Adopting new coding language is part of the long-term solution, yes, but that's only a small portion of the solution. Security isn't all about software vulnerabilities.
"Billion-dollar companies" face the exact same security issues and get hacked by 10 years old kid (or their equivalent) all the time. And their "top" security experts can't do much about it. I know, I'm one and I work for one.
The reason these companies fail isn't because their personnel sucks, but because hiking IS easy. Or, more precisely: the cost (in term of time, effort, expertise, etc.) to hack one of the many systems a typical big company has is completely dwarfed by the cost of securing those systems. The asymmetry between the two investment is so profound, we're not even thinking anymore in term of preventing hacks, we've moved toward a model where we want to minimize their amount and detect them as fast as possible, because we literally can't do better.
Funny how this is always the narrative taken. Either the kid is a genius, or the Big Internet Company sucks. Never is it suggested that hacking is so easy, 10 years old can do it.
> There's no chip on our shoulder, no envy, no resentment, etc. You guys just can't be trusted, just like North Korea.... just like every single country in the world that hasn't its thumb up their ass. This was the point of the guy you were answering to.
> stuxnet was typical short sighted policy from usa/isreali establishment.
Stuxnet was a way for the US to put pressure on Iran nuclear program without actually bombing the shit out of it, which was what Israel pushed for years. Stuxnet may very well have adverted a war between these countries. Do you think the US would have the "moral high ground" had this happen?
Could also be the US. The point is that "state sponsored" should be read as "nation-state sponsored". It has nothing to do with individual states within the US.
> ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
Of course they are. But nothing in the article says that this is used in the context of the domestic surveillance programs - in fact it would be surprising if it was.
People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
>Americans have no fucking right to be fooling around with our computers and phones!
"Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
>No, but it does highlight just how much crap was happening, just how much everyone else in the world needs to stop trusting American (or any other) spy agencies,
Because you were trusting spy agencies before?
>and how whiny and idiotic Americans sound when they complain about China hacking them.
Of course people will complain. Everytime something happen to a country that is caused by another country, people will complain. How this is "whiny and idiotic" is beyond me. Complaining is a form of soft power. NOT complaining would be pretty idiotic.
> Sorry, but if you are hacking everybody else, and undermining security, you deserve to be hacked in the same way.
"Deserve" is a weird word to use in the context of international relations. Nobody "deserve" power. Power is power.
> This is coming just days after Poroshenko dissolved his Parliament [cnn.com], there were apparently rising protests against conscription into the Ukrainian army [globalresearch.ca], and the separatists were able to make progress.
> RT is claiming that Ukrainian troops crossed into Russia, in order to defect [rt.com], and the Ukranian government admits this.
Not sure why you think it's the "other side of the story”. It has nothing to do with the story. Some elements of the Ukraine military may be defecting AND Russia may be invading. These are not mutually exclusive claims.
> The NSA is an enormous liability with horrible internal security.
The US should remove its electronic spying capabilities because they are internally insecure? I'm not sure to follow you here. It doesn't make any sense, and looks more like a half-assessed excuse to support your conclusion (The NSA should be destroyed no matter what) than anything else.
> It yields virtually nothing useful to the general citizens,
I think the general citizen benefits from the US global hegemony of the last 50 years. I'm sure they don't "feel" like it, but that's the problem of living in a rich country and feeling entitled about it. You end up forgetting the true source of the success to rely so much on.
> and it's actions have jeopardized secure encryption globally
Oh yeah, no exaggeration here!
Well, what can I say? You have the username of your ideas.
Of course! The US should destroy its electronic espionage capabilities, right as the world enters the information golden age! Makes perfect sense. Why think long term when you can just react to the last news-fueled scandal!
Every industrialized country is racing to adopt strong electronic espionage (and defense capabilities), it's been growing fast for the last decade, as the importance and impact of telecommunication technology has been growing. It is THE hot field right now. Clearly, the most rational move for the US right now is to simply abandon it altogether.
