A couple of weeks ago I read an article about an airline that was considering replacing some of the cargo space on passenger flights with actual bunk beds. The idea was that there would be a spiral staircase down from the seating deck to a bay with a small number of full-sized beds for people who wanted to use them. The frame containing these "bedrooms" would itself be modular, such that the airline could remove them and replace them with regular freight containers when they needed to do so.
The article I saw didn't go in to details of the way that pressurisation would be handled - I may be wrong but I always thought that cargo spaces, even on commercial airlines, were not pressurised.
But there are definitely plans out there to be able to send you as air freight!!!
I'm repeating myself with this comment, but I think it does bear repeating. The right to repair is not simply the "right to repair", but also the "right to upgrade".
One of the biggest issues with modern consumer electronics has been the shift towards devices in which the owner is actively discouraged from attempting to upgrade when a device reaches capacity or fails to perform adequately, in favour of buying a new machine from the vendor.
This covers a broad range of technology, from laptops and portable computers (where a tech-savvy user might like to upgrade RAM, storage and/or battery units), through desktop PCs, mobile phones, all types of personal transportation, but especially cars, trucks and motorcycles. Indeed, as computing power and technology becomes more prevalent, so the right to repair and upgrade becomes more important.
Manufacturers are going to argue that (for example) components soldered to motherboards are inherently more reliable than socketed or cabled components, since the soldered approach can reduce the chance of "dry joints". But that is a false claim. For a start, manufacturing has reached a level of sophistication where this sort of risk can be "designed out" with good component layout. More importantly, though, shouldn't we be able to choose?
Agreed... and sorry if my earlier comment was too abstract, but I was thinking of this in the context of, specifically, "many eyes make all bugs shallow" and the fact that, of course, any form of vulnerability scanner [static or dynamic] is the equivalent of "many eyes".
The question for me, though, would be to determine whether commercial software shops, by virtue of having a budget to spend on this sort of thing, can now "buy" better bug identification capabilities.
I'm starting to think there are no hard or fast rules to that. Two of my personal Windows 10 Pro/64 systems have just auto-updated to the latest major update and both have been completely trashed. Interestingly, the same two machines were trashed by the March update earlier this year and in both cases the symptoms are *exactly* the same. So even a company like Microsoft, with literally billions to spend and supposedly one of the best developer work streams money can buy, can still ship bug-ridden code. In my case the issues seemed to be GPU related, so I spoke with the retailer of my card and the vendor of my card and both tell me that they are drowning in issues as a result of the latest update.
So maybe one of the more important factors with respect to code vulnerability is "pressure to release"?
I think there are a couple of aspects to this that might be a bit off the beaten track of threads posted so far...
The first is that we need to think about like-for-like comparisons. When these observations were initially made, 20 years ago, how many projects [either closed source or open source] were using automated source code scanning solutions? i.e. technology specifically written to parse code for flaws?
In other words, 20 years ago the "landscape" was likely to be close to "even". Today, however, many commercial software development shops use vulnerability scanning solutions and/or routinely conduct binary scans of resultant code. Today, many commercial development shops use automated test harnesses for load testing and regression testing. It is fantastic that they do. They do this because they can afford to and because the rapid advancement of this sort of technology has made it possible. Twenty years ago? Not so much.
This would suggest that we might start to see a difference in post-production bugs between Open Source and Commercial/Closed Source software where the development environments differ between these two operating models.
The second observation would be far more tenuous. In the same 20 year period, we have seen many different programming languages "come and go". Obviously the more established platforms (COBOL, C, C++, JAVA) continue to be popular, but this, too, brings differences in bug reports. The longer a language has been in existence, the more mature development becomes, the more libraries become available, the more skilled developers become in preventing even the more obscure bugs.
I don't have access to the data [and wouldn't know where to look for it, tbh] but I think it would be easy to graph out "average number of vulnerabilities per thousand lines of code" - i.e. defect density - over a 5, 10 or even 20-year period of language use. It would be reassuring to see if that trended down - but even more interesting [and worrying] if it didn't.
A while back I went looking to see if there were any "big rules" about different programming languages being more or less prone to vulnerabilities than others. I had read [maybe 25 years ago] that Ada was once thought of being a language with very few bugs. The theory was that it's compiler was so strict that if you could get your code to compile, it would probably run just fine. I was really surprised to learn that although there had been a few studies, there didn't seem to be any emergent evidence to suggest that there were differences between languages. I was surprised because my ignorance had suggested to me that helpful and/or heavily typed languages would be less bug-prone that more relaxed ones - i.e. that JAVA would have a lower defect density than C. Apparently [and I'd be happy for anyone to correct me] the evidence does not support this.
Sorry that this is trending away from the original question, but I think that context is absolutely crucial to get to a good answer to the original post - and that we would find that, like forecasting the weather, it would be pretty hard to do...
I think we can accept part of the linked article - that pigments have been identified in very old rocks.
However, the phys.org piece then seems to claim that this is somehow "pigmentation", inferring that this is an aesthetic feature of the life form at the time. There is no suggestion that these life forms had developed organs capable of what we recognise today as "sight".
The simple fact is that chemicals generate colours. Copper sulphate solution? It's a cyan-blue. Potassium Permanganate solution? Tha's purple. But copper sulphate isn't blue for aesthetic reasons, it's blue because of the way that light interacts with the molecular structure of the compound. It is a direct result of the physical properties of the compound in question.
Treating this as though it were somehow a remarkable discovery is complete nonsense. We know that chemical reactions - inorganic as well as organic - produce compounds of given colours and pigments. I can put chunks of metallic copper in to sulphuric acid and get blue copper sulphate, but that isn't some pigment created by a life form. That's just chemistry.
In other words, what this article is establishing is not some aesthetic pigment produced by an ancient life form. It is, instead, identifying a potential range of chemical processes that the life forms could have used as part of their metabolism. Well, having a metabolism is one of the identifiable features of "life". It doesn't imply that the "colours" that result come from anything beyond that basic chemistry.
Unfortunately, it would be dangerous and misguided to consider this question solely from the perspective of "Can you trust Facebook?" or "Can you trust Google?"
The reason for this is simply because of the legislative framework under which any company incorporated in the United States [and similar controls apply in other countries - this is by no means a US-centric issue] are legally obliged to operate.
For example, the US Government can issue an "NSL" - National Security Letter to any US Company and that company is legally obliged to cooperate and legally prohibited from even admitting that they have received such an NSL. In the UK the equivalent notification is the "D-Notice", and disclosure of being under the direction of a D-Notice can be considered a breach of the Official Secrets Act, which carries some very strong punishments indeed.
