There has to be enforcement -- and that's always the hardest part, isn't it? Suggestions?
Several people in the peanut gallery have already suggested ways to do it.
As these specific cases are happening near major airports, a few properly-installed cameras capable of detecting the laser strike can triangulate the ray's location automatically. The military already has tech for it in the field both for sniper bullets and laser-assisted sniper sights. Hook it laser location triangulation to contact law enforcement instantly and all kinds of enforcement opportunities appear. It likely costs a six-digit or seven-digit amount to set up and install the necessary specialized cameras to cover the angles and triangulate the position, but considering the costs of running a major airport that's nearly inconsequential. A few key locations on airport property will have 360' visibility, a small number of cameras calibrated at each of three or four sites, and a little hardware and software to drive it; technically that part isn't too difficult.
Just as a small number of cities installed microphones that can isolate gunshots and instantly triangulate the location that gets passed to police dispatch, a laser sighting system would instantly triangulate the location of the laser strike to police dispatch. An automated system may not be able to catch them all, but if they know from the automated systems the buildings near 654 Pine Street has been the source of 30 laser strikes over the past week, it becomes a straightforward matter to finish off the enforcement details.
Another option is to install detection equipment on airplanes themselves and have them take a telephoto image of the location for each incident. That's going to be cheaper on an individual basis but more costly in total, a five or six digit cost per airplane outfitted but a larger number of airplanes should be equipped, and adds the ability to record information no matter where the event takes place. Even if a specific airport was not equipped with an automated detection and dispatch system, an individual airplane could provide much of the same information to the FAA or similar agency immediately.
Beyond enforcement is mitigation. This has also received several good suggestions. Airbus has been toying with designs where there are no windowed cockpits, pilots can use cameras and other sensors to fly. Other ideas are light diffusing and frequency-blocking technologies on cockpit windows.
... protection against compelled self-incrimination.
In many countries that protection is provided not by a constitution, but by tradition of jurisprudence. If the government decides to take that protection away in their 'war on terror', which has happened in other countries, someone will have to prosecute the government to get that protection re-instated.
It is a protection that many in the United States are quick to surrender when they feel threatened, but thankfully so far the more wise heads have prevailed.
In the past 50 years or so the popular attitude toward the protection has faltered. A half century ago invoking your right to remain silent was seen as a good use of protecting yourself. Those who did it were considered smart. But these days, when someone invokes the fifth amendment in the US it is often seen with derision and suspicion.
Anyone can incriminate themselves all they want voluntarily, confess all you want. But the protections against compelled self-incrimination are extremely important. Sadly too many don't realize how important they are.
Perhaps they know who the phones belong to, but what makes them think the owner is one of the San Bernadino killers?
That's where law enforcement is having a hard time.
* Government can use a warrant to demand the item be surrendered, and preserve it as evidence.
* Government can demand passwords from third parties like phone companies under both subpoenas and warrants.
* BUT individuals have a constitution protection against compelled self-incrimination.
The government is supposed to produce evidence and link the person to the crime without a forced confession. It is a GOOD THING, it helps prevent things like being tortured to confession and fishing expeditions looking for crimes. Prosecutors and police can demand an individual produce papers and documents that link them to a case, but (assuming their legal defense is doing their job) by doing so they trigger the protections of the fourth and fifth amendments by compelling the evidence.
This was recently re-affirmed by the supreme court in US v. Hubbell.
If the government demands that the person gives up documents, papers, or passwords to the device it is compelled self-incrimination. If the government demands a person incriminate himself to collect evidence, it becomes poisoned and the government cannot use it or information from it to help with prosecution.
Police and prosecutors absolutely can demand the people turn over passwords.... but by doing so they also trigger immunity, they cannot use that fact or anything learned from the devices as evidence against them. They'll bitch and moan and complain about not having the passwords, they'll petition congress about how unfair it is to law enforcement that police need to actually investigate crimes and can't use self-incrimination tactics, but the lawyers know full well all it takes is a single slip of paper to legally demand the passwords. Grant them immunity under the protections of the 5th and they are compelled to turn the passwords over, but the person also walks away from criminal liability.
Simply (perhaps dangerously oversimplified) in most of these cases it is that the police are lazy. There are many other known details, much other evidence, but investigators are going for the easy pickings of the data on phones and other personal documents typically protected by law. They could do actual leg-work, actual investigation, actual crime scene evaluation, and many investigators do. The ones wanting to break down the constitutional protections are the lazy investigators who won't be bothered to use the other available investigation tools.
So the plan to make transistors tolerate higher clock speeds by using better materials is not going to happen?
Yet another restating of Moore's Law? The thing gets revised to whatever the latest growth area is.
The original 1965 article it was about "component counts", then it was revised in a later talk to be "circuit density", then revised in 1975 to be "semiconductor complexity", then revised in the later '70s to be "circuit and device cleverness", has been restated yet again when serial devices flatlined in favor of highly parallel chips.
Assuming this goes through the chipset, it will likely be restated again in terms of whatever other factor on the chips continues to grow.
Movie companies would do a much better job if they stopped trying to squash any sort of piracy, and focused more on providing what people want, in the form they want, when they want it, at a convenient price.
There will always be a guy selling DVDs on the corner, frequently backed up by organized crime. I'm not so certain that people who are less committed to that lifestyle will be always there and impossible to stop. That ease of participation relies on freedoms are now taken for granted which I feel may well become very eroded in the future.
