force of law - it MOST be done just this way, anything else is unfair. It can't be done even by someone who is a world-renowned expert on the topic. Neither Congresscritters nor Wheeler are experts in configuring the various queues, and the rules for shaping and policing those queues, inside a Cisco router. I'd bet money Wheeler doesn't even know what the term "traffic policing" MEANS, nor shaping. They are incompetent to legislate how it must be done. Even if they were experts, you just can't write laws that define exactly how "fairness" is done, or "openness".
Even if you COULD, Cisco and others come out with new features and capabilities every year. What would the network neutrality laws require me to do in my configuration of the Tonsay Routing Protocol? That's going to be awfully difficult to write such detailed rules for since the protocol doesn't yet exist, but new protocols are being created all the time.
There do exist some laws like "unfair competition" and "restraint of trade" that could be applied to the kinds of things NN proponents are afraid of. Courts look at specific, actual cases and use some defined principles to determine if specific actions or policies are unfair.
My experience indicates that may be a better approach. The FCC, or preferably the FTC, could announce policy PRINCIPLES, telling companies "if you do these sorts of things, we'll likely throw the book at you, if instead you do these other types of things to be fair and open, that's what we want to see and we'll give you some latitude in how you implement fair policies". Then let the courts apply established principles to decide if *specific* policies are unfair in specific situations, rather than Wheeler trying to play network admin.
A completely separate issue is that under our system of Constitutional government, Congress makes the law. Congress specifically chose NOT to give the FCC authority to promulgate NN regulations, preferring that be handled under existing law. That may have been bad or it may have been good, but that was the decision Congress made. The executive branch doesn't have the authority to make law. They can only implement the laws passed by Congress, and where Congress tells them what needs to be done, agencies can decide on the details of HOW they will implement the law passed by Congress. Wheeler is not Congress. He was not elected Dictat
Emacs is now part of systemd. It can now be used to edit binary blobs. Ascii file support has been deprecated in the new systemd.emacs.
One would need to be very, very clever to "slip something in" to TLS 1.3. A lot of very smart people have been looking at it very closely for a long time.
In my experience, the saps who take jobs at government salaries aren't all that clever most of the time. Heck, look at who has the TOP job in the federal government. ;)
I can't prove that an alien spaceship won't land on my lawn tonight, but I consider it unlikely.
BTW, there IS an answer to that question. There IS one other thing Tesla has a vast quantity of.
It starts with "L" and ends with "osses".
So you think Tesla has a "vast quantity" of cars compared to Toyota, VW, or General Motors, out there gathering real-world experience?
What exactly does Tesla have a "vast quantity" of, other than ego and hype?
Sixty years from now Telsa might beat Ford and GM (and Toyota and Volkswagen and Honda and BYD) in the same way that Walmart beat Sears. There's no telling what the industry will look like in 60 years, except to say that based on the lessons of history, most likely about half of the big players will still be there and about half won't.
Sixty DAYS from now, Tesla will still be trying to figure out how to run a production line, not bossing Volkswagen and Toyota around. In 60 years, if by chance Tesla becomes a significant automaker, they can reasonably start talking about drafting standards that other automakers might follow.
Yes, Volvo, an international car company at rhe time, had one good idea 55 years ago.
The fact that you have to go back 55 years to find an example of a single idea (not selecting and establishing overall protocol standards) tells us something, doesn't it.
If you've ever been to a military base, you might have noticed that everybody isn't just sitting on their ass all day. They are doing things. Which shows you that they are allowed to do things, inside the United States.
The Posse Comitatus Act says the Army and Air Force can't be used for domestic *law enforcement*, except as authorized by the Insurrection Act and certain other situations, including enforcing federal law (see Little Rock 1956).
Firefighting isn't law enforcement, so no Posse Comitatus issue here.
Originally it applied only to the Army. Later, the Air Force was added. There is no law applying it to the Navy or Marines, only policies put in place by those services.
> Will KVM work with Intel CPUs that lack VT-d?
"KVM" is often used to mean "qemu on top of KVM". Virt-manager actually calls qemu. Qemu internally uses KVM of it's available. Qemu runs fine without any CPU support for virtualization. I'd guesstimate maybe 10% slower than native if you use the right flags.
KVM itself uses VT-d, but that's not a big deal for light usage
There are a number of options you can use to optimize performance. For example, use -cpu host to set the right CPU type. If you don't, you could end up emulating a generic (old) x86, when you'd be a lot better off with -cpu core2duo or whatever is appropriate.
BYD actually has a headquarters in Los Angeles and a factory in Lancaster, California. Rather than selling one car at a time (and maybe deliver it five years later), BYD see vehicles 100 at a time, providing fleets of taxis and buses. If you've ridden the bus in New York or Chicago you were probably riding in a BYD electric vehicle.
Yes, under their Customer Responsibility Model, AWS says the customer is responsible carefully avoiding the dangers inherent in the design of their product. That was a common, and arguably legal, position to take until 1963.
Since 1963, you may have noticed that self-propelled lawnmowers have deadman switches that automatically shit off the mower and apply a brake if the operator let's go of the handle for a second. All openings are covered by a metal plate held closed with a powerful spring any time the attachment isn't attached. In general, products have every reasonable safeguard in place in order to eliminate any foreseeable danger. That's because companies are legally required to put safeguards in place to guard against dangers whenever it's reasonably possible. "It's the customer's responsibility to avoid the clear dangers we designed into our product" hasn't been a legitimate or legal stance since at least 1963.
> all major automakers with two cents to rub together (i.e. everyone but Mazda and FCA) is bringing out at least one better-than-compliance EV.
So they're emulating BYD, the largest maker of electric cars? If they promised super-expensive cars, took deposits from customers, and didn't deliver cars for years, that would be following Tesla. BYD actually mass produces electric cars, in higher quanities than Ford produced the Model A in 1913.
Tesla has the production of 1913 Ford, before the model T, with the hype of PT Barnum. Like Barnum's endeavors, Tesla is a show, which may eventually become a car company in 50 or 80 years.
An audit script that runs as new resources are created, and the again periodically, is on my to-do list. We're a small team with hundreds of dollars per month of AWS spend. If we can do it, certainly AWS themselves can and should have such a script for internal use.
We have two major errors here, or three, all by AWS and their employees.
An AWS employee created this bucket with it set to be accessible by everyone in the world.
Why did the set it to be accessible to anyone and everyone? They didn't set it, that's the DEFAULT on AWS. AWS says Security Groups is their implementation of a firewall. Just about the only firewall that defaults to wide open, no security at all.
Amazon's sales process apparently involves employees manually clicking on the generic UI to create resources for each customer, rather than having a Cloud Formation or other script for "create customer file".
There are many failures here. The failure of the AWS employee to override the really stupid defaults is, to me, the least significant. Had he never been hired, other employees would be frequently creating buckets with the default, and stupidly insecure, settings. Had the default been to be secure, and let the let customer select places it SHOULD be accessible from, this wouldn't have happened and it wouldn't be a common occurrence.
I've spent 20 years full time IT security. I'm very much security aware. I've forgotten to change the incredibly stupid AWS defaults, thereby leaving a security problem.
Perhaps so. There are a few of us who understand security. There are many on Slashdot who think they do, and steadfastly refuse to pay any attention to those of us who have been doing security as a lifelong career.
Not knowing is okay - smart people can learn. Refusing to learn because you think you know it all ensures failure.