The second reason that it is important to understand context concerns what we already know.
Disclosures from Edward Snowden have taught us that:-
1. Physical modifications have in the past been made to equipment from Cisco systems between that equipment being released by the factory and arriving with the client.
2. Systems have been compromised by specially-made USB cables, which included micro-transmitters that gave access to agents operating using a "remote control device" the size of a briefcase, from a range of up to 8km.
3. etc...
Does this suddenly mean that all (US/UK/Australian/Canadian/New Zealand) companies are suddenly to be considered untrustworthy? No, of course not. It just means that you have to walk into business relationships with all parties [no matter the country of origin] with your eyes open.
Aaron Levine is right to be concerned, but the issue isn't "Google" or "Facebook" alone, it is the fact that any company to whom you give data can be compelled to give up that data to the government under which that company is incorporated. And from the perspective of the government in question, it is far cheaper to get some commercial entity to do all the hard work, then subpoena it for next-to-nothing, than it is to spend a fortune attempting direct connection...
One of the big issues with restrictive access to web content concerns video. There are so many sites [MSNBC, CNN, Top Gear, others] where Firefox simply doesn't work, yet pretty much everything on YouTube does.
I think this is simply a case of lack of support for HTML5 standards. Well, that and the fact that it also locks out the non-Windows, non-Mac community.
Good to see that all those tax dollars we put towards anti-trust protections for citizens are well spent...
It is too early to tell [and, I am not a lawyer], but there are aspects of this story which may well fall foul of the new General Data Protection Regulation from the EU, or, perhaps, the related law just passed in California.
Among the key principles of the GDPR are concepts such as the "Lawful Basis for Processing" and "Consent"...
Here, the parent is suggesting that because Amazon is the platform on which people make purchases, "Amazon knows what you actually buy" and therefore this gives Amazon the ability to better target advertisements. However, the GDPR "Lawful Basis for Processing" helps to limit the way that companies can use [or abuse] data about us. There are six categories for the Lawful Basis for Processing:-
1. For the legitimate interests of a data controller or a third party, unless these interests are overridden by the Charter of Fundamental Rights (especially in the case of children).
2. To perform a task in the public interest or in official authority.
3. To comply with a data controller's legal obligations.
4. To fulfill contractual obligations with a data subject.
5. To perform tasks at the request of a data subject who is in the process of entering into a contract with a data controller.
6. To protect the vital interests of a data subject or another person.
Amazon are going to have to rely entirely upon the first of these if they want to use our shopping data to be able to serve tailored advertisements. But here's the rub - is it a valid "legitimate interest" for Amazon, a retail shopping platform, to have the right to serve tailored advertisements? [ And: you need to think beyond the concept that, well, they do this already on their platform - because what has changed is the law. Taking data from the public for one claimed purpose and then using it for another purpose is not legal any more...]
I haven't checked the detail of the recent California legislation, but it seems to me that the GDPR was conceived and enacted to stop exactly this sort of mega-corporation abuse of our personal data, even if that personal data is just our shopping habits.
And the frustrating thing would be [at least in the case of graphics cards] a handful of very sternly worded letters to the likes of nVidia and AMD and maybe even Intel, basically putting them on notice and demanding transparency in terms of things like the amount of raw materials and/or components being purchased, prices being paid, volumes being manufactured and prices being charged...
It wouldn't even take the regulators a large amount of time to spin up a massive monitoring program - all it would take would be the threat of legal action to remind them to play by the rules.
The business-friendly governments and the completely ineffective regulators won't even do that.
This just in from the check-your-facts department: In writing the headline and the OP for this particular linked news article, slashdot have mis-read the linked article.
What the HotHardware piece actually saysis:-
"According to Taipei industry publication DigiTimes, there has been a definite "mining chill" that's going to positively affect GPU pricing, with its sources claiming a drop of "around 20%" in July. That's significant, and should hopefully mean that more GPUs can be had at their actual MSRP, or perhaps even a bit under soon enough (remember when sub-MSRP prices were common?)."
Well, we're in July now [albeit only just]. I've checked my preferred GPU retail channels and... no. In fact, there are small month-on-month prices increases, not price drops.
Sadly, then, this would appear to be the case of hoped-for or planned-for price cuts. The article most certainly does not cite any real-world examples - and my cursory checking suggests that none exist - yet.
I think you'll find that in this case the circumstances were:-
1. A company ran a quiz which was hosted on Facebook, with Facebook's permission.
2. The same company then, also with Facebook's permission, exported a whole stack of data, from Facebook, to a.n.other web site.
3. Then the a.n.other web site, which was insecure, exposed all the data from Facebook users.
I understand why you might wonder, "Is that Facebook's problem?" and the answer is that Facebook has what is legally known as a "duty of care" [which originates from tort law] and which basically says that because this process was originally hosted by Facebook, so they had a duty of care to ensure that the data that was collected was not irresponsibly exposed.
To be fair, the law is going to hit a "grey area" when it comes to the point at which FB ended their responsibility to oversee the data. For example, once the transfer had completed and it was no longer in their legal custody, a court might accept that responsibility had ended. But there are exceptions - such as whether the transfer mechanism was encrypted or not [which would turn on whether the information included "Personally Identifying Information" and so on.
There's also the question of whether or not quiz participants were clearly told that their answers would be exported off of FB's site, used by a third party, etc. Or whether it was simply a case of "Try this fun quiz!" The conditions surrounding the way in which they quiz was presented to participants would likely turn on FB's own "Code of Conduct" or "Terms of Service", so although you are technically correct to say, "But the data was stolen from some other ransom server. Why are FB responsible for that?" the answer might be a subtle one, along the lines of:- "Well, FB are responsible for allowing the data to be exported to that server in the first place..."
None of this answer is based on either certainty of the facts; I have no inside knowledge of the scenario... Just trying to extrapolate from what's being publicly reported...
Hopefully we've reached a point where anyone old enough to buy tobacco understands that it kills, that it causes lunch cancer, throat cancer, hardens arteries, kills taste buds and is generally not very pleasant. Apparently, it's also highly addictive.
Yet, dangerous as it is - and as widely as that danger is understood - people still smoke.
In a similar way, Facebook is just as harmful. Although the fact that it's now widely understood that it can kill your privacy, a frightening number of users remain in either ignorance or denial of the way that it can harm their lives.
Here are some [known, established examples] of the way that your Facebook profile can harm you:-
- If you apply for a job today, many employers will search your FB profile to get an idea of your "maturity" and behaviours.
- If you apply for health insurance or similar, companies will search your profile for evidence of you smoking, drinking to excess, participating in high-risk sports, etc.