That misses the point.
If the companies provided what the consumers wanted, in the form they wanted, at a convenient price, the guy on the corner has no customers and goes to a different process. The content creators get paid for the content, the customers can enjoy the content, and everyone is happy. (As typical, customers would always prefer to pay less, producers would like to be paid more, but ultimately a happy balance can be reached if they honestly tried.)
Systems like netflix, hulu, dramafever, amazon video, they are getting closer to what the customers wants. In an even better world all those off-catalog shows, the crappy direct-to-DVD releases, these would also be available in the catalog rather than the constant Disney-esque vault where availability is intentionally reduced to get more coin.
The fact that they are present at all on Torrent systems is enough to let the companies know to add it to the catalogs. If I knew I could watch {popular title} from Redbox for a buck per day, or from some paid service where there are no scratched discs, and watch it on a web player on whatever device I want for a time period, sign me up.
Simply: If it is available in a torrent but not available in the authorized service, the authorized service is insufficient.
The company needs to stop providing insufficient service. When one business gives insufficient service, and another source offers the service, it is clear what will happen to the business. Adapt or die. These companies don't even need to go through the process of digitizing the works; when they discover what is on torrents but not in their catalog, put the ripped torrent version among their authorized versions. What happens when Disney finds a rip from some old VHS they haven't migrated? Instead of trying to shut it down, Disney should find the best ripped copy and put that among their (fully paid and properly authorized) products.
If everything were available through a proper, above board, fully legal paid service, and there was one place I could go to get yesterday's TV show, this week's big blockbuster release, reruns of my favorites from the last decade, reruns from the 1980s, 1970s, 1960s, and even all the old back catalog movies clear back to the 1920s when the Golden Age of Cinema started, then the guy at the corner selling bootleg copies would vanish. If the mere presence of a show on torrents was enough to get it added to the proper legal channels, then the need for them would precipitously drop.
It would not vanish completely, there are some people who refuse to pay anything and also refuse to find any friends to share passwords and accounts. If the legal version is immediately available to paying customers, at a convenient price, on a convenient location, viewable on a convenient device, the unsatisfied needs that drive torrented movies would drop off the radar.
It's a sad day when the candidates running for president are traitors.
Never attribute to malice that which is adequately explained by stupidity or ignorance. Being a "traitor" implies intent, this is far more likely to be ignorance of a technical issue.
I'm surprised so many slashdotters expected these people to understand the technical issues.
Hillary Clinton's background might have discussed some encryption details because of some of her security scandals. Carly Fiorina also possibly understands the technical issues. But I would be shocked if any of the other candidates have any understanding of the issue.
For all the rest of the candidates, it is not something they've likely ever studied. For them, encryption might as well be some magical fairy dust that computer people sprinkle over computers for security reasons.
The problem is that the old journalist media and the new journalist media is having problems making money.
I think that is part of it. The financial concerns are also related to the larger number of news outlets, the 24/7 news cycle, instant online publication, and search engine rankings.
Let's review a few decades ago, back when there was a better ratio of good journalism to bad journalism...
A few decades ago to get all the news outlets an individual could talk to the local affiliate of CBS, NBC, ABC, and possibly a few additional locals that weren't affiliated with the big three. For a big public statement that meant a few phone calls to schedule a common time, up to six reporters come visit bringing their photographer, and you were done. For a smaller public statement it meant talking to even less, maybe just the local unaffiliated reporters or only one major reporter. There might be a few calls from distant papers that want to run the story, but those few initial interviews all generated high quality original reports for the networks. The reporters actually came out to interview, news stories via phone calls were rare. Since there were limited news outlets they each had a fairly big piece of the pie when it came to revenues from ads and subscriptions, so they could pay more for better reporters. All of them combined to give much better journalism. When one outlet wanted to cover something done by another sometimes they would rewrite the stories off the wire, but generally there was an actual discussion to those having the newsworthy experience.
Contrast with today.
If something is big news there are a huge number of media companies that want to talk about it. There are so many outlets that each one individually gets a tiny sliver of the interested viewers, so they have less money to invest in the story from relatively fewer advertisement eyeballs. Instead of investing time and money doing investigation and contacting the original sources (tending toward better quality journalism), they quickly rewrite the existing story and publish it immediately in an effort to show up early in web searches, giving worse quality journalism. For the individual or company with the newsworthy event, instead of being contacted by a handful of local reporters they get calls and emails from hundreds of them across the globe, each asking for a statement immediately for publication. Generally there is no opportunity to get back to them, no opportunity to leave a message; if they cannot provide a statement with that first phone call the article gets a line "company was not immediately available for comment." From discussions with some reporter friends in the past, today's reporters frequently write the story first and then contact the newsmakers for a quote in the hope to fill in a quote that meets the story they wrote rather than talk to the people first and write the story based on what was learned.
So summing it up:
* Fewer news agencies meant individuals could talk to everyone, versus today's many unanswered phone calls
* Fewer news agencies meant more filtering of stories, versus today's unfiltered deluge of reports
* Fewer news agencies meant more money per reporter, versus today's many reporters with no budget
* Fewer better funded reporters meant better stories with original content, versus today's low-paid reporters who do a quick rewrite
* Daily publication meant time to write based on the facts, versus today's rush for an early story that doesn't have time for facts
Generally when you get a low quality news article you can figure out who the original source was, who it was that actually sent a real live human being reporter to talk in person with another real life human being, and that version of the article will have quality journalism.
