I would call it "Microsoft Windows". From this distance, you can only see a it's Blue Sky Of Death, but maybe some life (i.e. virus, worms and similar) could had evolved there.
Government needs an operating system (and office, database, etc) deployed worldwide owned by a company that fully cooperates with them on planting backdoors or just delaying fixing remote vulnerabilites. In the worst case can always bailout them, no matter how much losses are getting, anyway would be peanuts compared with the banks one.
... is always people. Even if is just by stupidity (like going to one of those meetings with a cellphone), but could be plain malice, double agents or blackmailed "safe" people (and with all the data of the world you have plenty of material to blackmail anyone).
And thats the most worrying thing about NSA and associates snooping, you are getting 5 millon extra vulnerabilities in everything that surrounds all your data.
But in this one you know that the NSA (and associates, around 5 millon people) all have direct access to everything put there. Should be ok if what i put there is public anyway, but for companies and private stuff this should be considered malware (trojan, ransomware, spyware, etc, pick your labels for it).
Is good to reward people that find security holes, at the very least because is a safer bet than selling them in the black market, or keeping them for yourself or the government to exploit them. But it should not be a replacement for actually having dedicated people activelly working for your security that will report to you if something weird is there, some could actually go to the black market (or be found by government teams and never disclosed that it is there because is an useful cyberweapon) and you must be proactive from your side
Security researches can't do reverse engineering or publish too soon what they find, at least if they are working in the open (think that don't applies to black hats). Government, in the other hand, have first hand the information of exploits far before is patched, or even could get intentional backdoors in commercial software.
Anyway, patching a bug won't remove the already put backdoor in that computer, unless you do a clean reinstall after those bugs are fixed.
And if they figure a more or less safe way to make even more profit with the information they are gathering, they will, no matter how much people, companies gets hurt by that.
They are at the bottom of the chain of watchers, so are watched too. But they know that if they want to take advantage of this and gets noticed, well, they should fly to Taiwan, and then get luckier than Snowden, that at least wasn't a criminal like them. Of course, the higher levels of the chain are unwatched, but they win enough in a way or another.
Seems consistent with this story. And that is just the tip of the iceberg. The only thing that you are wrong is assuming accounting for what government "invest" in cyberwar.
This is about population control, not hypotetical enemies. You critizice something the government or any of their protegees do, then you are a potential threat, no matter how fair or obvious is your critic or complaint. And anything they collect could be used to silence you.
In the plus side, is a good way to make everyone agree.
That would be as using a "telnet like" client command for http 2.0, don't feel as the same as directly telnetting without nothing in the middle with their own potential problems/bugs/warnings/etc doing a translation (other than the stack tcp/ip, of course).
Considering that most of http should go now to port 443 (and with perfect forward secrecy, to make it harder), and that is a bit more complex to debug it by telnet, it could not be a great loss.
Anyway, will miss the good times when telnetting to port 80, 25, 110 and so on were common debugging tool.
Is about dynamics. Add heat to a system and you should think that particles should move faster, and even if some of them move slower, should be very few and not able to be noticed in the big trend. While you have a culture where the ultimate goods are money and power the trends just go in one direction. And the power is accumulated enough to reach the critical mass to avoid any kind of potential threat, with worldwide surveillance and more active methods.
Could be hope in changing the global culture, but the push is too big in the wrong direction. Maybe something big and widespread enough (yellowstone, antarctic ice melting, a big pandemy) could change things, but nothing coming from people in the short/middle term will fix the mess we are into.
$823,000 for the security contractor that adviced them to do that destruction? I know that for police not having high IQ is a requirement, but seems that the standards are even lower in other places.
Because mobile is the next big platform, and must have presence there to keep being relevant? Because none of the 2/3 main mobile platforms are truly open? Because their vision is open web everywhere? You don't need specifically Firefox OS to access that marketplace.
If/When those leaks are found they probably will be fixed (those devels "wasting their time" are users too), but there is a lot of people working in a lot of areas.
Considering that you have between 500.000 and 5 millons "Snowden-style" external people with probably full access to all your organization data (that will do anything they want because they surely respect you), everyone have a far bigger problem than internal employees.
And retiring trust in them would not make them more loyal. Maybe the US can push the strategy of creating enemies to grab power because they will exist after that, but for me is an approach unsustainable in the long term and with very high cost. The right measures are not technical, is not that you will be fast enough to dodge bullets, but that you wouldn't have to.
Corporations don't kill so much people. They just corrupt their governments so they do the dirty work for them. Or just blackmail them, having access to most of world's private mail surely makes it easy.
And maybe more important: even if there is a hardware tracking software, you don't want it. Not only is sharing your location to others without your consent, maybe is sharing more than that.
In any case, a cron script that send you just a mail every N minutes (and if having some supporting hardware, your gps coordinates, a picture of the front camera, etc) will be enough to give a hint of what happened with it before the OS gets reinstalled.
There is a difference between speculating and knowing. Maybe takes time to dig thru gigabytes of information, or decided to release it not all at once to let people assimilate all of it. But is highly possible that had first hand access to that information.
Also, "for a field that is compartmentalized".... maybe really a lot (half a millon? 5 millon? at that range don't matter anymore) of people had access to all that information, or at least all your information, that surely used it in a totally responsible way. Don't fall into the survivorship bias, don't focus in the visible Snowden, but in all the others that had the same access and could had used all that information in other ways.
Slashdot Mirror
I would call it "Microsoft Windows". From this distance, you can only see a it's Blue Sky Of Death, but maybe some life (i.e. virus, worms and similar) could had evolved there.
With the surface area of those rotors gathering solar power (even when not flying) this could be a good combo for solar/human powered device.
