This will be great: intelligent squirrels will be treated to yottabytes of Slashdot flame wars and images of grumpy cat. And they'll conclude that our civilization was inevitably doomed.
In my opinion this is a good compromise between the two other options. It would expose vulnerabilities while keeping consequences for criminal hacking.
As I said: "white hat hackers" are one of the primary reasons we have security holes in the first place; their activities create the economic incentives for companies to release software with security holes in the first place.
This is your opinion. Again, you see the world as black or white which leads you to the prosecute everyone/prosecute no one extremes.There are actually three three options;
You just don't seem to grasp that, although "white hat hackers" helping fix security holes has a short term benefit, it is one of the primary reasons those security holes exist in the first place. Why should a company bother spend lots of money to make my software secure if it can just release it and pay a fraction of what I would pay for quality control to cheap "white hat hackers", and at the same time be shielded from public humiliation by law?
The only way to get companies to pay more attention to security is to raise the risk and the cost of releasing insecure software. Banning "black hat hacking" and allowing "white hat hacking" decreases risk and decreases costs of releasing insecure software, and that is exactly the wrong public policy.
I'm sorry if that argument is too subtle for your simplistic black-and-white world view.
Saying it was legal is not proof; it is an opinion. You have no proof that what you did was legal; you just didn't get caught.
You're absolutely right. And to remove that legal uncertainty, the laws need to change.
Finding a disease that had yet to become an epidemic and pointing it out to the people who can cure it does make one a good guy
No, it doesn't. "White hat hackers" provide economic incentives for companies to create insecure software and then have it fixed for much less money than if they had to do proper quality control in-house. And prohibitions against "black hat hackers" give them some protection against the risk that results from putting out insecure software. Either both "black hat" and "white hat" hackers should go to jail, or neither. The current situation is the worst of both worlds.
I didn't make a comment about legality, I made a comment about poetic justice for the the failures of the US space program over the last half century. Their significance at this point is not so much demonstrating America's technological prowess, it's that they are reminder of missed opportunities and technological stagnation of the space program.
I think it's an outrage that, given all the money we have spent on NASA since the 1970's, NASA has been incapable of going back to the moon, let alone launch interplanetary flights. I think it would be poetic justice if entrepreneurs or other nations snatch the relics of the glory days of the US space program.
That means that there is a strong incentive for companies to create insecure, crappy software and then let so-called "white hat hackers" fix their bugs at a discount. And because any other form of disclosure is illegal, the companies are pretty well protected from negative consequences of their bugs and deflect from their own negligence by blaming "black hat hackers".
It seems that many companies disagree with you on this point. companies like Google pay bounties on zero day hacks reported to them.
Selling medicine for a disease that you help spreading in the first place doesn't make you the good guys.
The boundary you are looking for is the port that services the URL request.
So you're saying anybody who accesses a URL may be prosecuted?
Did those server you slammed belong to someone else? Did you have authorization to slam those computers? If the answers are no the count you lucky stars that you have not been prosecuted. Care to cite anything that states attempting slamming a server with " hundreds of thousands of requests using sequentially generated numbers" is legal?
It was legal and nobody complained about it. But there was a legal risk.
It could very well be seen as an attempt circumvent security.
And that is why the rules you propose are wrong.
The phrase "reasonably well defined" is a subjective term; it means different things to different people. . To me "reasonably well defined" means prosecuting someone
And that's why people like you shouldn't be involved in computer security: you have bad judgment.
If a private space entrepreneur does the job of flying to the moon, collecting the artifacts, and returning them before the US government gets its act together, perhaps ending up in his private collection is a fitting outcome.
You just lost the argument when you resorted to an ad hominem attack. You have shown that your argument is weak and switched to attacking the person.
You said that it is important not to "sully" the name of white hat hackers because they supposedly fulfill some important function and accused me of trying to defend "black hat" hackers. I'm saying that I really have no preference between black hat and white hat hackers: I think they're both ineffective at improving security, have dubious motives, and have no reputation that could be sullied. If Weev getting off free would be bad for white hat hackers, it simply doesn't matter.