Yet another reminder about why we need space programs to get colonies of people off Earth.
Not only will having more places available serve as backup for humanity, but it will also ease the strain of conflict over locations as many people would want to leave for proverbially greener pastures.
Or maybe if taking the pessimistic view, let's hurry up and destroy ourselves before we spread elsewhere.
Under the Stored Communications Act, with an administrative subpoena that does not require any probable cause statement or review by a judge. No warrant required, but full legal force.
If you maintain it on your own you can fight it if you want.
If they give it to a third party like your ISP or some other service provider, they might fight it, or might not. Choose your partners carefully.
"There is no good reason to keep 25 years of email. "
Of course there is. You should know, some people actually comunicate about important matters, and keeping records can oftentimes be very beneficial.
Seems like you ignored the rest of the post, fixating on that one line.
I am not saying to dump important documents. I am saying a hodgepodge of email systems is a terrible archival method.
If there are communications that need to be preserved, preserve them properly.
As I pointed out, contracts should be preserved properly, generally meaning a hard copy printed out and kept in a physical file folder, or electronic copies should be properly archived properly as electronic documents. Mementos should be preserved, ether electronically or as hard copies, in an appropriate other container. Business-related documents should be classified and sorted and archived correctly for their type of documents.
Many types of documents have useful lifetimes that your lawyer will be quick to explain.Three months and six months are both critical windows when it comes to government access, government agencies can swoop in and demand copies of any email or other communication not marked as 'read' at that age, and do so without a warrant or court order. Three years or four years is the legal limit for most documents to be used in civil suits, if the document is older than that then generally it cannot be used as it is no longer timely. There are very few other documents you will receive in email that you would need to keep longer than that. If you do, keep them in a more permanent form than email.
It is surprising to me that so many/. users are missing the point of data retention policies. It seems when government agencies come up data retention policies and data destruction at the end of the limits come up quickly. In stories about businesses with decades of data people quickly jump on them for not destroying it in a timely manner, how job applications and similar records shouldn't be kept forever. But when it comes to a person's own policy, ain't nobody got time for that.
Keep what needs to be kept, and keep it properly. Discard what does not need to be kept. 25 years with 500,000 emails is about 24.9 months and 499,950 too many. Sort that crap out.
BTW, am I the only one that thought the Narnia stories were dumb, and a lame attempt at a copy of Lord of the Rings but with a bunch of annoying in-your-face Christian metaphors?
Probably the only person, yes.
Because that is the opposite order of when they were written.
CS Lewis wrote and published his books from 1949-1956.
Tolkien wrote chunks of LotR and related world fiction over a 30 year span, but didn't publish it until 1954-1955.
Most of the seven Chronicles books were published before LotR, and only two (The Magician's Nephew and The Last Battle) could potentially have been based on any of the LotR books as you suggest. Both of those books were (according to Wikipedia) finished before LotR was released; they were completed but not yet published. Books require some lead time between when they are submitted and when they hit the streets, so it is likely that CS Lewis did not know about the books except possibly hearing some of Tolkien's writings and reputation as a professor.
That's true, but from the sounds of it this is for business reasons. For business it's probably more important than if it was personal.
For business it can be even more important to clean things out. Having old things on hand is more likely to work against you than work in your favor. Yes, some documents need to be carefully retained and kept on file for the life of the business and the best place to do that is not in email. Most of these communications should be disposed of on a regular basis.
Most business lawyers I've worked with have strongly recommended a data retention policy to dump email regularly and always before the 3-month government communications free-for-all. Most work places I've been at have had 3 months before automatic forced deletion of email. If it is important it does not belong in email. Unread email is treated differently under the law, and currently any email that is six months old or older and marked as unread can be opened and read by federal agencies without a warrant. Similarly, transitory communications like chat logs and even file transfers through services like DropBox are easily accessed by government's prying eyes. Don't keep data there because lots of organizations, including government agencies, corporate spies, and opposition lawyers, can all get access to it.
If it is important it gets printed and filed, or moved to electronic documents that are properly archived, or otherwise moved to a better location than email. Paper files and electronic archives get properly maintained with their own data retention policies. Contracts and agreements made get filed with dates.
There is no good reason to keep 25 years of email.
Print out and properly file what is important. Agreements and important documents get filed. Properly file and archive personal mementos (not in email) or put them in a scrap book.
The Slashdot headline missed a key detail covered in the article:
Beazley point out that the piracy lawsuit was filed November last year, several days before the December 1, 2014 date the insurance policy began.
It is a bit difficult to file an insurance claim against lawsuit costs when the lawsuit was instigated before the insurance took effect.
Since we love automobile analogies so much: It is like buying car insurance in December to insure against a crash that took place the month before. That's not going to help much.
Or buying a life insurance policy for your recently-deceased relative.
The date insurance coverage began is going to be a far bigger problem than details of what the policy covers.
OMFG! There was a fluctuation of 2.2 percent in the female employees of a major corporation that has bizzilions of employees that come and go!
No, it was because they cancelled the phone business.
