The Spanish article cited in the summary does not allege any cause-and-effect relationship between the computer, the trojans, and the crash.
Nearly all crash investigations reveal factoids that cause suspicion and which invite people to jump to conclusions. Sometimes, the premature public debate on such issues cause emotional harm to victims, their families and other people involved.
I realize that I'm pissing into the wind to raise this topic. I's human nature to gossip. Slashdot is no different than any other public forum in this regard. It just frustrates me to see this happen again and again.
Not true. Even government utilities like BPA must sell bonds to private investors to survive. Some, like WPPS, even default, thus making private investors wary.
No. In most cases it is not public money that builds transmission, but private money.
Somebody has to convince investors to put their money in transmission projects rather than Google/BP/Pharma/Banks/Apple and so on. That's not easy, especially in the face of regulatory uncertainty.
How does the investor earn a profit on the transmision line? By fees and/or energy market trading. However, in the blink of an eye government can change the rules and wipe out all that future revenue.
Regulatory uncertainty (not the regulations but the uncertainty) results in decision paralysis.
True, but the questioner didn't mention the article. He asked if Jobs knew about the problem early in the design. Jobs didn't answer the question. Since Jobs' answer was evasive, shouldn't we assume that it's true?
I can't recall any other case where government forced enforcement of privacy policy on third parties like bankruptcy courts. Even here, it is not clear if FTC is threatening action or just bluffing.
I remember the case of a hospital that stored medical records in a warehouse. They stopped paying rent and the landlord sold the file cabinets including contents to help recover his losses. The cabinets, folders and paper are physical property and property laws govern them. The information on the papers had no legal standing at all.
Even HIPPA laws do not apply to parties who are not heath care providers or their agents but who have possesion of patient data nevertheless.
Current intellectual property law is distinct from ordinary property law. Considering the fact that data possession and data processing are the major source of wealth in the 21st century, we badly need a better legal foundation for information. Traditional property rights, intellectual property rights and contract law all come up short.
Better still, read the comment to the article by Torbjorn at the same URL as the article. Torbjorn calls it "Bad research, worse article" and he makes a pretty strong case.
I remember when writing HTML 1.0 was considered programming. Applying your logic retroactively, only professional programmers could be expected to create web pages worth looking at.
Allow me to put on the hat of grid operations security for a moment.
1) I can't allow a third party to put boxes in my network based on someone's assurances about what they do or don't do. I need to audit the hardware and software they contain. NSA would probably deny me that access.
2) What qualifies government in general and NSA in particular as trusted partners for grid security? Government is already asking for authority to put a kill switch on the Internet, how do I know if they might have similar ambitions for the grid? Might NSA want a back door they can use to seize control of the grid away from me? My mission is simple and clear -- keep the lights on and keep the power grid secure and to do so whether or not the government wants it that way.
It may be far-fetched but nevertheless easily imaginable that my mission may conflict with government's at some point.
I lived in Sweden in the 80s. Sweden's privacy laws are a bit like Germany's.
The most important thing they did was to require any computer owner to get a license from the government to store personal data. To get the license, they had to lay out what data and what the reasons were for storing it.
Effectively, the law prohibited all personal data applications (and storage) except those that are permitted. In the USA, everything is permitted except that which is prohibited.
I think they finally backed off enough to allow PC owners to keep an address book for personal use without a license, but it was still very strict.
In reality, I would probably hate it if the US government tried the same law. It is so inept that the waiting time for licenses would be years and would require the aid of expensive lawyers. Still, I admire what Sweden was able to accomplish. The giant corporation that I worked for over there thought long and hard before putting customer data in a database.
Everybody with an agenda today needs a straw man demon. Look at US national politics. Obama demonized George Bush, then Wall Street, then the Banks, then the isurance companies, and now BP. He hasn't addressed any major topic without a straw man demon.
Like it or not, people in the USA evidently love to hate. An anti-demon campaign is more successful than one with a positive message, regardless of the topic.
There are indications of a possible increase. We're not sure that it is correct. It could be due to bias, but the indications are sufficiently strong... to be concerned.