The trust (or legitimate lack of trust) that people have toward their country has little to do with how countries act among each others.
If you don't trust your country foreign policy (and you are right in saying that it isn't always very legitimate), then act on changing that. Hoping your country to sabotage itself won't work.
The US (and every single other countries) won't abandon the tools at its disposition to enforce its foreign policy just because you feel they should. Countries - especially powerful ones - don't sabotage themselves for no reason.
Just because spying has caused death doesn't mean it has the same general impact as war (for Christ sake!)
I like how you claim that spying goes against countries "national interest" when every single country does it. I guess it means that every single country is wrong in your view? Or maybe you're just wrong and has no idea what you are talking about.
> Just because its their job doesn't mean its okay.
Just because it's the job of the military to kill people doesn't mean it's okay.
It's not, but every single country in the world still has a military, and won't disband it just because "killing is wrong".
Countries have interests. They have a foreign policy aimed at defending these interest.
War is diplomacy by any other means, and countries will use wars as a tool of their foreign policy.
Spying is also diplomacy by other means, and countries will use spies as a tool of their foreign policy, which has the nice benefit of not killing people and not destroying everything, like wars do.
That it is "wrong" in some isolated, ideologically pure version of reality has little impact in practice. Countries continue to spy (since before they were such things as "countries"), and will continue for a long time.
Some will call me a troll, but as a gamer I'm no longer interested in 4K video since I know Occulus Rift (and competing VR set) are coming.
Why spend a shitload of money of a new 4K screen and the video card necessary for an acceptable game experience when I'll be able to do VR with a fraction of the cost and with my existing hardware setup?
Obviously that's a gamer perspective - I'm sure plenty of people will find 4K for what they are doing.
> Or, like the folks he's talking to, you could go to a prestigious college, get a fancy degree, and potentially land a job that can pay for 3 or 4 people to perform the duties of the charitable worker above, while still maintaining a very comfortable lifestyle. You could even end up higher in a profitable company, where you direct millions of dollars to aid programs just for tax breaks, if not altruism.
You could also tax the shit out of these high-paying peoples with fancy degrees and use the windfall to help fix social ills. Sounds a much more realistic plan than to just hope these guys will do charitable work by themselves - something they may not even have experience or aptitude too.
I really admire and respect what Bill Gates has chosen to do with his wealth, but he's still only an exception, not the rule. Instead asking billionaires like him to redistribute their wealth, we should instead ask ourselves how it is possible for them to amass such massive wealth to begin with.
The solution isn't better coding. It's been CLEAR now, for many years, that we can't just wait for the world coders to magically become amazing and consistently produce flawless code. Yes, training is part of the solution, and so are advanced debugging tools and many other things, but just blaming that it is the coder's fault won't change anything. It's not a solution, it's a blame.
It's like saying that car deaths would go down if only drivers were better.
The lesson wasn't learned, but the problem was somewhat mitigated. Big software companies adopted regular patch cycles and deployed patch management tools on their customers. It kinda worked because PC are powerful computers well designed to be upgraded and modified.
This is not the case for many embedded systems. They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.
The unauthorized disclosure of sensible US information has happened regularly in the 20th century. Act of spying are motivated differently depending of the individual. Interestingly enough, it's rarely a question of ideology.
Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did. And yes, I guess stopping to do these acts will remove the incentive. But it doesn't mean that it's a solution for the actual security problem. And it certainly how the NSA will see it too.
Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.
Slashdot Mirror
Adopting new coding language is part of the long-term solution, yes, but that's only a small portion of the solution. Security isn't all about software vulnerabilities.
"Billion-dollar companies" face the exact same security issues and get hacked by 10 years old kid (or their equivalent) all the time. And their "top" security experts can't do much about it. I know, I'm one and I work for one.