- If you apply for a credit card or loan, banks will search your network of friends for any with bad credit histories, criminal convictions or other "red flags".
- If you "pull a 'sickie'" and call in to work sick, companies will search your social media profiles for activity on those days
- on and on and on...
Here's the bottom line:-
Very few people smoke and experience no ill effects
Most smokers suffer illnesses, compromised immune systems, shortness of breath, lack of fitness and die earlier than non-smokers
Quite a few smokers contract serious illnesses, including cancers, and experience abnormally premature death
Face book is like that:-
Very few Facebook users will be able to access the platform with no ill effects on their lives
Most users will experience ill-effects, although they may not even be aware of it happening. Credit cards might charge a bit more; job applications might be unsuccessful, that sort of thing.
And a smaller but unknown number of Facebook users could experience serious ill-effects from use of the platform, although, I'd concede, these are people who do something a little foolish like post to say they are overseas on holiday and then get back to find their home has been burgled...
Just to be clear, I'm not suggesting that Facebook are directly degrading people's lives. Rather, they are selling access to your data to other companies that can degrade your life.
Bottom line?
If you don't want ill-effects, don't use it. Just say no.
I've no axe to grind when it comes to Ticketmaster. Never used their services.
However, if companies are going to wake up to the importance of protecting the data they collect so voraciously, they need a good incentive to do so. Much as Ticketmaster won't like this, one useful way of approaching this would be that, if it can be shown that they were negligent, then to levy the absolute maximum that the GDPR will allow (4% of global turnover?) as a fine.
Sadly, the only way that companies will even think of taking the privacy of our data seriously is when it hits their share price and the performance bonuses as paid to their directors. When we make it absolutely, unmistakeably, crystal clear that loss of data like this will earn the maximum in fines, we might start to see companies taking our data a bit more seriously.
"The app is intended to collect information about the source of new game installs, and details about the gamer."
But hang on a moment... if the game is being installed via Steam [and, it has to be packaged up by Steam for delivery from their infrastructure], all of that information - and more - is available directly back to the game developer via Steam themselves. Those of us who play games via Steam know this "going in".
And as this page shows, one of the ways that RedShell works is to link your web browsing identity with your gaming identity and then have the ability to use that to back-track your activity across the internet.
There is absolutely zero justification for this.
The second part of the lie concerns not that this is being done, but the way that it is happening. If a game studio wanted to use this sort of technology to monitor activities associated with their game [which I do not believe is inherently wrong], then it would not be difficult for them to create a folder in the game's installed file tree designated "Uploaded Data" and to place in this folder a complete and true copy of data sent to back to them. It would have to be done after the upload - or at least, done in such a way that the gamer could not alter the data before it was sent - but at least this would be honest.
If a game manufacturer put a clear warning in their packaging: "This game will send telemetry to us when you play it. For details of the data elements sent, and instructions on how to verify this for yourself, please see the Appendix of this User Guide", I dare say that this scandal would not have happened.
It is the fact that companies think that they can "get away with this" by not telling people that pours fuel on the fire that this could easily be used for much more malicious purposes than are being discussed here.
One final thought/question: are there patterns in the data here? Are these sorts of underhand activities associated more with game studios or with publishers? It seems to me that although the studio rightly gets the bad reputation, the choice to add this sort of spyware - and let's make no mistake, that's what this is - could easily be "encouraged" by a publisher. After all, it's the publisher in this sordid tale that tends to be the one most interested in understanding games sales. If there is such a pattern, is it time to start vocal boycotts?
It seems to me that the only way to get through to these companies is to hit them where it hurts: their wallets.
Let's not forget, actual physical cash is essential, in a modern society, as back-stops to underpin two of the things we tell eachother we value: privacy and freedom.
Without cash, we are forced to compromise our privacy. Want to buy a birthday gift for a loved one that cannot be traced? Want to make a donation to a cause you care about, but do so anonymously? What to give something to that homeless person so they can get a hot meal? You need cash for all of these things.
Without cash, we are forced to compromise our freedom. [ And yes, I know this is a large chunk of "The Net", but it doesn't make it less true]. Want to be able to function in the face of a technological meltdown at your bank? [ Just look at what has just been happening to TSB customers in the UK recently ].
Any attempt to take away cash is an attempt to take away both privacy and freedom. It is the beginning of a slippery slope that leads to a very dark place indeed...
I don't disagree with you, but this raises a question.
Marcus Hutchins is a UK citizen, facing US justice. Can he legally take the 5th? Does the 5th Amendment of the US Constitution extend to apply to anyone charged under US law, or does it just apply to US citizens charged under US law?
One way to think about this would be to consider the reciprocal. If a US citizen were charged in the UK under UK law, could that citizen claim the right to silence courtesy of the 5th Amendment? I don't think they could. That doesn't mean that Marcus can claim the 5th under US Law.
Very interested if anyone qualified to give a perspective on US law can chip in...
According to this one random web site I chose from a Google search, Forrester Research estimated that there were in excess of two billion active PCs in the world by the end of 2015. That's more than 2 years ago.
This is probably an unfair calculation [though no less fair than the BSA's rubbish] but if you estimated that, on average, each person in the 22,500 survey pool had, say, 5 PCs [it was stated that this sample pool was a mix of personal and business users], then the number of people surveyed for this report amount to 0.005625% of the entire global population of PC users.
Five thousands of one percent.
Extrapolated up and used as the basis for a report from the BSA? If you were a scientist of any field that included the use of statistical analysis and you published a report based on a sample size of five thousands of one percent of the likely total pool, would you expect your analysis to be taken seriously?
If you look at pages 17 through 19 (inclusive, of the actual report), you'll find some very fine prose that the BSA use to describe the methodology they follow for determining the amount of unlicensed software.
It's utter garbage.
It's about as accurate as a weather forecast could be. It contains English-language "formulae" such as:-
Unlicensed Rate = Unlicensed Software Units / Total Software Units Installed
and
Total Software Units Installed = #PCs Getting Software x Software Units per PC
Just look at that second formula for a moment. This is an approximation at best. But the absolute worst part of the report is the part in which the BSA explain how they get these numbers. This is, in fact, done for them by IDC. And here is the methodology:-
A key component of the BSA Global Software Survey is a global survey of more than 22,500 home and enterprise PC users, conducted by IDC in November 2017. The survey was conducted online or by phone in 32 markets that make up a globally representative sample of geographies, levels of IT sophistication and geographic and cultural diversity.......... Respondents are asked how many software packages, and what type, were installed on their PC in the previous year; what percentage were new or upgrades; whether they came with the computers or not; and whether they were installed on a new computer or one acquired prior to 2017..."