Isn't that kind of statement extremely unprofessional and irresponsible regardless of the actual topic. The researcher must have known that only the "indications are sufficiently strong to be concerned" will be the only part remembered for years to come by millions of people who will conclude that the study confirmed actual danger.
Or should we blame the journalist? There is a... in the middle of the quote. Might the actual words have been cooked to make it sound scary?
When scientists are doing science, or explaining science, they are entitled to a great deal of deference and respect by laymen. However, when they are advocating and trying to persuade or to steer policy, then they are entitled to no more respect than any citizen.
Think of Norman Rockwell's "Freedom of Speech" The seated man in Rockwell's picture appears to be more wealthy and better educated than the man speaking, yet he listens with utmost respect. That, IMHO, is the American ideal.
The recent problem is that scientists want to act like über citizens. They want to lecture citizens and lawmakers paternalisticlly and to dictate policy and politics, while still claiming the right to superior deference and respect while they're doing that.
What is happening to the climate might be explained by science. What to do to reduce carbon emissions and the priorities of competing values is not science, but politics. For example, tanking the economy seems to be an effective and immediate method to reduce emissions. Whether to do that deliberately is hardly a question of science. Climate scientists have crossed the line and are trying to impose their values on everyone else.
The right way to handle it is for scientists to stick to science and stay out of the limelight. Let layman champions like Al Gore make their case in public.
If we think that we can hold law enforcement and spies back with 19th century procedures and safeguards we're kidding ourselves. They, like everyone else, need to adapt to 21st century technology and make use of it. Technology alone will defeat anyone who tries to hold back the clock.
Reliance on "reasonable expectation of privacy" as the foundation of our privacy right is folly. Every day in every way our expectations get eroded away. Soon there will be nothing left. We need a completely different approach.
We should open the doors all the way on government gathering and analysis of data, but crack down instead on use of the information. I would favor mandatory permanent surveillance of every government employee and office from the President, to judges, to Senators, down to street cop; with every scrap of that published on the web. Zero privacy for the public sector.
Obviously it's not as simple as my hyperbole makes it sound. The point is, we should shift focus away from government surveilling us and towards us surveilling them.
I have a big problem hiring anyone who ever cheated on anything anywhere. Cheating on a test, padding an expense account, driving with a radar detector in the car; they all indicate lack of integrity. I need to be able to trust my co-workers.
Therefore, I'm doubly horrified to contemplate the possibility of false positives. It is very hard to reconcile harsh treatment of cheaters, with the possibility of some being falsely accused without adequate opportunity to defend themselves.
I was an engineering consultant for 40 years. I'm well familiar with the politics and ethics of engineering studies. Something is fishy here.
The AP says that Wright's firm was hired by three utilities. The web material suggests that it was actually ucaiug.org (an association of both vendors and utilities) Presumably, they financed the security study to expose vulnerabilities so that they could fix them. They did it openly and allowed the report to be published. That's laudable and responsible behavior. It is the opposite of denial and secrecy.
Normally, Wright and his team write the report and the vendors and utilities fix the problems. However, Wright is going pubic in a big way. He, with cooperation from the media, is mongering fear and suggesting that the vendors and utilities don't care about security. He's acting in a way that brings maximum bad publicity to his financial sponsors. That is extraordinary behavior for a consultant. If it was I that hired him, I would feel betrayed.
I really can't tell if he's doing it for shameless and unethical purposes of self promotion, or whether there was a breakdown in relations between the consultant and the clients. Somewhere there is an enormous untold back story.
Why do all these transparency things only apply to the executive branch of government?
I think it should be just as important to the public to know who lobbied which congressman and how as it is to know who talked to the White House about energy policy or heath care.
How about emails? Is there any rational arguments why rules about email archiving and disclosure are different for the different banches.
I'm afraid that the real answer to my question is that Congress always exempts itself from any kind of onerous rule. Just think how angry the public would be if they could read all those blackberry messages sent between members of the same party.