<sexist sarcasm humor> Clearly since they aren't working on phones any more, they don't need the women. They must have used the women to QA those phones so receptionists and secretaries would be satisfied with the phone's shape and comfort on the female face. Now that the phone division is closed they don't need the women any more. </sexist sarcasm humor>
Well, it is still fruit of the poison tree but is only known as such if someone is willing to admit that was how they found the information.
Parallel construction largely relies on a lie being in place. If at any time it is discovered that this other source or means was crafted due to the illegal connections, it can and likely would be toss out with it.
One neat thing about this type of deception is that the bigger it grows, the harder it is to hide. One person can keep a secret. Two people struggle to keep a secret. Hundreds of people cannot keep a secret, there will be a media leak by with a citation as a "confidential source not authorized to talk to the media."
If that happened it would not be one case tossed. It would be at least one case tossed and thousands of other cases re-opened for investigation, and intense scrutiny and a nasty public relations backlash.
We had a situation in a local PD where a highly acclaimed officer was caught faking field sobriety tests, falsifying reports and even the discovery of dashcam video showing the tazering of a sober person while shouting at them. In addition to the officer losing their job and various awards, there were various convictions overturned, convictions expunged, and several settlements allegedly of a quarter million dollars each were issued.
When discovered the impact to the groups is huge.
Discovery of illegal wiretaps and illegal records and failure to disclose potentially exculpatory evidence? That's the kind of thing that gets mass terminations and prison time for officers.
It seems a bit... Insane though. 90,000 at a measly $100 a pop (labour, booking etc) = $9m minimum. If they keep that up, they'll eventually eat into the profit so bad they fail...
Reading the actual story and announcement (yeah, craaaazy!) the test is to visually inspect the base of the seat belt and apply a sudden yank of at least 80 pounds force by the tech, followed by another visual inspection to see if anything deformed, bent, or otherwise broke.
This is not a cost of $100 per. For most people this will be 60 seconds added to their existing regular inspection.
"hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...
So they have received indirect payments or have received direct payments from non-government funders.
Yes, that is exactly true. I'm assuming you didn't read the actual statement by the school.
It begins: "Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues."
So there you go, a blatant admission to an indirect payment. The government did not say "We will pay you to develop this specific technology" which would have been direct. The government told that lab, and many more, "Here is money to research this type of technology generally", and the lab happened to fund that project among many others, yielding an indirect payment. What most people probably didn't expect, the lab included, was that they would get a subpoena demanding the research.
While the tin-foil hat may be necessary elsewhere, no need for it here. The lab has always openly admitted to the indirect funding from federal grants. In their research papers, and in fact in the vast majority of university research papers, there is a line about the grants funding the lab. That is a non-secret.
So have a division of the medical device company dedicated to Q/Aing Windows updates. This is an easy problem to solve, and frankly the manufacturer should be held responsible for the inevitable malpractice lawsuits.
There is no reason that a medical device should be as much as a month out of date on updates, let alone the years and years out of date these devices get to be.
In some respects I agree with you. In a perfect world all the devices would be re-certified with every patch as soon as the patch is available, updated promptly, and all the latest security safeguards in place. They would be re-certified and verified to meet all the latest security requirements, safety requirements, and efficacy requirements.
However, these are not home computers.
These are medical devices that must meet strict certification requirements that they do exactly what they say they do.
Any time the device changes or the software is updated, it must be re-certified. Getting a full PMA (Pre-Market Approval) certification is both expensive and time consuming, the current fee is $261,388. The wait is normally anywhere from 3 to 6 months for certification. If the product fails for any reason, it means fixing it and paying re-submission fees.
When "install the latest Windows update" comes with a $261,388 fee to re-certify, any business is going to reject that idea unless they are required to do it.
Fair enough, but I don't think the piece was written to inform about the balance or blame of the hacking. Instead, it was to inform the unaware that the agreement wasn't worth the paper it was written on.
Many international agreements are that way, as are many high-profile acts of congress in the US.
This particular one was a "Joint Statement" that they intend to be nicer in the future. These are usually called resolutions, much like your resolution to lose ten or twenty pounds that you make every year at your new year's party. Politicians resolve that the nations will place nice together but there are no specifics and they have no consequences if the resolutions are broken. The politicians create and sign these in very public settings with lots of cameras and smiling faces.
The feel-good fluff news stories are popular with the masses and the media.
I'm a hiring manager.... When I selected an older worker to advance in the interview process I got my hand slapped. I was told, "we want younger workers... not younger workers age-wise, but younger workers".
That's the kind of thing you carefully capture in multiple emails, then forward on to the state's labor department while quietly sending around your own applications for a less shitty workplace.
Because YOU ALREADY KNOW in the next one or two rounds of layoffs, you'll be considered the old one ready to be terminated.
>> have been in safekeeping beneath the Arctic Ice
Wait, I thought all that was melting because the sky is falling.
Correct.
When the ice melts due to global warming, the formerly-arctic area will be sub-tropical. They'll just take the top off the vault, letting in the sunshine and warm rain to start growing all the crops. No need to transport them around the world.:-)
People above can't afford to live the same city they work because of housing prices. I once asked a night janitor, who had his two sons with him at work that day, where he lived. He told me he lived more than an hour out of the city. I don't have any solutions but this isn't a good thing.
Was recently looking at a potential job in the area.