Is entering a building through a door that someone forgot to lock, photocopying a bunch of confidential information and publishing it legal? No. The fact that the URL was not password protected is beside the point. Weev knew that obtaining the data the way he did was illegal.
Physical trespass is defined in terms of crossing a well-defined (usually marked) physical boundary. You are trying to define electronic trespass in terms of what people "know" instead of well-defined boundaries.
And I don't see why Weev should have known that; I and many others have "slammed" servers with hundreds of thousands of requests using sequentially generated numbers, and that has been legal. Harvesting of E-mail addresses from web pages is common and legal as well.
It seems that you want to world to be black and white.
No, I merely want laws that are reasonably well-defined, as opposed to laws that are so vague that almost everybody is a criminal and enforcement becomes arbitrary.
It is, of course, a difficult subject to study – since the super-rich have no interest in putting themselves under the public microscope. There have been indirect attempts, however, for instance: Higher social class predicts increased unethical behavior" [pnas.org] (see popular [huffingtonpost.ca] accounts [wired.com] if you don't have PNAS access).
That study isn't relevant to what we have been discussing, since it looks at upper/lower class distinctions, not billionaire/upper-middle class distinctions. It also has numerous conceptual problems.
But let's assume for the moment that the study were not utter b.s., what does it say? Here is what I said:
This isn't about "them" or "the elites", this is simply people behaving rationally. If you got $1b in your account tomorrow, you'd be behaving exactly the same way, and you're no elite either.
Here is what Study 4 shows:
the experience of higher social class has a causal relationship to unethical decision-making and behavior.
I.e., it's not that unethical people become rich, it's that rich people become "unethical" (in the sense of the study). Just like I said. (Of course, some of them may have been "unethical" to start with, like in any group of people.)
The irony is that people who cry "conspiracy theory!" are actually proposing something much more ridiculous: That the very small collection of men who own and control most of the world do not meet and discuss their interests behind closed doors
And if you got a billion dollars, you'd join that club and behave the same way; see above.
Your error is in assuming that people who are rich are intrinsically immoral, and that their motivation is to increase their wealth without limit at the expense of everybody else. But that's simply not what motivates most of these people. Most of them seem to be motivated by actually trying to help the world and being remembered as philanthropists; the reason they do so much harm is because they are so bad at it and they have the resources to spread the harm around.
Then you'll just have make a competitive offer for your desired type of employment, much like what RTW requires of labor unions.
No, I simply don't start the business at all.
If it cuts down on the amount of duressed/desperate people
But not starting the business increases the number of "duressed/desperate people" because the jobs for them do not exist at all.
It restores parity between employer-organized labor and employee-organized labor in that one is not obligated to go with a particular form of employment.
Employees are never "obligated" to go with a particular kind of employment.
Want legions of temps? Attract the willing with a competitive offer, not the desperate with monopsony-like economic forces.
We're not negotiating, I'm simply telling you: I and lots of others are just not willing to do engage in a lot of business at all under current regulatory regimes because it's too risky and too expensive, and because it takes too much of our time.
While there is plenty of sympathy to be had for small business, it stops at the border.
Yeah, like the majority of crap in your home isn't from China or Mexico or countries like that because it's cheaper. Uh huh.
Furthermore, where your "sympathies" lie doesn't matter; you can't force or bludgeon business to operate in the US.
I think it is stupid. Anywhere it matters, the data is compressed anyway. Binary encodings actually probably tend to hurt rather than help compression.
It is people like you who try to protect black hat hackers that sully the name of true white hat hackers.
One can't "sully" the names of either black hat or white hat hackers; you both are apparently either too dumb or too unimaginative to do anything more interesting with computers than look for the PHP coding mistakes of retrained barristas.
I simply want clear, unambiguous lines for what constitutes criminal behavior, and that line should be drawn at the circumvention of access protections. Accessing a public URL without a password should never be illegal, under any circumstances, not to protect "black hats" but to protect folks who, unlike you, actually do interesting things with computers from arbitrary legal prosecution.