The judicial branch may have better arguments for secrecy, but even there the default rule ought to be openness. Let them argue case by case to exempt different classes of records.
All three branches would argue that public disclosure puts a chilling effect on honest deliberations. True, but all three branches need to deliberate to make decisions. Again, there's no reason to give different treatment to any of the branches.
The news reports say that the cameras were activated in this case plus 42 other cases. If the school is telling the truth they should have documentary evidence of claims of theft or loss for all 43 cases.
If they can document all 43 cases, they're still in hot water. If they can't then they're caught in yet another lie.
You're ignoring the amendment process. We should respect the original intentions of those who wrote and passed the constitution and the amendments.
The constitution has a process that can make it a living document -- add new amendments.
IMO it is wrong to reinterpret it and to expand the power of the government on the pretext authority of the commerce clause or the general welfare clause without going through the trouble of making amendments.
If enough people agree to make an amendment, we can make the constitution say anything at all. If not enough agree, stick to what "we" originally agreed to. It is also wise, IMO, to require a supermajority agree to amendments.
The cited article said that the sample was taken "just to the east of the plant's condensate water storage tank" That's inside the plant. Then it cited the EPA standard for drinking water.
Those two facts in close conjunction invite everyone to jump to the conclusion that the public gets its drinking water from next to the storage tank inside the plants grounds. In reality the nearest public or privately owned well is probably 5 to 10 miles away.
I remember when I wanted to drill a new well in my yard. The local building code said that it had to be 100 feet from the septic tank drainage field. Wow, only 100 feet!!! Now consider how much five miles of intervening ground will filter.
It is true that 775,000 picocuries per liter is 37 times higher than the limit. It is also true that there is no public health hazard. The devil is in the details, and the critical detail not emphasized in the Washpost article is the separation between the tank and the public.
In recent years European countries have more or less duplicated the Bush administration's warrantless wiretapping. Sweden's FRA law for example. This suggests a trend to levelize security-related laws globally. I sure hope that this action by South Australia is not a harbinger of similar things to come in all developed countries.
Another trend seems to be to negotiate such international cooperation in secret. The ATCA talks for example. Put the trends together and the future of personal freedom seems to be in great jeopardy.
If we want to avoid stupid laws written by uninformed politicians, we need to preemptively provide solutions to cyber-related problems before traditional politicians get involved. We need a body of cyberlaw and cyberlaw enforcement independent of any country or government.
The article mentions that safeguards and procedures were ignored. Before calling for new rules, new procedures, new designs, it would be wise to force existing safeguards to be used without exception.
Perhaps a conviction or two for negligent homicide against the doctors, nurses, administrators and vendors might get their attention.
I love the NYT and the WSJ. Every day I find articles there that I wasn't looking for but which greatly educate and inform me. I read the NYT online, and I got a free 39 week print subscription to the WSJ.
I hate paid subscription models for online comment.
So, when NYT raises the pay wall, I'll certainly try to get along without it. I can't say how long I'll last. It will be a waiting game. Who gives in first, the NYT or us?
In the pre-LAN days of the 1980s we used to use terminal servers to connect dumb terminals to the computers. Their purpose was to dish our point-to-point connections on demand.
Once in a while, perhaps due to a power glitch, the terminal servers would drop all connections and then immediately reconnect everyone at random. Users abruptly found themselves in the middle of someone else's session.
Old technology or new, connection errors are bound to happen once in a while.
The true risk here is misplaced confidence. People simplify; errors that happen very rarely are mentally simplified to "never happens." They then become sloppy and unguarded.
In parts of India where customers suffer electric blackouts 4-5 times per day, commerce is so robust that they hardly notice. When a regional blackout happens in a Western country once every 10 years or so, many people are caught unprepared.
Fire departments hold regular drills to maintain preparedness skills. The frequency of real life emergencies is not sufficient. Perhaps the public would be best served by participating in regular Internet drills, but I'm not going to hold my breath waiting for that to happen.
Slashdot Mirror
The Spanish article cited in the summary does not allege any cause-and-effect relationship between the computer, the trojans, and the crash.