The job looked great. Then I started looking for a home within 15 minutes of the workplace. Nothing family sized (4+ bedroom) shows up on Zillow for anything less than $800,000. Many homes comparable to my $200K current residence were selling for well over a million dollars. Zooming out a bit, finding family homes even remotely affordable (under $300K) would require a full hour commute.
I went on to the next job listing, in a more reasonable cost city. The tech jobs may be good, but they aren't THAT good. Currently Austin and Salt Lake are the main contenders.
It is a good thing when high profile and medium profile people get caught in these stupid things.
When celebrities, including political celebrities, get caught by government aggression it draws a spotlight on the programs that are harassing millions. With the spotlight on them, they tend to withdraw or become legally curtailed.
Sadly many of the abuses committed by government are against the dregs of society, the people already in trouble with the law, the despicable criminals, drug dealers, child abusers, rapists, murderers, and more. Most of society doesn't care when government abuses these people, which is why so many lawsuits are filed against agencies and officers that people dismiss as just another attempt to get out of being caught. If those same abuses were publicly made against people of celebrity status the programs would be quickly curtailed, or pushed further into the darkness of secrecy.
Good job DHS, keep targeting popular people. Best thing you can do for the country.
It depends on the union contract.Unionization doesn't automagically mean lazy employees abound.
What you describe is my observation as well. Unions can cause problems, but they can also solve problems. Unions can solve very broad problems that individuals cannot.
Some unions are more powerful and effective than others. Some are very good at helping union members, others not so much.
I see two big difficulties in a programmer union.
1. Skills are different and hard to quantify. One person is highly skilled in one tool, another is highly skilled in another tool. Both are very productive, but they are not directly interchangeable. Alice is an expert in MySQL, Bob is an expert in PostgreSQL, Charlie is an expert in Oracle. While any of them can likely write up a solution for generic SQL problems, for other problems one of them is going to be the best choice for your specific workplace. Similarly, Dan knows DirectX and Emma knows OpenGL, both are great graphics programmers, but they are not directly interchangeable.
In other fields, unions have less degree of specialization. You can roughly exchange teachers by domain: elementary school teachers are roughly interchangeable. Secondary education teachers are roughly interchangeable by field, a HS math teacher can be replaced by another HS math teacher. Among plumbers, two journeyman plumbers are roughly interchangeable, two master plumbers are roughly interchangeable. Classes of workers are roughly interchangeable. This is harder to isolate in software development. You can start by dividing people by programming languages and experience levels, but it quickly falls apart. I daily use four different programming languages, routinely use 8 over the course of my job, and have worked with around 20, mostly custom languages and scripting languages on our wider project. So it isn't like "HS math teacher", but "Java/C#/SQL/Python programmer who also knows Lua, ActionScript, HTML, PHP, JavaScript, etc." In general terms programmers bundle together neatly, but specifics really muddle any equivalency test.
2. Too many programmers have giant egos, thinking they are a special snowflake that is irreplaceable. Often they imagine there might be a bell curve or other distribution, but whatever the distribution is, they are skewed at the highest top 1% of them all. A little dose of reality, it is a bell curve and the vast majority of people are average. This is largely fed by the first problem, where they look around the workplace and notice that they are a domain expert. The thought "I am the domain expert on my team", wrongly translates to "I am the domain expert globally". Whatever your specific domain, you are easily replaced by others who are expert in that domain.
It is easy to get caught up in that. I am the only person with my exact skill set, so feel I'm highly valuable and difficult to replace. While it is true that my EXACT skill set is difficult to replace, others with SIMILAR skill sets can more or less overlap my job duties and replace me, with others in the team filling in the gaps.
Other tasks done by unions, such as group negotiation of salaries, become a little more difficult because of the individual variability. As a programmer I can potentially leverage my own specialty for higher pay, but in practice that rarely happens, in most workplaces the programmer is just a cog in the machine paid in the same bucket range as others.
... Which isn't all of what you need, but it is a better start than nothing at all. I'd rather see a link to a journal I can't read than no link at all.
Tend to agree.
I would prefer to have links to stuff I can actually use. But if I cannot view the actual citation, I would like the citation to be verified in a reputable source, perhaps a book (which I also generally cannot click to read), or a journal I cannot freely access on the subject.
That is also part of the reason Wikipedia prefers secondary sources. The primary sources tend to be journal articles, research notes, reports, and complex research-related books. Secondary sources tend to be online writeups that are much more accessible.
Slashdot Mirror
There has to be enforcement -- and that's always the hardest part, isn't it? Suggestions?
Several people in the peanut gallery have already suggested ways to do it.
As these specific cases are happening near major airports, a few properly-installed cameras capable of detecting the laser strike can triangulate the ray's location automatically. The military already has tech for it in the field both for sniper bullets and laser-assisted sniper sights. Hook it laser location triangulation to contact law enforcement instantly and all kinds of enforcement opportunities appear. It likely costs a six-digit or seven-digit amount to set up and install the necessary specialized cameras to cover the angles and triangulate the position, but considering the costs of running a major airport that's nearly inconsequential. A few key locations on airport property will have 360' visibility, a small number of cameras calibrated at each of three or four sites, and a little hardware and software to drive it; technically that part isn't too difficult.