I vote for Brett Stallbaum being listed as a "dangerous gun owner". He may not actually list a gun, but he certainly is a dangerous fool, and he can get a gun any time he pleases.
and it also has a very high rate of second degree murders
Yet, the rate of murders is highest among the population with the lowest gun ownership rates: African American males. And we aren't talking marginally higher, we are talking ten times higher. Furthermore, if you remove African American males from the statistic, the US murder rate drops to European levels. That clearly tells you that the high US murder rate is not due to average high gun ownership rates. Another data point is that Mexico has a much lower gun ownership rate than the US, yet also several times the murder rate. And if you look at comparable groups of nations in Europe, the OECD, or across the world, there simply is no correlation between gun ownership and murder rate. Altogether, the idea that gun ownership correlates positively with murder rates is not supported by the data.
Well, there isn't a high level of rigor required here
There is a great deal of rigor required. For a long time, wealth was considered a consequence of genetic superiority or divine favor. Entire wars have been fought over this question and caste systems have been built around it. Waving your hands and saying without evidence "it's obvious that rich people are different" just doesn't cut it.
I'm responding to the idea of how employers use outsourcing to dodge benefits and generally (in the supposed name of finance) make it worse off for workers.
I don't see what the problem is. Temp agency employees are often permanent employees of the temp agency. That means the temp agency assumes the risk associated with hiring them and the costly regulations that go along with it. The employer gains flexibility and reduces his risk and may be able to afford hiring workers that he could otherwise not hire.
However, the employer could not require someone to be hired indirectly as a condition of accepting/continuing work. Otherwise you have the same problem of unions, except that the benefits flow towards the employer. Think of it as Right to Work for the staffing industry, but applied to about every non-direct, non-fulltime form of work. It takes away all the toys from the employer in exchange for introducing freedom of choice in work arrangements for any skill level.
You still make no sense. How does piling ever more restrictions and regulations on work contracts "introduce freedom of choice"?
There are plenty of business ideas I might want to hire people for (in fact, I do), but I'm not going to do that if I'm stuck with potentially huge obligations and liabilities, and if I can't get rid of people who aren't working out. Many small businesses are in that boat. And we address it by simply not doing anything that is labor intensive at all, and outsourcing what we can overseas. The more people like you squeeze, the less business activity takes place and the more gets outsourced.
Exactly, the discussion was about foreign espionage and the and Germany is in general very carefully about anything that could be considered an act of war.
Maybe Germany is simply better at not getting caught: Germans seem to be considerably more obedient to authority than other nations, and Germany seems to be very effective at papering over many scandals. There isn't even a word for "whistle blower" in German.
(Initially, this was also a condition imposed by the allies; nobody in Europe wanted a German spy service, significantly composed of ex-Nazis, to go around spying on other nations after WWII.)
"Millions of people play the lottery, but only a few get rich. "Obviously", there must be a degree of selection for the people who can successfully buy a lottery ticket and get rich off it."
I've never seen any evidence that the wealthy as a population are particularly different psychologically from other people with similar levels of education. If you know of any evidence, do share it.
Well, obviously BATS and Direct Edge are not providing an innovative and cheap solution, they are just trying to provide the same service as the big guys, with the same restrictions and overhead. In fact, BATS doesn't even seem to have their software under control.
Slashdot Mirror
This will be great: intelligent squirrels will be treated to yottabytes of Slashdot flame wars and images of grumpy cat. And they'll conclude that our civilization was inevitably doomed.
As I said: "white hat hackers" are one of the primary reasons we have security holes in the first place; their activities create the economic incentives for companies to release software with security holes in the first place.
You just don't seem to grasp that, although "white hat hackers" helping fix security holes has a short term benefit, it is one of the primary reasons those security holes exist in the first place. Why should a company bother spend lots of money to make my software secure if it can just release it and pay a fraction of what I would pay for quality control to cheap "white hat hackers", and at the same time be shielded from public humiliation by law?