Nearly all crash investigations reveal factoids that cause suspicion and which invite people to jump to conclusions. Sometimes, the premature public debate on such issues cause emotional harm to victims, their families and other people involved.
I realize that I'm pissing into the wind to raise this topic. I's human nature to gossip. Slashdot is no different than any other public forum in this regard. It just frustrates me to see this happen again and again.
Not true. Even government utilities like BPA must sell bonds to private investors to survive. Some, like WPPS, even default, thus making private investors wary.
No. In most cases it is not public money that builds transmission, but private money.
Somebody has to convince investors to put their money in transmission projects rather than Google/BP/Pharma/Banks/Apple and so on. That's not easy, especially in the face of regulatory uncertainty.
How does the investor earn a profit on the transmision line? By fees and/or energy market trading. However, in the blink of an eye government can change the rules and wipe out all that future revenue.
Regulatory uncertainty (not the regulations but the uncertainty) results in decision paralysis.
True, but the questioner didn't mention the article. He asked if Jobs knew about the problem early in the design. Jobs didn't answer the question. Since Jobs' answer was evasive, shouldn't we assume that it's true?
I can't recall any other case where government forced enforcement of privacy policy on third parties like bankruptcy courts. Even here, it is not clear if FTC is threatening action or just bluffing.
I remember the case of a hospital that stored medical records in a warehouse. They stopped paying rent and the landlord sold the file cabinets including contents to help recover his losses. The cabinets, folders and paper are physical property and property laws govern them. The information on the papers had no legal standing at all.
Even HIPPA laws do not apply to parties who are not heath care providers or their agents but who have possesion of patient data nevertheless.
Current intellectual property law is distinct from ordinary property law. Considering the fact that data possession and data processing are the major source of wealth in the 21st century, we badly need a better legal foundation for information. Traditional property rights, intellectual property rights and contract law all come up short.
Better still, read the comment to the article by Torbjorn at the same URL as the article. Torbjorn calls it "Bad research, worse article" and he makes a pretty strong case.
The Hypercard analogy is a good one.
I remember when writing HTML 1.0 was considered programming. Applying your logic retroactively, only professional programmers could be expected to create web pages worth looking at.
Allow me to put on the hat of grid operations security for a moment.
1) I can't allow a third party to put boxes in my network based on someone's assurances about what they do or don't do. I need to audit the hardware and software they contain. NSA would probably deny me that access.
2) What qualifies government in general and NSA in particular as trusted partners for grid security? Government is already asking for authority to put a kill switch on the Internet, how do I know if they might have similar ambitions for the grid? Might NSA want a back door they can use to seize control of the grid away from me? My mission is simple and clear -- keep the lights on and keep the power grid secure and to do so whether or not the government wants it that way.
It may be far-fetched but nevertheless easily imaginable that my mission may conflict with government's at some point.
I lived in Sweden in the 80s. Sweden's privacy laws are a bit like Germany's.
The most important thing they did was to require any computer owner to get a license from the government to store personal data. To get the license, they had to lay out what data and what the reasons were for storing it.
Effectively, the law prohibited all personal data applications (and storage) except those that are permitted. In the USA, everything is permitted except that which is prohibited.
I think they finally backed off enough to allow PC owners to keep an address book for personal use without a license, but it was still very strict.
In reality, I would probably hate it if the US government tried the same law. It is so inept that the waiting time for licenses would be years and would require the aid of expensive lawyers. Still, I admire what Sweden was able to accomplish. The giant corporation that I worked for over there thought long and hard before putting customer data in a database.
Everybody with an agenda today needs a straw man demon. Look at US national politics. Obama demonized George Bush, then Wall Street, then the Banks, then the isurance companies, and now BP. He hasn't addressed any major topic without a straw man demon.
Like it or not, people in the USA evidently love to hate. An anti-demon campaign is more successful than one with a positive message, regardless of the topic.
