Except, again, that's not what's being argued. What was said in TFA was the ONLY reason cyber crime, espionage etc etc exist is because of shoddy security design. This is not only completely false, it unnecessarily burdens engineers and sysadmins with the task of somehow managing the impossible.
I think that with the latter case, you're going to an absurd extreme that no one is realistically suggesting. That was my point.
Except it was suggested. The premise given was that should "poor application or system design, implementation, and/or configuration" be eliminated, so too would "Cyber espionage, crime, and warfare". My argument was tasking engineers with eradicating all of those problems would be like tasking doctors with curing every disease. I'M not the one going to an absurd extreme, it's a direct quote taken from TFA. I'm merely pointing it out.
the majority of vulnerabilities are due to variations on the same dozen sloppy coding mistakes
I don't doubt that.
A proper analogy would be most car manufacturers in some hypothetical right-hand side driving country with many highway ramps not putting bolts on the right front wheel and not having a problem most the time because most turns are to the right and not the left, and the occasional left turn is almost always followed by a right that reseats the wheel.
That would be a proper analogy if it's what was being argued. While the article did call for stricter security standards for commercially produced code, something that I agree with, it also said that breaches of security would not happen if such were the case. Hence the analogy; you can make the system better, you can't make it perfect.
You should read my comment again, because your reply is essentially repeating what my post said to begin with. Do people treat security poorly in the IT industry, yes. Can security be strengthened by more rigid standards and harsher penalties for failure, yes.
What I responded to, and I'll quote it again, was "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration." The implication here is that these things are NOT possible if systems are not poorly designed, implemented and configured. That's a load of bullshit. even with the best security advancements available you are simply not immune. To suggest otherwise is to display ignorance on the subject.
Do you expect medical professionals to be able to cure every disease and infection ever? Do you expect automotive engineers to be able to build mechanically perfect vehicles? No. Of course the attitude the majority of people take towards online security is a joke, but no more so than saying "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration."
Cyber espionage, crime, and warfare exist through the same mechanisms that allow viruses to become resistant to treatment: adaptation. Systems can be designed to be harder to break, systems can't be made to be impenetrable. The language used in this article is just the same old IT-focused yellow journalism we've all come to expect on the subject.
This seems unlikely to be a focused surveillance effort as much as a datamining operation for the purpose of statistical analysis. Couldn't say what purpose this would serve, since I'm by no means an infosec or sigint expert, but seems to me it's possible that they're trying to be able to identify behavior patterns, possibly to better locate individuals, or to be able to more accurately predict and track the growth of social/revolutionary movements overseas, etc.
Real Hackers(tm) don't hack from a device that records your face, voice, and surroundings... Just sayin'.
Real "hackers" with experience in network probing, intrusion and forensics also don't need a video game to use tools like nmap and ettercap. This is just a neat toy that provides a layer of visual abstraction to help people better understand the tools that are employed during a (legal) pentest, not a suite of security tools for 00b3r-31337 bl4khA7 PwNl0rDz to expedite their trips to prison.
"So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request" That's because it's not law yet; once it's law, they will.
I sincerely doubt that. I'm sure more than a few of those asked to cooperate saw the marketing potential in possibly having one of the few AV services billed as "free from government malware!" Now that all that have been asked have refused, it'd take a death wish for a company to volunteer to be the black sheep.
Only about 66 percent of American adults have broadband access at home, according to a survey last year by the Pew Internet & American Life Project.
And only one-fifth of elementary- and secondary-school teachers in the United States said that all or most of their students have access to the digital tools they need at home, according to survey results released by the group last week. In some developing countries—where leaders of massive open online courses hope they will have an impact as well—broadband Internet access can be far harder to come by.
This issue doesn't just boil down to the trivial numbers you'd like to make it seem like. Not all of us live in big metropolitan areas with a fast food restaurant with a wifi hotspot at every corner.
Not saying this is the case, but I've heard a few people mention that the attempt here is to make programming skills much more common and thus, less valuable. If anyone has any insight on it I'd be glad to hear it.
Either way, though, I just wouldn't trust the American public school system to give students a good feeling for programming of any sort. If it ends up like any other subject being taught, all of which could be said to be interesting, then they'll reduce it not to a series of critical thinking challenges but a tedious exercise in memorizing and regurgitating information weekly, to then just forget it entirely by the time summer rolls around. As I've never attended school anywhere else, I couldn't say how well it'd work for the rest of the world, so the program might fare better elsewhere. But I can't see it generating anything other than disinterest in the subjects among students as has been the case with math, history, science, literature, etc. etc.