The only way to get companies to pay more attention to security is to raise the risk and the cost of releasing insecure software. Banning "black hat hacking" and allowing "white hat hacking" decreases risk and decreases costs of releasing insecure software, and that is exactly the wrong public policy.
I'm sorry if that argument is too subtle for your simplistic black-and-white world view.
The outrage is the decades we wasted on the shuttle program and the lack of progress in nuclear propulsion.
You're absolutely right. And to remove that legal uncertainty, the laws need to change.
No, it doesn't. "White hat hackers" provide economic incentives for companies to create insecure software and then have it fixed for much less money than if they had to do proper quality control in-house. And prohibitions against "black hat hackers" give them some protection against the risk that results from putting out insecure software. Either both "black hat" and "white hat" hackers should go to jail, or neither. The current situation is the worst of both worlds.
Large parts of the Netherlands are already below sea level, showing that that isn't necessarily a problem even for densely populated areas.
(In the case of the Netherlands, it is their own fault, however.)
I didn't make a comment about legality, I made a comment about poetic justice for the the failures of the US space program over the last half century. Their significance at this point is not so much demonstrating America's technological prowess, it's that they are reminder of missed opportunities and technological stagnation of the space program.
I think it's an outrage that, given all the money we have spent on NASA since the 1970's, NASA has been incapable of going back to the moon, let alone launch interplanetary flights. I think it would be poetic justice if entrepreneurs or other nations snatch the relics of the glory days of the US space program.
That means that there is a strong incentive for companies to create insecure, crappy software and then let so-called "white hat hackers" fix their bugs at a discount. And because any other form of disclosure is illegal, the companies are pretty well protected from negative consequences of their bugs and deflect from their own negligence by blaming "black hat hackers".
Selling medicine for a disease that you help spreading in the first place doesn't make you the good guys.
So you're saying anybody who accesses a URL may be prosecuted?
It was legal and nobody complained about it. But there was a legal risk.
And that is why the rules you propose are wrong.
And that's why people like you shouldn't be involved in computer security: you have bad judgment.
If a private space entrepreneur does the job of flying to the moon, collecting the artifacts, and returning them before the US government gets its act together, perhaps ending up in his private collection is a fitting outcome.
You said that it is important not to "sully" the name of white hat hackers because they supposedly fulfill some important function and accused me of trying to defend "black hat" hackers. I'm saying that I really have no preference between black hat and white hat hackers: I think they're both ineffective at improving security, have dubious motives, and have no reputation that could be sullied. If Weev getting off free would be bad for white hat hackers, it simply doesn't matter.
Physical trespass is defined in terms of crossing a well-defined (usually marked) physical boundary. You are trying to define electronic trespass in terms of what people "know" instead of well-defined boundaries.
And I don't see why Weev should have known that; I and many others have "slammed" servers with hundreds of thousands of requests using sequentially generated numbers, and that has been legal. Harvesting of E-mail addresses from web pages is common and legal as well.
No, I merely want laws that are reasonably well-defined, as opposed to laws that are so vague that almost everybody is a criminal and enforcement becomes arbitrary.
That study isn't relevant to what we have been discussing, since it looks at upper/lower class distinctions, not billionaire/upper-middle class distinctions. It also has numerous conceptual problems.
But let's assume for the moment that the study were not utter b.s., what does it say? Here is what I said:
Here is what Study 4 shows:
I.e., it's not that unethical people become rich, it's that rich people become "unethical" (in the sense of the study). Just like I said. (Of course, some of them may have been "unethical" to start with, like in any group of people.)
And if you got a billion dollars, you'd join that club and behave the same way; see above.
Your error is in assuming that people who are rich are intrinsically immoral, and that their motivation is to increase their wealth without limit at the expense of everybody else. But that's simply not what motivates most of these people. Most of them seem to be motivated by actually trying to help the world and being remembered as philanthropists; the reason they do so much harm is because they are so bad at it and they have the resources to spread the harm around.
No, I simply don't start the business at all.