So let's just translate that.
1. This survey was based on evidence from a telephone survey.
2. People were called and asked to accurately remember what software had been installed on a computer in the preceding 12 months.
3. The result of a survey of 22,500 people was then extrapolated up to represent the entire world's software piracy problem.
We need to remember that this sort of document gets handed around the halls of government and shown to policy makers; the poor data samples, invalid questions, wild speculations, and sloppy calculations that form the heart of this paper then get used as the basis for legislation. Don't get me wrong - software piracy is wrong. With so much fabulous free and open source software available, there really is no excuse for it any more.
But it's important to remember that this sort of paper is going to be used to argue for ever-more Draconian laws which will restrict the freedoms of ordinary computer users. It's really important that documents like this get properly challenged and that legislators are left clearly understanding that this report belongs in the fiction section of the bookshop...
This is going back a bit, but the 5GHz threshold is important for another reason... I'm trying to find the exact reference, but back around the time that AMD first released the Athlon CPU, I recall someone from the technology press writing an article which extrapolated what would happen to processor TDPs as clock speeds increased. Obviously we have to bear in mind that die shrinks and improved lithography, better materials and the like all help to drive up the performance-per-watt scale, but this magazine projected that if CPUs [of the day] were ever to scale up to 5GHz, then the thermal-output-per-square inch, extrapolated from the CPU die size, would actually exceed what is found inside a fully-active nuclear reactor.
The amazing thing, then, is not simply that Intel have managed to ship a 5GHz part, but they have done so whilst essentially keeping the thermal profile of the chips more-or-less uniform for a good part of the last few years. In some ways this thermal efficiency is even more impressive than the outright clock speed; it talks to the materials science, packaging design and overall cooling effectiveness, that we've now come to expect from our current crop of processors.
I have no knowledge of the internal configuration or architecture of Apple's App Store, but perhaps there is an explanation to be found there. Perhaps Apple has a mechanism to "freeze" an Application in the store [which might explain why updates are not surfacing] but can only do this globally, as opposed to just within one country or legal jurisdiction?
I think the implied situation, namely that the Russian government challenges the use of an Apple application and somehow has the ability to persuade Apple to disable it world-wide, just seems too far-fetched.
Or maybe the issue is human error - someone inside Apple was asked to disable availability of Telegram for users with Russian IP addresses, but somehow applied the restriction globally, by mistake?
Key point being that this is far less likely to be conspiracy fodder and far more likely to be a snafu.
Might be worth pointing out that there is a good chance that these practices are illegal in certain parts of the world.
For example, although the EU has garnered a lot of publicity recently for the General Data Protection Regulation (which came in to effect 5/25), location tracking applications have run the risk of breaching EU law for at least he last two years. As this article shows, the main reason this practice falls foul of EU law is that the actual tracking/location determination takes place without user consent.
There are certain advertising agencies, such as Outbrain and Tamboola which embed click-bait content in sites (I'm looking at you, Slashdot) and which track their users via geolocation data they harvest from ISPs. This practice is likely illegal, at least in the EU.
We can only hope that US lawmakers are willing to take a similar stand...
Terry, I absolutey DON'T trust the FBI. Not in the slightest. I'm well aware of J. Edgar Hoover, the "Reds Under The Beds" and the witch-hunts.
But the way I've looked at this, by my reckoning the FBI are the "Lesser of Two Evils". This is because the FBI are still subject to oversight. If they get unruly or step out of line, there is constitutional protection in the form of sanctions... However, if you look at what Trump is doing, he's basically undermining the primary institutions of law enforcement of the United States. Which leaves what?... The President... [ Yes, I'm sure someone will say, "Don't forget about Congress". But just look at the way this partisan Congress has gleefully joined in helping the President undermine the DoJ and FBI].
Make no mistake... This is the most dangerous time for the United States since independence was declared.
Terry, I appreciate you taking the time to respond, but from where I look at this, I think you entirely missed the purpose of my previous post.
An anonymous coward made some factually incorrect statements with respect to the Mueller-led investigation, including the claim that, "not a single person..." {has been} "...charged with anything." . My response was an attempt to show that the anonymous comment was factually wrong, by listing some of the charges made [and corresponding guilty pleas secured ] as a direct result of the Mueller investigation.
That's it.
But the thing I think we both need to bear in mind is that, ultimately, the most serious of any charges likely to come as a result of the investigation won't be released on an interim basis. The most serious will form the basis of the ultimate report, that Mueller will pass back to Rod Rosenstein. Consequently, anything else we care to mention on the topic is little more than speculation at this point.
I'm not going to try and argue that you are in any way wrong with your response. Just that it we're talking about two very different things.
And your experience is, in essence, the *really* important point here. The FBI face several problems, one of their own making:-
1. They are being treated like grade-schoolers, and given scores and metrics and told they must compete with other agencies...
2. Part of the reason for 1., above, is because they are also now in a turf war with other agencies, such as the DHS. Lines are blurred, it isn't clear who has jurisdiction over what any more.
3. The introduction of these turf wars and competition for budgets has a habit of permeating in to other aspects of an organisation. Pretty soon, everyone is being measured and quantified. Managers and employees who play these games do well; those that don't fail.
4. Before you know where you are, you have a situation in which the Head of the FBI will find that they personally are being performance-assessed based on the conduct of their entire agency, with stupid metrics that fail take in to account the changing nature of both crime and law enforcement, or the complications of multi-jurisdictional operations...
5. To make it even more fun, you've then got the fact that "law and order" have become a political football, with politicians of all stripes deriding the failures of their opponents and declaring that they will be "tough on crime, tough on the causes of crime" - and to support this, well by golly they want metrics and statistics and "proof" that their governance of the FBI was better than the last bunch in office.
And before you know where you are, the Head of the FBI spends half their time being a political football and the other half their time compiling metrics for asinine politicians who don't understand what they're doing. [I'm being polite].
And the real tragedy here is that when the FBI tried to compel Apple to hand over the master keys to iPhone encryption, when former Director Comey told everyone how "essential" that was to law enforcement, they were lying and being economical with the truth. Those lies serve to erode the trust that the public needs to have in the FBI. In one sense I think Comey got his come-uppance, got exactly what he deserved. In another sense I am probably more concerned with having Comey as head of the FBI than having a President who simply fires people who disagree with him. The former leads to a breakdown in public trust in the law. The latter leads to tyranny.