Considering the cheesy shit publishers have done to increase profits from sales with on-disc DLC, preorder bonuses, multiplayer passes and the like, none of which EA has any qualms about implementing into their games, I find it odd that it took this long for EA to come to this decision. Brings me back to when Activision's CEO Bobby Kotick openly fantasized about making every game subscription based.
Honestly though, I don't mind that EA is trying this. Publishers don't exist to bring us quality games, that's what developers try to do (some, anyway.) Publishers exist to squeeze every last penny out of IP laws that they can, and tack whatever contrived bullshit onto their games that they think they can get away with. Remember these? Publishers are more often than not just like loan sharks, only where the mafia tries to hide from the scrutiny of the DoJ, corporations can just pay them for even more invasive copyright laws. And if you dare oppose it, you're an un-American anti-capitalist who hates successful people and heartlessly steals from the efforts of hardworking programmers who pour their hearts into their work. They've practically got a free ride at this point.
No, what bothers me are the people who buy into this abusive relationship with people who sell intellectual property. Or lease, I should say, since apparently you don't even own software that you purchase. As long as there's a market that will kowtow to this sort of behavior, IP owners will keep pulling goofy shit like this. And they'll come out winning.
How easy it is to enforce the policy is irrelevant. The question is whether the policy should be allowed to exist at all, from a legal standpoint.
Personally I don't see why it shouldn't, if you're going to make use of a service, the person offering it should be allowed to know who it is they're offering the service to. So long as it's made clear what's being done with the information at hand there doesn't seem to be any legitimate reason to disallow it.
how important it was to stay out of the fucking 1980's with IT equipment that serves critical functions
Talk about blanket statements. I suspect that there is quite a bit of 1980s IT equipment in your life that you are not even aware of.
Possibly, but I'm aware that I do use a lot of tech that wasn't invented within the past decade. My last post was ambiguously worded and I apologize, it would have been better to say "not stay in the 1980's". Even people who know nothing about IT understand it's a poor decision to just implement the infrastructure and call it a day. When you're doing something that affects the security of the personal information of millions of people, there's a lot to carefully consider. I've yet to see a politician in California that honestly appreciates this fact.
The problem is not what decade the equipment comes from, it is whether or not the equipment meets its requirements. If equipment from the 1980s is continuing to meet the requirements that governments face today, then there is no reason to spend enormous amounts of tax money to replace that equipment unless doing so will pay for itself before the next upgrade. Unfortunately, there are few cases where such upgrades actually do pay for themselves, so in terms of what is best to do with tax dollars, upgrading old equipment that continues to function as needed is questionable.
It's not a matter of overhauling with every single upgrade; on top of maintaining machines as needed it can be as simple as a network-wide software patch. Maintaining IT equipment costs money, period. This isn't some kid's dedicated Counter-Strike server we're talking about here, this is a department that should be getting every cent necessary to ensure integrity. That politicians don't care to pay people who understand this sort of thing the money they ask for in order to watch over these systems is evidenced by them waiting till the problem is costing hundreds of millions of dollars, then paying a few more million dollars to get the problem... not fixed.
Now, if the equipment is not working, then it is time to replace it.
I would argue that there are more reasons to upgrade old equipment than it just not working altogether.
The real problem is that government contracts are not typically given to companies deemed best for the job, and so these situations arise. Contracts are awarded to companies that bid low and to companies that are well-connected, even when better companies are available.
That's certainly a problem, yes. And that just goes back to my original point, which is if they had even cared at all to understand the technology which they so heavily rely on they wouldn't be jackassing around like that.
you would think there would be a lot of good expertise in the computing arena for the state to tap in to.
Ahahaha, with our government? If they even had the slightest idea of how important it was to stay out of the fucking 1980's with IT equipment that serves critical functions for the state and its citizens, they wouldn't have waited for the problem to "cost taxpayers hundreds of millions of dollars" to do anything about it.
If they can't get that much straight, how can they possibly hope to know what technical criterion to look for when hiring contractors?
Slashdot Mirror
Except, again, that's not what's being argued. What was said in TFA was the ONLY reason cyber crime, espionage etc etc exist is because of shoddy security design. This is not only completely false, it unnecessarily burdens engineers and sysadmins with the task of somehow managing the impossible.