But not starting the business increases the number of "duressed/desperate people" because the jobs for them do not exist at all.
Employees are never "obligated" to go with a particular kind of employment.
We're not negotiating, I'm simply telling you: I and lots of others are just not willing to do engage in a lot of business at all under current regulatory regimes because it's too risky and too expensive, and because it takes too much of our time.
Yeah, like the majority of crap in your home isn't from China or Mexico or countries like that because it's cheaper. Uh huh.
Furthermore, where your "sympathies" lie doesn't matter; you can't force or bludgeon business to operate in the US.
I think it is stupid. Anywhere it matters, the data is compressed anyway. Binary encodings actually probably tend to hurt rather than help compression.
One can't "sully" the names of either black hat or white hat hackers; you both are apparently either too dumb or too unimaginative to do anything more interesting with computers than look for the PHP coding mistakes of retrained barristas.
I simply want clear, unambiguous lines for what constitutes criminal behavior, and that line should be drawn at the circumvention of access protections. Accessing a public URL without a password should never be illegal, under any circumstances, not to protect "black hats" but to protect folks who, unlike you, actually do interesting things with computers from arbitrary legal prosecution.
The Gumsticks boards themselves are $100+; offering a whole pen based on it for $149 seems rather ambitious.
I vote for Brett Stallbaum being listed as a "dangerous gun owner". He may not actually list a gun, but he certainly is a dangerous fool, and he can get a gun any time he pleases.
Yet, the rate of murders is highest among the population with the lowest gun ownership rates: African American males. And we aren't talking marginally higher, we are talking ten times higher. Furthermore, if you remove African American males from the statistic, the US murder rate drops to European levels. That clearly tells you that the high US murder rate is not due to average high gun ownership rates. Another data point is that Mexico has a much lower gun ownership rate than the US, yet also several times the murder rate. And if you look at comparable groups of nations in Europe, the OECD, or across the world, there simply is no correlation between gun ownership and murder rate. Altogether, the idea that gun ownership correlates positively with murder rates is not supported by the data.
There is a great deal of rigor required. For a long time, wealth was considered a consequence of genetic superiority or divine favor. Entire wars have been fought over this question and caste systems have been built around it. Waving your hands and saying without evidence "it's obvious that rich people are different" just doesn't cut it.
I don't see what the problem is. Temp agency employees are often permanent employees of the temp agency. That means the temp agency assumes the risk associated with hiring them and the costly regulations that go along with it. The employer gains flexibility and reduces his risk and may be able to afford hiring workers that he could otherwise not hire.
You still make no sense. How does piling ever more restrictions and regulations on work contracts "introduce freedom of choice"?
There are plenty of business ideas I might want to hire people for (in fact, I do), but I'm not going to do that if I'm stuck with potentially huge obligations and liabilities, and if I can't get rid of people who aren't working out. Many small businesses are in that boat. And we address it by simply not doing anything that is labor intensive at all, and outsourcing what we can overseas. The more people like you squeeze, the less business activity takes place and the more gets outsourced.
Maybe Germany is simply better at not getting caught: Germans seem to be considerably more obedient to authority than other nations, and Germany seems to be very effective at papering over many scandals. There isn't even a word for "whistle blower" in German.
(Initially, this was also a condition imposed by the allies; nobody in Europe wanted a German spy service, significantly composed of ex-Nazis, to go around spying on other nations after WWII.)
"Millions of people play the lottery, but only a few get rich. "Obviously", there must be a degree of selection for the people who can successfully buy a lottery ticket and get rich off it."
Sorry, you're just waving your hands.
I've never seen any evidence that the wealthy as a population are particularly different psychologically from other people with similar levels of education. If you know of any evidence, do share it.
Here's your citation:
http://lmgtfy.com/?q=%22Mr.+Buttle%22
Well, obviously BATS and Direct Edge are not providing an innovative and cheap solution, they are just trying to provide the same service as the big guys, with the same restrictions and overhead. In fact, BATS doesn't even seem to have their software under control.