Slashdot Mirror
A couple of weeks ago I read an article about an airline that was considering replacing some of the cargo space on passenger flights with actual bunk beds. The idea was that there would be a spiral staircase down from the seating deck to a bay with a small number of full-sized beds for people who wanted to use them. The frame containing these "bedrooms" would itself be modular, such that the airline could remove them and replace them with regular freight containers when they needed to do so.
The article I saw didn't go in to details of the way that pressurisation would be handled - I may be wrong but I always thought that cargo spaces, even on commercial airlines, were not pressurised.
But there are definitely plans out there to be able to send you as air freight!!!
I'm repeating myself with this comment, but I think it does bear repeating. The right to repair is not simply the "right to repair", but also the "right to upgrade".
One of the biggest issues with modern consumer electronics has been the shift towards devices in which the owner is actively discouraged from attempting to upgrade when a device reaches capacity or fails to perform adequately, in favour of buying a new machine from the vendor.
This covers a broad range of technology, from laptops and portable computers (where a tech-savvy user might like to upgrade RAM, storage and/or battery units), through desktop PCs, mobile phones, all types of personal transportation, but especially cars, trucks and motorcycles. Indeed, as computing power and technology becomes more prevalent, so the right to repair and upgrade becomes more important.
Manufacturers are going to argue that (for example) components soldered to motherboards are inherently more reliable than socketed or cabled components, since the soldered approach can reduce the chance of "dry joints". But that is a false claim. For a start, manufacturing has reached a level of sophistication where this sort of risk can be "designed out" with good component layout. More importantly, though, shouldn't we be able to choose?
Agreed... and sorry if my earlier comment was too abstract, but I was thinking of this in the context of, specifically, "many eyes make all bugs shallow" and the fact that, of course, any form of vulnerability scanner [static or dynamic] is the equivalent of "many eyes".
The question for me, though, would be to determine whether commercial software shops, by virtue of having a budget to spend on this sort of thing, can now "buy" better bug identification capabilities.
I'm starting to think there are no hard or fast rules to that. Two of my personal Windows 10 Pro/64 systems have just auto-updated to the latest major update and both have been completely trashed. Interestingly, the same two machines were trashed by the March update earlier this year and in both cases the symptoms are *exactly* the same. So even a company like Microsoft, with literally billions to spend and supposedly one of the best developer work streams money can buy, can still ship bug-ridden code. In my case the issues seemed to be GPU related, so I spoke with the retailer of my card and the vendor of my card and both tell me that they are drowning in issues as a result of the latest update.
So maybe one of the more important factors with respect to code vulnerability is "pressure to release"?
I think there are a couple of aspects to this that might be a bit off the beaten track of threads posted so far...
The first is that we need to think about like-for-like comparisons. When these observations were initially made, 20 years ago, how many projects [either closed source or open source] were using automated source code scanning solutions? i.e. technology specifically written to parse code for flaws?
In other words, 20 years ago the "landscape" was likely to be close to "even". Today, however, many commercial software development shops use vulnerability scanning solutions and/or routinely conduct binary scans of resultant code. Today, many commercial development shops use automated test harnesses for load testing and regression testing. It is fantastic that they do. They do this because they can afford to and because the rapid advancement of this sort of technology has made it possible. Twenty years ago? Not so much.
This would suggest that we might start to see a difference in post-production bugs between Open Source and Commercial/Closed Source software where the development environments differ between these two operating models.
The second observation would be far more tenuous. In the same 20 year period, we have seen many different programming languages "come and go". Obviously the more established platforms (COBOL, C, C++, JAVA) continue to be popular, but this, too, brings differences in bug reports. The longer a language has been in existence, the more mature development becomes, the more libraries become available, the more skilled developers become in preventing even the more obscure bugs.
I don't have access to the data [and wouldn't know where to look for it, tbh] but I think it would be easy to graph out "average number of vulnerabilities per thousand lines of code" - i.e. defect density - over a 5, 10 or even 20-year period of language use. It would be reassuring to see if that trended down - but even more interesting [and worrying] if it didn't.
A while back I went looking to see if there were any "big rules" about different programming languages being more or less prone to vulnerabilities than others. I had read [maybe 25 years ago] that Ada was once thought of being a language with very few bugs. The theory was that it's compiler was so strict that if you could get your code to compile, it would probably run just fine. I was really surprised to learn that although there had been a few studies, there didn't seem to be any emergent evidence to suggest that there were differences between languages. I was surprised because my ignorance had suggested to me that helpful and/or heavily typed languages would be less bug-prone that more relaxed ones - i.e. that JAVA would have a lower defect density than C. Apparently [and I'd be happy for anyone to correct me] the evidence does not support this.
Sorry that this is trending away from the original question, but I think that context is absolutely crucial to get to a good answer to the original post - and that we would find that, like forecasting the weather, it would be pretty hard to do...
I think we can accept part of the linked article - that pigments have been identified in very old rocks.
However, the phys.org piece then seems to claim that this is somehow "pigmentation", inferring that this is an aesthetic feature of the life form at the time. There is no suggestion that these life forms had developed organs capable of what we recognise today as "sight".
The simple fact is that chemicals generate colours. Copper sulphate solution? It's a cyan-blue. Potassium Permanganate solution? Tha's purple. But copper sulphate isn't blue for aesthetic reasons, it's blue because of the way that light interacts with the molecular structure of the compound. It is a direct result of the physical properties of the compound in question.
Treating this as though it were somehow a remarkable discovery is complete nonsense. We know that chemical reactions - inorganic as well as organic - produce compounds of given colours and pigments. I can put chunks of metallic copper in to sulphuric acid and get blue copper sulphate, but that isn't some pigment created by a life form. That's just chemistry.
In other words, what this article is establishing is not some aesthetic pigment produced by an ancient life form. It is, instead, identifying a potential range of chemical processes that the life forms could have used as part of their metabolism. Well, having a metabolism is one of the identifiable features of "life". It doesn't imply that the "colours" that result come from anything beyond that basic chemistry.
Nothing to see here. Move along, move along.
Unfortunately, it would be dangerous and misguided to consider this question solely from the perspective of "Can you trust Facebook?" or "Can you trust Google?"
The reason for this is simply because of the legislative framework under which any company incorporated in the United States [and similar controls apply in other countries - this is by no means a US-centric issue] are legally obliged to operate.
For example, the US Government can issue an "NSL" - National Security Letter to any US Company and that company is legally obliged to cooperate and legally prohibited from even admitting that they have received such an NSL. In the UK the equivalent notification is the "D-Notice", and disclosure of being under the direction of a D-Notice can be considered a breach of the Official Secrets Act, which carries some very strong punishments indeed.
The second reason that it is important to understand context concerns what we already know.