Just as a small number of cities installed microphones that can isolate gunshots and instantly triangulate the location that gets passed to police dispatch, a laser sighting system would instantly triangulate the location of the laser strike to police dispatch. An automated system may not be able to catch them all, but if they know from the automated systems the buildings near 654 Pine Street has been the source of 30 laser strikes over the past week, it becomes a straightforward matter to finish off the enforcement details.
Another option is to install detection equipment on airplanes themselves and have them take a telephoto image of the location for each incident. That's going to be cheaper on an individual basis but more costly in total, a five or six digit cost per airplane outfitted but a larger number of airplanes should be equipped, and adds the ability to record information no matter where the event takes place. Even if a specific airport was not equipped with an automated detection and dispatch system, an individual airplane could provide much of the same information to the FAA or similar agency immediately.
Beyond enforcement is mitigation. This has also received several good suggestions. Airbus has been toying with designs where there are no windowed cockpits, pilots can use cameras and other sensors to fly. Other ideas are light diffusing and frequency-blocking technologies on cockpit windows.
In many countries that protection is provided not by a constitution, but by tradition of jurisprudence. If the government decides to take that protection away in their 'war on terror', which has happened in other countries, someone will have to prosecute the government to get that protection re-instated.
It is a protection that many in the United States are quick to surrender when they feel threatened, but thankfully so far the more wise heads have prevailed.
In the past 50 years or so the popular attitude toward the protection has faltered. A half century ago invoking your right to remain silent was seen as a good use of protecting yourself. Those who did it were considered smart. But these days, when someone invokes the fifth amendment in the US it is often seen with derision and suspicion.
Anyone can incriminate themselves all they want voluntarily, confess all you want. But the protections against compelled self-incrimination are extremely important. Sadly too many don't realize how important they are.
Perhaps they know who the phones belong to, but what makes them think the owner is one of the San Bernadino killers?
That's where law enforcement is having a hard time.
* Government can use a warrant to demand the item be surrendered, and preserve it as evidence.
* Government can demand passwords from third parties like phone companies under both subpoenas and warrants.
* BUT individuals have a constitution protection against compelled self-incrimination.
The government is supposed to produce evidence and link the person to the crime without a forced confession. It is a GOOD THING, it helps prevent things like being tortured to confession and fishing expeditions looking for crimes. Prosecutors and police can demand an individual produce papers and documents that link them to a case, but (assuming their legal defense is doing their job) by doing so they trigger the protections of the fourth and fifth amendments by compelling the evidence.
This was recently re-affirmed by the supreme court in US v. Hubbell. If the government demands that the person gives up documents, papers, or passwords to the device it is compelled self-incrimination. If the government demands a person incriminate himself to collect evidence, it becomes poisoned and the government cannot use it or information from it to help with prosecution.
Police and prosecutors absolutely can demand the people turn over passwords .... but by doing so they also trigger immunity, they cannot use that fact or anything learned from the devices as evidence against them. They'll bitch and moan and complain about not having the passwords, they'll petition congress about how unfair it is to law enforcement that police need to actually investigate crimes and can't use self-incrimination tactics, but the lawyers know full well all it takes is a single slip of paper to legally demand the passwords. Grant them immunity under the protections of the 5th and they are compelled to turn the passwords over, but the person also walks away from criminal liability.
Simply (perhaps dangerously oversimplified) in most of these cases it is that the police are lazy. There are many other known details, much other evidence, but investigators are going for the easy pickings of the data on phones and other personal documents typically protected by law. They could do actual leg-work, actual investigation, actual crime scene evaluation, and many investigators do. The ones wanting to break down the constitutional protections are the lazy investigators who won't be bothered to use the other available investigation tools.
So the plan to make transistors tolerate higher clock speeds by using better materials is not going to happen?
Yet another restating of Moore's Law? The thing gets revised to whatever the latest growth area is.
The original 1965 article it was about "component counts", then it was revised in a later talk to be "circuit density", then revised in 1975 to be "semiconductor complexity", then revised in the later '70s to be "circuit and device cleverness", has been restated yet again when serial devices flatlined in favor of highly parallel chips.
Assuming this goes through the chipset, it will likely be restated again in terms of whatever other factor on the chips continues to grow.
Movie companies would do a much better job if they stopped trying to squash any sort of piracy, and focused more on providing what people want, in the form they want, when they want it, at a convenient price.
There will always be a guy selling DVDs on the corner, frequently backed up by organized crime. I'm not so certain that people who are less committed to that lifestyle will be always there and impossible to stop. That ease of participation relies on freedoms are now taken for granted which I feel may well become very eroded in the future.
That misses the point.
If the companies provided what the consumers wanted, in the form they wanted, at a convenient price, the guy on the corner has no customers and goes to a different process. The content creators get paid for the content, the customers can enjoy the content, and everyone is happy. (As typical, customers would always prefer to pay less, producers would like to be paid more, but ultimately a happy balance can be reached if they honestly tried.)
Systems like netflix, hulu, dramafever, amazon video, they are getting closer to what the customers wants. In an even better world all those off-catalog shows, the crappy direct-to-DVD releases, these would also be available in the catalog rather than the constant Disney-esque vault where availability is intentionally reduced to get more coin.
The fact that they are present at all on Torrent systems is enough to let the companies know to add it to the catalogs. If I knew I could watch {popular title} from Redbox for a buck per day, or from some paid service where there are no scratched discs, and watch it on a web player on whatever device I want for a time period, sign me up.