The reason these companies fail isn't because their personnel sucks, but because hiking IS easy. Or, more precisely: the cost (in term of time, effort, expertise, etc.) to hack one of the many systems a typical big company has is completely dwarfed by the cost of securing those systems. The asymmetry between the two investment is so profound, we're not even thinking anymore in term of preventing hacks, we've moved toward a model where we want to minimize their amount and detect them as fast as possible, because we literally can't do better.
Funny how this is always the narrative taken. Either the kid is a genius, or the Big Internet Company sucks. Never is it suggested that hacking is so easy, 10 years old can do it.
Are you comparing countries that are not the US as cavemen? Really?
> There's no chip on our shoulder, no envy, no resentment, etc. You guys just can't be trusted, just like North Korea. ... just like every single country in the world that hasn't its thumb up their ass. This was the point of the guy you were answering to.
> stuxnet was typical short sighted policy from usa/isreali establishment.
Stuxnet was a way for the US to put pressure on Iran nuclear program without actually bombing the shit out of it, which was what Israel pushed for years. Stuxnet may very well have adverted a war between these countries. Do you think the US would have the "moral high ground" had this happen?
Could also be the US. The point is that "state sponsored" should be read as "nation-state sponsored". It has nothing to do with individual states within the US.
> ORLY? So you are telling me that AV software is NOT used by the Americans while IN America? Hmmmm.
Of course they are. But nothing in the article says that this is used in the context of the domestic surveillance programs - in fact it would be surprising if it was.
I'm not an american citizen.
>Who the fuck said it was?
People defending Snowden as a pro-american whistleblower that should be pardonned by US authorities.
>Americans have no fucking right to be fooling around with our computers and phones!
"Rights"? Power is power. The US, and every single other countries, are going to do things that favor their foreign policy, especially if they think they can get away with it. There's no "rights" here.
>No, but it does highlight just how much crap was happening, just how much everyone else in the world needs to stop trusting American (or any other) spy agencies,
Because you were trusting spy agencies before?
>and how whiny and idiotic Americans sound when they complain about China hacking them.
Of course people will complain. Everytime something happen to a country that is caused by another country, people will complain. How this is "whiny and idiotic" is beyond me. Complaining is a form of soft power. NOT complaining would be pretty idiotic.
> Sorry, but if you are hacking everybody else, and undermining security, you deserve to be hacked in the same way.
"Deserve" is a weird word to use in the context of international relations. Nobody "deserve" power. Power is power.
Yet another excerpt from the Snowden documents that has nothing to do whatsoever with domestic surveillance.
In fact, I can't remember the last time it did.
> This is coming just days after Poroshenko dissolved his Parliament [cnn.com], there were apparently rising protests against conscription into the Ukrainian army [globalresearch.ca], and the separatists were able to make progress.
> RT is claiming that Ukrainian troops crossed into Russia, in order to defect [rt.com], and the Ukranian government admits this.
Not sure why you think it's the "other side of the story”. It has nothing to do with the story. Some elements of the Ukraine military may be defecting AND Russia may be invading. These are not mutually exclusive claims.
> The NSA is an enormous liability with horrible internal security.
The US should remove its electronic spying capabilities because they are internally insecure? I'm not sure to follow you here. It doesn't make any sense, and looks more like a half-assessed excuse to support your conclusion (The NSA should be destroyed no matter what) than anything else.
> It yields virtually nothing useful to the general citizens,
I think the general citizen benefits from the US global hegemony of the last 50 years. I'm sure they don't "feel" like it, but that's the problem of living in a rich country and feeling entitled about it. You end up forgetting the true source of the success to rely so much on.
> and it's actions have jeopardized secure encryption globally
Oh yeah, no exaggeration here!
Well, what can I say? You have the username of your ideas.
Of course! The US should destroy its electronic espionage capabilities, right as the world enters the information golden age! Makes perfect sense. Why think long term when you can just react to the last news-fueled scandal!
Every industrialized country is racing to adopt strong electronic espionage (and defense capabilities), it's been growing fast for the last decade, as the importance and impact of telecommunication technology has been growing. It is THE hot field right now. Clearly, the most rational move for the US right now is to simply abandon it altogether.