Disclosures from Edward Snowden have taught us that:-
1. Physical modifications have in the past been made to equipment from Cisco systems between that equipment being released by the factory and arriving with the client.
2. Systems have been compromised by specially-made USB cables, which included micro-transmitters that gave access to agents operating using a "remote control device" the size of a briefcase, from a range of up to 8km.
3. etc...
Does this suddenly mean that all (US/UK/Australian/Canadian/New Zealand) companies are suddenly to be considered untrustworthy? No, of course not. It just means that you have to walk into business relationships with all parties [no matter the country of origin] with your eyes open.
Aaron Levine is right to be concerned, but the issue isn't "Google" or "Facebook" alone, it is the fact that any company to whom you give data can be compelled to give up that data to the government under which that company is incorporated. And from the perspective of the government in question, it is far cheaper to get some commercial entity to do all the hard work, then subpoena it for next-to-nothing, than it is to spend a fortune attempting direct connection...
One of the big issues with restrictive access to web content concerns video. There are so many sites [MSNBC, CNN, Top Gear, others] where Firefox simply doesn't work, yet pretty much everything on YouTube does.
I think this is simply a case of lack of support for HTML5 standards. Well, that and the fact that it also locks out the non-Windows, non-Mac community.
Good to see that all those tax dollars we put towards anti-trust protections for citizens are well spent...
It is too early to tell [and, I am not a lawyer], but there are aspects of this story which may well fall foul of the new General Data Protection Regulation from the EU, or, perhaps, the related law just passed in California.
Among the key principles of the GDPR are concepts such as the "Lawful Basis for Processing" and "Consent"...
Here, the parent is suggesting that because Amazon is the platform on which people make purchases, "Amazon knows what you actually buy" and therefore this gives Amazon the ability to better target advertisements. However, the GDPR "Lawful Basis for Processing" helps to limit the way that companies can use [or abuse] data about us. There are six categories for the Lawful Basis for Processing:-
1. For the legitimate interests of a data controller or a third party, unless these interests are overridden by the Charter of Fundamental Rights (especially in the case of children).
2. To perform a task in the public interest or in official authority.
3. To comply with a data controller's legal obligations.
4. To fulfill contractual obligations with a data subject.
5. To perform tasks at the request of a data subject who is in the process of entering into a contract with a data controller.
6. To protect the vital interests of a data subject or another person.
Amazon are going to have to rely entirely upon the first of these if they want to use our shopping data to be able to serve tailored advertisements. But here's the rub - is it a valid "legitimate interest" for Amazon, a retail shopping platform, to have the right to serve tailored advertisements? [ And: you need to think beyond the concept that, well, they do this already on their platform - because what has changed is the law. Taking data from the public for one claimed purpose and then using it for another purpose is not legal any more...]
I haven't checked the detail of the recent California legislation, but it seems to me that the GDPR was conceived and enacted to stop exactly this sort of mega-corporation abuse of our personal data, even if that personal data is just our shopping habits.
And the frustrating thing would be [at least in the case of graphics cards] a handful of very sternly worded letters to the likes of nVidia and AMD and maybe even Intel, basically putting them on notice and demanding transparency in terms of things like the amount of raw materials and/or components being purchased, prices being paid, volumes being manufactured and prices being charged...
It wouldn't even take the regulators a large amount of time to spin up a massive monitoring program - all it would take would be the threat of legal action to remind them to play by the rules.
The business-friendly governments and the completely ineffective regulators won't even do that.
Typical
And where are the regulators and competition watchdogs?
Wherever they are and whatever they are doing, it certainly isn't investigating flagrant market abuse like this...
This just in from the check-your-facts department: In writing the headline and the OP for this particular linked news article, slashdot have mis-read the linked article.
What the HotHardware piece actually says is:-
"According to Taipei industry publication DigiTimes, there has been a definite "mining chill" that's going to positively affect GPU pricing, with its sources claiming a drop of "around 20%" in July. That's significant, and should hopefully mean that more GPUs can be had at their actual MSRP, or perhaps even a bit under soon enough (remember when sub-MSRP prices were common?)."
Well, we're in July now [albeit only just]. I've checked my preferred GPU retail channels and... no. In fact, there are small month-on-month prices increases, not price drops.
Sadly, then, this would appear to be the case of hoped-for or planned-for price cuts. The article most certainly does not cite any real-world examples - and my cursory checking suggests that none exist - yet.
I think you'll find that in this case the circumstances were:-
1. A company ran a quiz which was hosted on Facebook, with Facebook's permission.
2. The same company then, also with Facebook's permission, exported a whole stack of data, from Facebook, to a.n.other web site.
3. Then the a.n.other web site, which was insecure, exposed all the data from Facebook users.
I understand why you might wonder, "Is that Facebook's problem?" and the answer is that Facebook has what is legally known as a "duty of care" [which originates from tort law] and which basically says that because this process was originally hosted by Facebook, so they had a duty of care to ensure that the data that was collected was not irresponsibly exposed.
To be fair, the law is going to hit a "grey area" when it comes to the point at which FB ended their responsibility to oversee the data. For example, once the transfer had completed and it was no longer in their legal custody, a court might accept that responsibility had ended. But there are exceptions - such as whether the transfer mechanism was encrypted or not [which would turn on whether the information included "Personally Identifying Information" and so on.
There's also the question of whether or not quiz participants were clearly told that their answers would be exported off of FB's site, used by a third party, etc. Or whether it was simply a case of "Try this fun quiz!" The conditions surrounding the way in which they quiz was presented to participants would likely turn on FB's own "Code of Conduct" or "Terms of Service", so although you are technically correct to say, "But the data was stolen from some other ransom server. Why are FB responsible for that?" the answer might be a subtle one, along the lines of:- "Well, FB are responsible for allowing the data to be exported to that server in the first place..."
None of this answer is based on either certainty of the facts; I have no inside knowledge of the scenario... Just trying to extrapolate from what's being publicly reported...
Hopefully we've reached a point where anyone old enough to buy tobacco understands that it kills, that it causes lunch cancer, throat cancer, hardens arteries, kills taste buds and is generally not very pleasant. Apparently, it's also highly addictive.
Yet, dangerous as it is - and as widely as that danger is understood - people still smoke.
In a similar way, Facebook is just as harmful. Although the fact that it's now widely understood that it can kill your privacy, a frightening number of users remain in either ignorance or denial of the way that it can harm their lives.
Here are some [known, established examples] of the way that your Facebook profile can harm you:-
- If you apply for a job today, many employers will search your FB profile to get an idea of your "maturity" and behaviours.