Isn't that kind of statement extremely unprofessional and irresponsible regardless of the actual topic. The researcher must have known that only the "indications are sufficiently strong to be concerned" will be the only part remembered for years to come by millions of people who will conclude that the study confirmed actual danger.
... in the middle of the quote. Might the actual words have been cooked to make it sound scary?
Or should we blame the journalist? There is a
When scientists are doing science, or explaining science, they are entitled to a great deal of deference and respect by laymen. However, when they are advocating and trying to persuade or to steer policy, then they are entitled to no more respect than any citizen.
Think of Norman Rockwell's "Freedom of Speech" The seated man in Rockwell's picture appears to be more wealthy and better educated than the man speaking, yet he listens with utmost respect. That, IMHO, is the American ideal.
The recent problem is that scientists want to act like über citizens. They want to lecture citizens and lawmakers paternalisticlly and to dictate policy and politics, while still claiming the right to superior deference and respect while they're doing that.
What is happening to the climate might be explained by science. What to do to reduce carbon emissions and the priorities of competing values is not science, but politics. For example, tanking the economy seems to be an effective and immediate method to reduce emissions. Whether to do that deliberately is hardly a question of science. Climate scientists have crossed the line and are trying to impose their values on everyone else.
The right way to handle it is for scientists to stick to science and stay out of the limelight. Let layman champions like Al Gore make their case in public.
If we think that we can hold law enforcement and spies back with 19th century procedures and safeguards we're kidding ourselves. They, like everyone else, need to adapt to 21st century technology and make use of it. Technology alone will defeat anyone who tries to hold back the clock.
Reliance on "reasonable expectation of privacy" as the foundation of our privacy right is folly. Every day in every way our expectations get eroded away. Soon there will be nothing left. We need a completely different approach.
We should open the doors all the way on government gathering and analysis of data, but crack down instead on use of the information. I would favor mandatory permanent surveillance of every government employee and office from the President, to judges, to Senators, down to street cop; with every scrap of that published on the web. Zero privacy for the public sector.
Obviously it's not as simple as my hyperbole makes it sound. The point is, we should shift focus away from government surveilling us and towards us surveilling them.
I have a big problem hiring anyone who ever cheated on anything anywhere. Cheating on a test, padding an expense account, driving with a radar detector in the car; they all indicate lack of integrity. I need to be able to trust my co-workers.
Therefore, I'm doubly horrified to contemplate the possibility of false positives. It is very hard to reconcile harsh treatment of cheaters, with the possibility of some being falsely accused without adequate opportunity to defend themselves.
In 1967 I bought a square inch of the Moon for $1 from a street vendor in San Francisco; and I have the deed to prove it.
I was an engineering consultant for 40 years. I'm well familiar with the politics and ethics of engineering studies. Something is fishy here.
The AP says that Wright's firm was hired by three utilities. The web material suggests that it was actually ucaiug.org (an association of both vendors and utilities) Presumably, they financed the security study to expose vulnerabilities so that they could fix them. They did it openly and allowed the report to be published. That's laudable and responsible behavior. It is the opposite of denial and secrecy.
Normally, Wright and his team write the report and the vendors and utilities fix the problems. However, Wright is going pubic in a big way. He, with cooperation from the media, is mongering fear and suggesting that the vendors and utilities don't care about security. He's acting in a way that brings maximum bad publicity to his financial sponsors. That is extraordinary behavior for a consultant. If it was I that hired him, I would feel betrayed.
I really can't tell if he's doing it for shameless and unethical purposes of self promotion, or whether there was a breakdown in relations between the consultant and the clients. Somewhere there is an enormous untold back story.
Why do all these transparency things only apply to the executive branch of government?
I think it should be just as important to the public to know who lobbied which congressman and how as it is to know who talked to the White House about energy policy or heath care.
How about emails? Is there any rational arguments why rules about email archiving and disclosure are different for the different banches.
I'm afraid that the real answer to my question is that Congress always exempts itself from any kind of onerous rule. Just think how angry the public would be if they could read all those blackberry messages sent between members of the same party.