I think that with the latter case, you're going to an absurd extreme that no one is realistically suggesting. That was my point.
Except it was suggested. The premise given was that should "poor application or system design, implementation, and/or configuration" be eliminated, so too would "Cyber espionage, crime, and warfare". My argument was tasking engineers with eradicating all of those problems would be like tasking doctors with curing every disease. I'M not the one going to an absurd extreme, it's a direct quote taken from TFA. I'm merely pointing it out.
the majority of vulnerabilities are due to variations on the same dozen sloppy coding mistakes
I don't doubt that.
A proper analogy would be most car manufacturers in some hypothetical right-hand side driving country with many highway ramps not putting bolts on the right front wheel and not having a problem most the time because most turns are to the right and not the left, and the occasional left turn is almost always followed by a right that reseats the wheel.
That would be a proper analogy if it's what was being argued. While the article did call for stricter security standards for commercially produced code, something that I agree with, it also said that breaches of security would not happen if such were the case. Hence the analogy; you can make the system better, you can't make it perfect.
You should read my comment again, because your reply is essentially repeating what my post said to begin with. Do people treat security poorly in the IT industry, yes. Can security be strengthened by more rigid standards and harsher penalties for failure, yes.
What I responded to, and I'll quote it again, was "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration." The implication here is that these things are NOT possible if systems are not poorly designed, implemented and configured. That's a load of bullshit. even with the best security advancements available you are simply not immune. To suggest otherwise is to display ignorance on the subject.
Do you expect medical professionals to be able to cure every disease and infection ever? Do you expect automotive engineers to be able to build mechanically perfect vehicles? No. Of course the attitude the majority of people take towards online security is a joke, but no more so than saying "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration."
Cyber espionage, crime, and warfare exist through the same mechanisms that allow viruses to become resistant to treatment: adaptation. Systems can be designed to be harder to break, systems can't be made to be impenetrable. The language used in this article is just the same old IT-focused yellow journalism we've all come to expect on the subject.
Somebody reported that one of their friends heard that a Muslim had just signed up with Verizon.
The NSA is just trying to track him down.
Don't be ridiculous, that's what the drones are for.
This seems unlikely to be a focused surveillance effort as much as a datamining operation for the purpose of statistical analysis. Couldn't say what purpose this would serve, since I'm by no means an infosec or sigint expert, but seems to me it's possible that they're trying to be able to identify behavior patterns, possibly to better locate individuals, or to be able to more accurately predict and track the growth of social/revolutionary movements overseas, etc.
Real Hackers(tm) don't hack from a device that records your face, voice, and surroundings... Just sayin'.
Real "hackers" with experience in network probing, intrusion and forensics also don't need a video game to use tools like nmap and ettercap. This is just a neat toy that provides a layer of visual abstraction to help people better understand the tools that are employed during a (legal) pentest, not a suite of security tools for 00b3r-31337 bl4khA7 PwNl0rDz to expedite their trips to prison.
Make it happen.
You've never played Battlefront?
"So far, Hypponen hasn't seen a single antivirus vendor cooperate with such a request"
That's because it's not law yet; once it's law, they will.
I sincerely doubt that. I'm sure more than a few of those asked to cooperate saw the marketing potential in possibly having one of the few AV services billed as "free from government malware!" Now that all that have been asked have refused, it'd take a death wish for a company to volunteer to be the black sheep.
From TFA:
Only about 66 percent of American adults have broadband access at home, according to a survey last year by the Pew Internet & American Life Project.
And only one-fifth of elementary- and secondary-school teachers in the United States said that all or most of their students have access to the digital tools they need at home, according to survey results released by the group last week. In some developing countries—where leaders of massive open online courses hope they will have an impact as well—broadband Internet access can be far harder to come by.
This issue doesn't just boil down to the trivial numbers you'd like to make it seem like. Not all of us live in big metropolitan areas with a fast food restaurant with a wifi hotspot at every corner.
Not saying this is the case, but I've heard a few people mention that the attempt here is to make programming skills much more common and thus, less valuable. If anyone has any insight on it I'd be glad to hear it.
Either way, though, I just wouldn't trust the American public school system to give students a good feeling for programming of any sort. If it ends up like any other subject being taught, all of which could be said to be interesting, then they'll reduce it not to a series of critical thinking challenges but a tedious exercise in memorizing and regurgitating information weekly, to then just forget it entirely by the time summer rolls around. As I've never attended school anywhere else, I couldn't say how well it'd work for the rest of the world, so the program might fare better elsewhere. But I can't see it generating anything other than disinterest in the subjects among students as has been the case with math, history, science, literature, etc. etc.