- If you apply for health insurance or similar, companies will search your profile for evidence of you smoking, drinking to excess, participating in high-risk sports, etc.
- If you apply for a credit card or loan, banks will search your network of friends for any with bad credit histories, criminal convictions or other "red flags".
- If you "pull a 'sickie'" and call in to work sick, companies will search your social media profiles for activity on those days
- on and on and on...
Here's the bottom line:-
Very few people smoke and experience no ill effects
Most smokers suffer illnesses, compromised immune systems, shortness of breath, lack of fitness and die earlier than non-smokers
Quite a few smokers contract serious illnesses, including cancers, and experience abnormally premature death
Face book is like that:-
Very few Facebook users will be able to access the platform with no ill effects on their lives
Most users will experience ill-effects, although they may not even be aware of it happening. Credit cards might charge a bit more; job applications might be unsuccessful, that sort of thing.
And a smaller but unknown number of Facebook users could experience serious ill-effects from use of the platform, although, I'd concede, these are people who do something a little foolish like post to say they are overseas on holiday and then get back to find their home has been burgled...
Just to be clear, I'm not suggesting that Facebook are directly degrading people's lives. Rather, they are selling access to your data to other companies that can degrade your life. Bottom line?
If you don't want ill-effects, don't use it. Just say no.
I've no axe to grind when it comes to Ticketmaster. Never used their services.
However, if companies are going to wake up to the importance of protecting the data they collect so voraciously, they need a good incentive to do so. Much as Ticketmaster won't like this, one useful way of approaching this would be that, if it can be shown that they were negligent, then to levy the absolute maximum that the GDPR will allow (4% of global turnover?) as a fine.
Sadly, the only way that companies will even think of taking the privacy of our data seriously is when it hits their share price and the performance bonuses as paid to their directors. When we make it absolutely, unmistakeably, crystal clear that loss of data like this will earn the maximum in fines, we might start to see companies taking our data a bit more seriously.
The OP claims,
"The app is intended to collect information about the source of new game installs, and details about the gamer."
But hang on a moment... if the game is being installed via Steam [and, it has to be packaged up by Steam for delivery from their infrastructure], all of that information - and more - is available directly back to the game developer via Steam themselves. Those of us who play games via Steam know this "going in".
And as this page shows, one of the ways that RedShell works is to link your web browsing identity with your gaming identity and then have the ability to use that to back-track your activity across the internet.
There is absolutely zero justification for this.
The second part of the lie concerns not that this is being done, but the way that it is happening. If a game studio wanted to use this sort of technology to monitor activities associated with their game [which I do not believe is inherently wrong], then it would not be difficult for them to create a folder in the game's installed file tree designated "Uploaded Data" and to place in this folder a complete and true copy of data sent to back to them. It would have to be done after the upload - or at least, done in such a way that the gamer could not alter the data before it was sent - but at least this would be honest.
If a game manufacturer put a clear warning in their packaging: "This game will send telemetry to us when you play it. For details of the data elements sent, and instructions on how to verify this for yourself, please see the Appendix of this User Guide", I dare say that this scandal would not have happened.
It is the fact that companies think that they can "get away with this" by not telling people that pours fuel on the fire that this could easily be used for much more malicious purposes than are being discussed here.
One final thought/question: are there patterns in the data here? Are these sorts of underhand activities associated more with game studios or with publishers? It seems to me that although the studio rightly gets the bad reputation, the choice to add this sort of spyware - and let's make no mistake, that's what this is - could easily be "encouraged" by a publisher. After all, it's the publisher in this sordid tale that tends to be the one most interested in understanding games sales. If there is such a pattern, is it time to start vocal boycotts?
It seems to me that the only way to get through to these companies is to hit them where it hurts: their wallets.
Let's not forget, actual physical cash is essential, in a modern society, as back-stops to underpin two of the things we tell eachother we value: privacy and freedom.
Without cash, we are forced to compromise our privacy. Want to buy a birthday gift for a loved one that cannot be traced? Want to make a donation to a cause you care about, but do so anonymously? What to give something to that homeless person so they can get a hot meal? You need cash for all of these things.
Without cash, we are forced to compromise our freedom. [ And yes, I know this is a large chunk of "The Net", but it doesn't make it less true]. Want to be able to function in the face of a technological meltdown at your bank? [ Just look at what has just been happening to TSB customers in the UK recently ].
Any attempt to take away cash is an attempt to take away both privacy and freedom. It is the beginning of a slippery slope that leads to a very dark place indeed...
I don't disagree with you, but this raises a question.
Marcus Hutchins is a UK citizen, facing US justice. Can he legally take the 5th? Does the 5th Amendment of the US Constitution extend to apply to anyone charged under US law, or does it just apply to US citizens charged under US law?
One way to think about this would be to consider the reciprocal. If a US citizen were charged in the UK under UK law, could that citizen claim the right to silence courtesy of the 5th Amendment? I don't think they could. That doesn't mean that Marcus can claim the 5th under US Law.
Very interested if anyone qualified to give a perspective on US law can chip in...
According to this one random web site I chose from a Google search, Forrester Research estimated that there were in excess of two billion active PCs in the world by the end of 2015. That's more than 2 years ago.
This is probably an unfair calculation [though no less fair than the BSA's rubbish] but if you estimated that, on average, each person in the 22,500 survey pool had, say, 5 PCs [it was stated that this sample pool was a mix of personal and business users], then the number of people surveyed for this report amount to 0.005625% of the entire global population of PC users.
Five thousands of one percent.
Extrapolated up and used as the basis for a report from the BSA? If you were a scientist of any field that included the use of statistical analysis and you published a report based on a sample size of five thousands of one percent of the likely total pool, would you expect your analysis to be taken seriously?
If you look at pages 17 through 19 (inclusive, of the actual report), you'll find some very fine prose that the BSA use to describe the methodology they follow for determining the amount of unlicensed software.
... ... Respondents are asked how many software packages, and what type, were installed on their PC in the previous year; what percentage were new or upgrades; whether they came with the computers or not; and whether they were installed on a new computer or one acquired prior to 2017..."
It's utter garbage.
It's about as accurate as a weather forecast could be. It contains English-language "formulae" such as:-
Unlicensed Rate = Unlicensed Software Units / Total Software Units Installed
and Total Software Units Installed = #PCs Getting Software x Software Units per PC
Just look at that second formula for a moment. This is an approximation at best. But the absolute worst part of the report is the part in which the BSA explain how they get these numbers. This is, in fact, done for them by IDC. And here is the methodology:-
A key component of the BSA Global Software Survey is a global survey of more than 22,500 home and enterprise PC users, conducted by IDC in November 2017. The survey was conducted online or by phone in 32 markets that make up a globally representative sample of geographies, levels of IT sophistication and geographic and cultural diversity....