Simply: If it is available in a torrent but not available in the authorized service, the authorized service is insufficient.
The company needs to stop providing insufficient service. When one business gives insufficient service, and another source offers the service, it is clear what will happen to the business. Adapt or die. These companies don't even need to go through the process of digitizing the works; when they discover what is on torrents but not in their catalog, put the ripped torrent version among their authorized versions. What happens when Disney finds a rip from some old VHS they haven't migrated? Instead of trying to shut it down, Disney should find the best ripped copy and put that among their (fully paid and properly authorized) products.
If everything were available through a proper, above board, fully legal paid service, and there was one place I could go to get yesterday's TV show, this week's big blockbuster release, reruns of my favorites from the last decade, reruns from the 1980s, 1970s, 1960s, and even all the old back catalog movies clear back to the 1920s when the Golden Age of Cinema started, then the guy at the corner selling bootleg copies would vanish. If the mere presence of a show on torrents was enough to get it added to the proper legal channels, then the need for them would precipitously drop.
It would not vanish completely, there are some people who refuse to pay anything and also refuse to find any friends to share passwords and accounts. If the legal version is immediately available to paying customers, at a convenient price, on a convenient location, viewable on a convenient device, the unsatisfied needs that drive torrented movies would drop off the radar.
It's a sad day when the candidates running for president are traitors.
Never attribute to malice that which is adequately explained by stupidity or ignorance. Being a "traitor" implies intent, this is far more likely to be ignorance of a technical issue.
I'm surprised so many slashdotters expected these people to understand the technical issues.
Hillary Clinton's background might have discussed some encryption details because of some of her security scandals. Carly Fiorina also possibly understands the technical issues. But I would be shocked if any of the other candidates have any understanding of the issue.
For all the rest of the candidates, it is not something they've likely ever studied. For them, encryption might as well be some magical fairy dust that computer people sprinkle over computers for security reasons.
The problem is that the old journalist media and the new journalist media is having problems making money.
I think that is part of it. The financial concerns are also related to the larger number of news outlets, the 24/7 news cycle, instant online publication, and search engine rankings.
Let's review a few decades ago, back when there was a better ratio of good journalism to bad journalism...
A few decades ago to get all the news outlets an individual could talk to the local affiliate of CBS, NBC, ABC, and possibly a few additional locals that weren't affiliated with the big three. For a big public statement that meant a few phone calls to schedule a common time, up to six reporters come visit bringing their photographer, and you were done. For a smaller public statement it meant talking to even less, maybe just the local unaffiliated reporters or only one major reporter. There might be a few calls from distant papers that want to run the story, but those few initial interviews all generated high quality original reports for the networks. The reporters actually came out to interview, news stories via phone calls were rare. Since there were limited news outlets they each had a fairly big piece of the pie when it came to revenues from ads and subscriptions, so they could pay more for better reporters. All of them combined to give much better journalism. When one outlet wanted to cover something done by another sometimes they would rewrite the stories off the wire, but generally there was an actual discussion to those having the newsworthy experience.
Contrast with today.
If something is big news there are a huge number of media companies that want to talk about it. There are so many outlets that each one individually gets a tiny sliver of the interested viewers, so they have less money to invest in the story from relatively fewer advertisement eyeballs. Instead of investing time and money doing investigation and contacting the original sources (tending toward better quality journalism), they quickly rewrite the existing story and publish it immediately in an effort to show up early in web searches, giving worse quality journalism. For the individual or company with the newsworthy event, instead of being contacted by a handful of local reporters they get calls and emails from hundreds of them across the globe, each asking for a statement immediately for publication. Generally there is no opportunity to get back to them, no opportunity to leave a message; if they cannot provide a statement with that first phone call the article gets a line "company was not immediately available for comment." From discussions with some reporter friends in the past, today's reporters frequently write the story first and then contact the newsmakers for a quote in the hope to fill in a quote that meets the story they wrote rather than talk to the people first and write the story based on what was learned.
So summing it up:
Generally when you get a low quality news article you can figure out who the original source was, who it was that actually sent a real live human being reporter to talk in person with another real life human being, and that version of the article will have quality journalism.
Holy nuclear winter, Batman!
Yet another reminder about why we need space programs to get colonies of people off Earth.
Not only will having more places available serve as backup for humanity, but it will also ease the strain of conflict over locations as many people would want to leave for proverbially greener pastures.
Or maybe if taking the pessimistic view, let's hurry up and destroy ourselves before we spread elsewhere.
And how do they get to it without a warrant?
Under the Stored Communications Act, with an administrative subpoena that does not require any probable cause statement or review by a judge. No warrant required, but full legal force.
If you maintain it on your own you can fight it if you want.
If they give it to a third party like your ISP or some other service provider, they might fight it, or might not. Choose your partners carefully.
"There is no good reason to keep 25 years of email. "
Of course there is. You should know, some people actually comunicate about important matters, and keeping records can oftentimes be very beneficial.
Seems like you ignored the rest of the post, fixating on that one line.
I am not saying to dump important documents. I am saying a hodgepodge of email systems is a terrible archival method.
If there are communications that need to be preserved, preserve them properly.
As I pointed out, contracts should be preserved properly, generally meaning a hard copy printed out and kept in a physical file folder, or electronic copies should be properly archived properly as electronic documents. Mementos should be preserved, ether electronically or as hard copies, in an appropriate other container. Business-related documents should be classified and sorted and archived correctly for their type of documents.