The judicial branch may have better arguments for secrecy, but even there the default rule ought to be openness. Let them argue case by case to exempt different classes of records.
All three branches would argue that public disclosure puts a chilling effect on honest deliberations. True, but all three branches need to deliberate to make decisions. Again, there's no reason to give different treatment to any of the branches.
The news reports say that the cameras were activated in this case plus 42 other cases. If the school is telling the truth they should have documentary evidence of claims of theft or loss for all 43 cases.
If they can document all 43 cases, they're still in hot water. If they can't then they're caught in yet another lie.
You're ignoring the amendment process. We should respect the original intentions of those who wrote and passed the constitution and the amendments.
The constitution has a process that can make it a living document -- add new amendments.
IMO it is wrong to reinterpret it and to expand the power of the government on the pretext authority of the commerce clause or the general welfare clause without going through the trouble of making amendments.
If enough people agree to make an amendment, we can make the constitution say anything at all. If not enough agree, stick to what "we" originally agreed to. It is also wise, IMO, to require a supermajority agree to amendments.
Oh boy! Finally a reason to write a medical prescription for porn.
The cited article said that the sample was taken "just to the east of the plant's condensate water storage tank" That's inside the plant. Then it cited the EPA standard for drinking water.
Those two facts in close conjunction invite everyone to jump to the conclusion that the public gets its drinking water from next to the storage tank inside the plants grounds. In reality the nearest public or privately owned well is probably 5 to 10 miles away.
I remember when I wanted to drill a new well in my yard. The local building code said that it had to be 100 feet from the septic tank drainage field. Wow, only 100 feet!!! Now consider how much five miles of intervening ground will filter.
It is true that 775,000 picocuries per liter is 37 times higher than the limit. It is also true that there is no public health hazard. The devil is in the details, and the critical detail not emphasized in the Washpost article is the separation between the tank and the public.
In recent years European countries have more or less duplicated the Bush administration's warrantless wiretapping. Sweden's FRA law for example. This suggests a trend to levelize security-related laws globally. I sure hope that this action by South Australia is not a harbinger of similar things to come in all developed countries.
Another trend seems to be to negotiate such international cooperation in secret. The ATCA talks for example. Put the trends together and the future of personal freedom seems to be in great jeopardy.
If we want to avoid stupid laws written by uninformed politicians, we need to preemptively provide solutions to cyber-related problems before traditional politicians get involved. We need a body of cyberlaw and cyberlaw enforcement independent of any country or government.
Does any such cyberlaw movement already exist?
The article mentions that safeguards and procedures were ignored. Before calling for new rules, new procedures, new designs, it would be wise to force existing safeguards to be used without exception.
Perhaps a conviction or two for negligent homicide against the doctors, nurses, administrators and vendors might get their attention.
I love the NYT and the WSJ. Every day I find articles there that I wasn't looking for but which greatly educate and inform me. I read the NYT online, and I got a free 39 week print subscription to the WSJ.
I hate paid subscription models for online comment.
So, when NYT raises the pay wall, I'll certainly try to get along without it. I can't say how long I'll last. It will be a waiting game. Who gives in first, the NYT or us?
In the pre-LAN days of the 1980s we used to use terminal servers to connect dumb terminals to the computers. Their purpose was to dish our point-to-point connections on demand.
Once in a while, perhaps due to a power glitch, the terminal servers would drop all connections and then immediately reconnect everyone at random. Users abruptly found themselves in the middle of someone else's session.
Old technology or new, connection errors are bound to happen once in a while.
The true risk here is misplaced confidence. People simplify; errors that happen very rarely are mentally simplified to "never happens." They then become sloppy and unguarded.
In parts of India where customers suffer electric blackouts 4-5 times per day, commerce is so robust that they hardly notice. When a regional blackout happens in a Western country once every 10 years or so, many people are caught unprepared.
Fire departments hold regular drills to maintain preparedness skills. The frequency of real life emergencies is not sufficient. Perhaps the public would be best served by participating in regular Internet drills, but I'm not going to hold my breath waiting for that to happen.