So let's just translate that.
1. This survey was based on evidence from a telephone survey.
2. People were called and asked to accurately remember what software had been installed on a computer in the preceding 12 months.
3. The result of a survey of 22,500 people was then extrapolated up to represent the entire world's software piracy problem.
We need to remember that this sort of document gets handed around the halls of government and shown to policy makers; the poor data samples, invalid questions, wild speculations, and sloppy calculations that form the heart of this paper then get used as the basis for legislation. Don't get me wrong - software piracy is wrong. With so much fabulous free and open source software available, there really is no excuse for it any more.
But it's important to remember that this sort of paper is going to be used to argue for ever-more Draconian laws which will restrict the freedoms of ordinary computer users. It's really important that documents like this get properly challenged and that legislators are left clearly understanding that this report belongs in the fiction section of the bookshop...
This is going back a bit, but the 5GHz threshold is important for another reason... I'm trying to find the exact reference, but back around the time that AMD first released the Athlon CPU, I recall someone from the technology press writing an article which extrapolated what would happen to processor TDPs as clock speeds increased. Obviously we have to bear in mind that die shrinks and improved lithography, better materials and the like all help to drive up the performance-per-watt scale, but this magazine projected that if CPUs [of the day] were ever to scale up to 5GHz, then the thermal-output-per-square inch, extrapolated from the CPU die size, would actually exceed what is found inside a fully-active nuclear reactor.
The amazing thing, then, is not simply that Intel have managed to ship a 5GHz part, but they have done so whilst essentially keeping the thermal profile of the chips more-or-less uniform for a good part of the last few years. In some ways this thermal efficiency is even more impressive than the outright clock speed; it talks to the materials science, packaging design and overall cooling effectiveness, that we've now come to expect from our current crop of processors.
Is this a functionality question?
I have no knowledge of the internal configuration or architecture of Apple's App Store, but perhaps there is an explanation to be found there. Perhaps Apple has a mechanism to "freeze" an Application in the store [which might explain why updates are not surfacing] but can only do this globally, as opposed to just within one country or legal jurisdiction?
I think the implied situation, namely that the Russian government challenges the use of an Apple application and somehow has the ability to persuade Apple to disable it world-wide, just seems too far-fetched.
Or maybe the issue is human error - someone inside Apple was asked to disable availability of Telegram for users with Russian IP addresses, but somehow applied the restriction globally, by mistake?
Key point being that this is far less likely to be conspiracy fodder and far more likely to be a snafu.
Might be worth pointing out that there is a good chance that these practices are illegal in certain parts of the world.
For example, although the EU has garnered a lot of publicity recently for the General Data Protection Regulation (which came in to effect 5/25), location tracking applications have run the risk of breaching EU law for at least he last two years. As this article shows, the main reason this practice falls foul of EU law is that the actual tracking/location determination takes place without user consent.
There are certain advertising agencies, such as Outbrain and Tamboola which embed click-bait content in sites (I'm looking at you, Slashdot) and which track their users via geolocation data they harvest from ISPs. This practice is likely illegal, at least in the EU.
We can only hope that US lawmakers are willing to take a similar stand...
Terry, I absolutey DON'T trust the FBI. Not in the slightest. I'm well aware of J. Edgar Hoover, the "Reds Under The Beds" and the witch-hunts.
... The President... [ Yes, I'm sure someone will say, "Don't forget about Congress". But just look at the way this partisan Congress has gleefully joined in helping the President undermine the DoJ and FBI].
But the way I've looked at this, by my reckoning the FBI are the "Lesser of Two Evils". This is because the FBI are still subject to oversight. If they get unruly or step out of line, there is constitutional protection in the form of sanctions... However, if you look at what Trump is doing, he's basically undermining the primary institutions of law enforcement of the United States. Which leaves what?
Make no mistake... This is the most dangerous time for the United States since independence was declared.
Terry, I appreciate you taking the time to respond, but from where I look at this, I think you entirely missed the purpose of my previous post.
An anonymous coward made some factually incorrect statements with respect to the Mueller-led investigation, including the claim that, "not a single person..." {has been} "...charged with anything." . My response was an attempt to show that the anonymous comment was factually wrong, by listing some of the charges made [and corresponding guilty pleas secured ] as a direct result of the Mueller investigation.
That's it.
But the thing I think we both need to bear in mind is that, ultimately, the most serious of any charges likely to come as a result of the investigation won't be released on an interim basis. The most serious will form the basis of the ultimate report, that Mueller will pass back to Rod Rosenstein. Consequently, anything else we care to mention on the topic is little more than speculation at this point.
I'm not going to try and argue that you are in any way wrong with your response. Just that it we're talking about two very different things.
And your experience is, in essence, the *really* important point here. The FBI face several problems, one of their own making:-
1. They are being treated like grade-schoolers, and given scores and metrics and told they must compete with other agencies...
2. Part of the reason for 1., above, is because they are also now in a turf war with other agencies, such as the DHS. Lines are blurred, it isn't clear who has jurisdiction over what any more.
3. The introduction of these turf wars and competition for budgets has a habit of permeating in to other aspects of an organisation. Pretty soon, everyone is being measured and quantified. Managers and employees who play these games do well; those that don't fail.
4. Before you know where you are, you have a situation in which the Head of the FBI will find that they personally are being performance-assessed based on the conduct of their entire agency, with stupid metrics that fail take in to account the changing nature of both crime and law enforcement, or the complications of multi-jurisdictional operations...
5. To make it even more fun, you've then got the fact that "law and order" have become a political football, with politicians of all stripes deriding the failures of their opponents and declaring that they will be "tough on crime, tough on the causes of crime" - and to support this, well by golly they want metrics and statistics and "proof" that their governance of the FBI was better than the last bunch in office.
And before you know where you are, the Head of the FBI spends half their time being a political football and the other half their time compiling metrics for asinine politicians who don't understand what they're doing. [I'm being polite].
And the real tragedy here is that when the FBI tried to compel Apple to hand over the master keys to iPhone encryption, when former Director Comey told everyone how "essential" that was to law enforcement, they were lying and being economical with the truth. Those lies serve to erode the trust that the public needs to have in the FBI. In one sense I think Comey got his come-uppance, got exactly what he deserved. In another sense I am probably more concerned with having Comey as head of the FBI than having a President who simply fires people who disagree with him. The former leads to a breakdown in public trust in the law. The latter leads to tyranny.