Government needs an operating system (and office, database, etc) deployed worldwide owned by a company that fully cooperates with them on planting backdoors or just delaying fixing remote vulnerabilites. In the worst case can always bailout them, no matter how much losses are getting, anyway would be peanuts compared with the banks one.
The chairs will be saved (Ballmer actually have an use for them), is the people the one that will sink.
... is always people. Even if is just by stupidity (like going to one of those meetings with a cellphone), but could be plain malice, double agents or blackmailed "safe" people (and with all the data of the world you have plenty of material to blackmail anyone).
And thats the most worrying thing about NSA and associates snooping, you are getting 5 millon extra vulnerabilities in everything that surrounds all your data.
But in this one you know that the NSA (and associates, around 5 millon people) all have direct access to everything put there. Should be ok if what i put there is public anyway, but for companies and private stuff this should be considered malware (trojan, ransomware, spyware, etc, pick your labels for it).
Along with UK veto'd the discussion of NSA spying without informing their population, wiretapped Russia, and we know what they did with Assange and Pirate Bay. From a country that used to be proud of its defense of human rights the path to the bottom was pretty fast.
Is good to reward people that find security holes, at the very least because is a safer bet than selling them in the black market, or keeping them for yourself or the government to exploit them. But it should not be a replacement for actually having dedicated people activelly working for your security that will report to you if something weird is there, some could actually go to the black market (or be found by government teams and never disclosed that it is there because is an useful cyberweapon) and you must be proactive from your side
Check the Dead Sea in the Middle East, 423 meters below sea level,
Security researches can't do reverse engineering or publish too soon what they find, at least if they are working in the open (think that don't applies to black hats). Government, in the other hand, have first hand the information of exploits far before is patched, or even could get intentional backdoors in commercial software.
Anyway, patching a bug won't remove the already put backdoor in that computer, unless you do a clean reinstall after those bugs are fixed.
And if they figure a more or less safe way to make even more profit with the information they are gathering, they will, no matter how much people, companies gets hurt by that.
They are at the bottom of the chain of watchers, so are watched too. But they know that if they want to take advantage of this and gets noticed, well, they should fly to Taiwan, and then get luckier than Snowden, that at least wasn't a criminal like them. Of course, the higher levels of the chain are unwatched, but they win enough in a way or another.
Seems consistent with this story. And that is just the tip of the iceberg. The only thing that you are wrong is assuming accounting for what government "invest" in cyberwar.
This is about population control, not hypotetical enemies. You critizice something the government or any of their protegees do, then you are a potential threat, no matter how fair or obvious is your critic or complaint. And anything they collect could be used to silence you.
In the plus side, is a good way to make everyone agree.
That would be as using a "telnet like" client command for http 2.0, don't feel as the same as directly telnetting without nothing in the middle with their own potential problems/bugs/warnings/etc doing a translation (other than the stack tcp/ip, of course).
Considering that most of http should go now to port 443 (and with perfect forward secrecy, to make it harder), and that is a bit more complex to debug it by telnet, it could not be a great loss.
Anyway, will miss the good times when telnetting to port 80, 25, 110 and so on were common debugging tool.
Is about dynamics. Add heat to a system and you should think that particles should move faster, and even if some of them move slower, should be very few and not able to be noticed in the big trend. While you have a culture where the ultimate goods are money and power the trends just go in one direction. And the power is accumulated enough to reach the critical mass to avoid any kind of potential threat, with worldwide surveillance and more active methods.
Could be hope in changing the global culture, but the push is too big in the wrong direction. Maybe something big and widespread enough (yellowstone, antarctic ice melting, a big pandemy) could change things, but nothing coming from people in the short/middle term will fix the mess we are into.
$823,000 for the security contractor that adviced them to do that destruction? I know that for police not having high IQ is a requirement, but seems that the standards are even lower in other places.
Because mobile is the next big platform, and must have presence there to keep being relevant? Because none of the 2/3 main mobile platforms are truly open? Because their vision is open web everywhere? You don't need specifically Firefox OS to access that marketplace.
If/When those leaks are found they probably will be fixed (those devels "wasting their time" are users too), but there is a lot of people working in a lot of areas.
Considering that you have between 500.000 and 5 millons "Snowden-style" external people with probably full access to all your organization data (that will do anything they want because they surely respect you), everyone have a far bigger problem than internal employees.
And retiring trust in them would not make them more loyal. Maybe the US can push the strategy of creating enemies to grab power because they will exist after that, but for me is an approach unsustainable in the long term and with very high cost. The right measures are not technical, is not that you will be fast enough to dodge bullets, but that you wouldn't have to.
If you suggest that he will be target of a drone strike no matter where he is, you are very wrong about who is the indecent there. Anyway, we already know how indecent is the US government regarding drones, so you missed one big motivation in your list.
Corporations don't kill so much people. They just corrupt their governments so they do the dirty work for them. Or just blackmail them, having access to most of world's private mail surely makes it easy.
Could be a republic for you, at least if you are named Lester. Else you just agree with who the Lesters previously choose.
And maybe more important: even if there is a hardware tracking software, you don't want it. Not only is sharing your location to others without your consent, maybe is sharing more than that.
In any case, a cron script that send you just a mail every N minutes (and if having some supporting hardware, your gps coordinates, a picture of the front camera, etc) will be enough to give a hint of what happened with it before the OS gets reinstalled.
There is a difference between speculating and knowing. Maybe takes time to dig thru gigabytes of information, or decided to release it not all at once to let people assimilate all of it. But is highly possible that had first hand access to that information.
Also, "for a field that is compartmentalized".... maybe really a lot (half a millon? 5 millon? at that range don't matter anymore) of people had access to all that information, or at least all your information, that surely used it in a totally responsible way. Don't fall into the survivorship bias, don't focus in the visible Snowden, but in all the others that had the same access and could had used all that information in other ways.