Considering the cheesy shit publishers have done to increase profits from sales with on-disc DLC, preorder bonuses, multiplayer passes and the like, none of which EA has any qualms about implementing into their games, I find it odd that it took this long for EA to come to this decision. Brings me back to when Activision's CEO Bobby Kotick openly fantasized about making every game subscription based.
Honestly though, I don't mind that EA is trying this. Publishers don't exist to bring us quality games, that's what developers try to do (some, anyway.) Publishers exist to squeeze every last penny out of IP laws that they can, and tack whatever contrived bullshit onto their games that they think they can get away with. Remember these? Publishers are more often than not just like loan sharks, only where the mafia tries to hide from the scrutiny of the DoJ, corporations can just pay them for even more invasive copyright laws. And if you dare oppose it, you're an un-American anti-capitalist who hates successful people and heartlessly steals from the efforts of hardworking programmers who pour their hearts into their work. They've practically got a free ride at this point.
No, what bothers me are the people who buy into this abusive relationship with people who sell intellectual property. Or lease, I should say, since apparently you don't even own software that you purchase. As long as there's a market that will kowtow to this sort of behavior, IP owners will keep pulling goofy shit like this. And they'll come out winning.
So I signed up for a VPN, of course.
And dumped your ISP, right?
You can get started for about $200 in supplies.
Gonna get one of these for my apartment, thanks for the link.
Eel Pie Island to make sure it was a real place and not some shit Apple Maps invented.
How easy it is to enforce the policy is irrelevant. The question is whether the policy should be allowed to exist at all, from a legal standpoint.
Personally I don't see why it shouldn't, if you're going to make use of a service, the person offering it should be allowed to know who it is they're offering the service to. So long as it's made clear what's being done with the information at hand there doesn't seem to be any legitimate reason to disallow it.
how important it was to stay out of the fucking 1980's with IT equipment that serves critical functions
Talk about blanket statements. I suspect that there is quite a bit of 1980s IT equipment in your life that you are not even aware of.
Possibly, but I'm aware that I do use a lot of tech that wasn't invented within the past decade. My last post was ambiguously worded and I apologize, it would have been better to say "not stay in the 1980's". Even people who know nothing about IT understand it's a poor decision to just implement the infrastructure and call it a day. When you're doing something that affects the security of the personal information of millions of people, there's a lot to carefully consider. I've yet to see a politician in California that honestly appreciates this fact.
The problem is not what decade the equipment comes from, it is whether or not the equipment meets its requirements. If equipment from the 1980s is continuing to meet the requirements that governments face today, then there is no reason to spend enormous amounts of tax money to replace that equipment unless doing so will pay for itself before the next upgrade. Unfortunately, there are few cases where such upgrades actually do pay for themselves, so in terms of what is best to do with tax dollars, upgrading old equipment that continues to function as needed is questionable.
It's not a matter of overhauling with every single upgrade; on top of maintaining machines as needed it can be as simple as a network-wide software patch. Maintaining IT equipment costs money, period. This isn't some kid's dedicated Counter-Strike server we're talking about here, this is a department that should be getting every cent necessary to ensure integrity. That politicians don't care to pay people who understand this sort of thing the money they ask for in order to watch over these systems is evidenced by them waiting till the problem is costing hundreds of millions of dollars, then paying a few more million dollars to get the problem... not fixed.
Now, if the equipment is not working, then it is time to replace it.
I would argue that there are more reasons to upgrade old equipment than it just not working altogether.
The real problem is that government contracts are not typically given to companies deemed best for the job, and so these situations arise. Contracts are awarded to companies that bid low and to companies that are well-connected, even when better companies are available.
That's certainly a problem, yes. And that just goes back to my original point, which is if they had even cared at all to understand the technology which they so heavily rely on they wouldn't be jackassing around like that.
you would think there would be a lot of good expertise in the computing arena for the state to tap in to.
Ahahaha, with our government? If they even had the slightest idea of how important it was to stay out of the fucking 1980's with IT equipment that serves critical functions for the state and its citizens, they wouldn't have waited for the problem to "cost taxpayers hundreds of millions of dollars" to do anything about it.
If they can't get that much straight, how can they possibly hope to know what technical criterion to look for when hiring contractors?