The trust (or legitimate lack of trust) that people have toward their country has little to do with how countries act among each others.
If you don't trust your country foreign policy (and you are right in saying that it isn't always very legitimate), then act on changing that. Hoping your country to sabotage itself won't work.
The US (and every single other countries) won't abandon the tools at its disposition to enforce its foreign policy just because you feel they should. Countries - especially powerful ones - don't sabotage themselves for no reason.
Just because spying has caused death doesn't mean it has the same general impact as war (for Christ sake!)
I like how you claim that spying goes against countries "national interest" when every single country does it. I guess it means that every single country is wrong in your view? Or maybe you're just wrong and has no idea what you are talking about.
> Just because its their job doesn't mean its okay.
Just because it's the job of the military to kill people doesn't mean it's okay.
It's not, but every single country in the world still has a military, and won't disband it just because "killing is wrong".
Countries have interests. They have a foreign policy aimed at defending these interest.
War is diplomacy by any other means, and countries will use wars as a tool of their foreign policy.
Spying is also diplomacy by other means, and countries will use spies as a tool of their foreign policy, which has the nice benefit of not killing people and not destroying everything, like wars do.
That it is "wrong" in some isolated, ideologically pure version of reality has little impact in practice. Countries continue to spy (since before they were such things as "countries"), and will continue for a long time.
Some will call me a troll, but as a gamer I'm no longer interested in 4K video since I know Occulus Rift (and competing VR set) are coming.
Why spend a shitload of money of a new 4K screen and the video card necessary for an acceptable game experience when I'll be able to do VR with a fraction of the cost and with my existing hardware setup?
Obviously that's a gamer perspective - I'm sure plenty of people will find 4K for what they are doing.
> Or, like the folks he's talking to, you could go to a prestigious college, get a fancy degree, and potentially land a job that can pay for 3 or 4 people to perform the duties of the charitable worker above, while still maintaining a very comfortable lifestyle. You could even end up higher in a profitable company, where you direct millions of dollars to aid programs just for tax breaks, if not altruism.
You could also tax the shit out of these high-paying peoples with fancy degrees and use the windfall to help fix social ills. Sounds a much more realistic plan than to just hope these guys will do charitable work by themselves - something they may not even have experience or aptitude too.
I really admire and respect what Bill Gates has chosen to do with his wealth, but he's still only an exception, not the rule. Instead asking billionaires like him to redistribute their wealth, we should instead ask ourselves how it is possible for them to amass such massive wealth to begin with.
"Only because software development sucks".
The solution isn't better coding. It's been CLEAR now, for many years, that we can't just wait for the world coders to magically become amazing and consistently produce flawless code. Yes, training is part of the solution, and so are advanced debugging tools and many other things, but just blaming that it is the coder's fault won't change anything. It's not a solution, it's a blame.
It's like saying that car deaths would go down if only drivers were better.
The lesson wasn't learned, but the problem was somewhat mitigated. Big software companies adopted regular patch cycles and deployed patch management tools on their customers. It kinda worked because PC are powerful computers well designed to be upgraded and modified.
This is not the case for many embedded systems. They are designed to be installed and then you forget about them. So the "classic" mitigation technique doesn't work. This is a big problem.
Well... sure... but how is this related to what I wrote?
The unauthorized disclosure of sensible US information has happened regularly in the 20th century. Act of spying are motivated differently depending of the individual. Interestingly enough, it's rarely a question of ideology.
Sure, illegal acts, or perceived as illegals, can motivate some people in doing what Snowden did. And yes, I guess stopping to do these acts will remove the incentive. But it doesn't mean that it's a solution for the actual security problem. And it certainly how the NSA will see it too.
Well, maybe that's true for Snowden, but it's just him. In practice, disclosure of sensitive information happens whether "constitutional rights" are respected or not, and the security controls that can be used to secure this information don't change.