Many types of documents have useful lifetimes that your lawyer will be quick to explain.Three months and six months are both critical windows when it comes to government access, government agencies can swoop in and demand copies of any email or other communication not marked as 'read' at that age, and do so without a warrant or court order. Three years or four years is the legal limit for most documents to be used in civil suits, if the document is older than that then generally it cannot be used as it is no longer timely. There are very few other documents you will receive in email that you would need to keep longer than that. If you do, keep them in a more permanent form than email.
It is surprising to me that so many /. users are missing the point of data retention policies. It seems when government agencies come up data retention policies and data destruction at the end of the limits come up quickly. In stories about businesses with decades of data people quickly jump on them for not destroying it in a timely manner, how job applications and similar records shouldn't be kept forever. But when it comes to a person's own policy, ain't nobody got time for that.
Keep what needs to be kept, and keep it properly. Discard what does not need to be kept. 25 years with 500,000 emails is about 24.9 months and 499,950 too many. Sort that crap out.
BTW, am I the only one that thought the Narnia stories were dumb, and a lame attempt at a copy of Lord of the Rings but with a bunch of annoying in-your-face Christian metaphors?
Probably the only person, yes.
Because that is the opposite order of when they were written.
CS Lewis wrote and published his books from 1949-1956.
Tolkien wrote chunks of LotR and related world fiction over a 30 year span, but didn't publish it until 1954-1955.
Most of the seven Chronicles books were published before LotR, and only two (The Magician's Nephew and The Last Battle) could potentially have been based on any of the LotR books as you suggest. Both of those books were (according to Wikipedia) finished before LotR was released; they were completed but not yet published. Books require some lead time between when they are submitted and when they hit the streets, so it is likely that CS Lewis did not know about the books except possibly hearing some of Tolkien's writings and reputation as a professor.
That's true, but from the sounds of it this is for business reasons. For business it's probably more important than if it was personal.
For business it can be even more important to clean things out. Having old things on hand is more likely to work against you than work in your favor. Yes, some documents need to be carefully retained and kept on file for the life of the business and the best place to do that is not in email. Most of these communications should be disposed of on a regular basis.
Most business lawyers I've worked with have strongly recommended a data retention policy to dump email regularly and always before the 3-month government communications free-for-all. Most work places I've been at have had 3 months before automatic forced deletion of email. If it is important it does not belong in email. Unread email is treated differently under the law, and currently any email that is six months old or older and marked as unread can be opened and read by federal agencies without a warrant. Similarly, transitory communications like chat logs and even file transfers through services like DropBox are easily accessed by government's prying eyes. Don't keep data there because lots of organizations, including government agencies, corporate spies, and opposition lawyers, can all get access to it.
If it is important it gets printed and filed, or moved to electronic documents that are properly archived, or otherwise moved to a better location than email. Paper files and electronic archives get properly maintained with their own data retention policies. Contracts and agreements made get filed with dates.
There is no good reason to keep 25 years of email.
Print out and properly file what is important. Agreements and important documents get filed. Properly file and archive personal mementos (not in email) or put them in a scrap book.
The Slashdot headline missed a key detail covered in the article:
Beazley point out that the piracy lawsuit was filed November last year, several days before the December 1, 2014 date the insurance policy began.
It is a bit difficult to file an insurance claim against lawsuit costs when the lawsuit was instigated before the insurance took effect.
Since we love automobile analogies so much: It is like buying car insurance in December to insure against a crash that took place the month before. That's not going to help much.
Or buying a life insurance policy for your recently-deceased relative.
The date insurance coverage began is going to be a far bigger problem than details of what the policy covers.
OMFG! There was a fluctuation of 2.2 percent in the female employees of a major corporation that has bizzilions of employees that come and go!
No, it was because they cancelled the phone business.
<sexist sarcasm humor> Clearly since they aren't working on phones any more, they don't need the women. They must have used the women to QA those phones so receptionists and secretaries would be satisfied with the phone's shape and comfort on the female face. Now that the phone division is closed they don't need the women any more. </sexist sarcasm humor>
Well, it is still fruit of the poison tree but is only known as such if someone is willing to admit that was how they found the information.
Parallel construction largely relies on a lie being in place. If at any time it is discovered that this other source or means was crafted due to the illegal connections, it can and likely would be toss out with it.
One neat thing about this type of deception is that the bigger it grows, the harder it is to hide. One person can keep a secret. Two people struggle to keep a secret. Hundreds of people cannot keep a secret, there will be a media leak by with a citation as a "confidential source not authorized to talk to the media."
If that happened it would not be one case tossed. It would be at least one case tossed and thousands of other cases re-opened for investigation, and intense scrutiny and a nasty public relations backlash.
We had a situation in a local PD where a highly acclaimed officer was caught faking field sobriety tests, falsifying reports and even the discovery of dashcam video showing the tazering of a sober person while shouting at them. In addition to the officer losing their job and various awards, there were various convictions overturned, convictions expunged, and several settlements allegedly of a quarter million dollars each were issued.
When discovered the impact to the groups is huge.
Discovery of illegal wiretaps and illegal records and failure to disclose potentially exculpatory evidence? That's the kind of thing that gets mass terminations and prison time for officers.
It seems a bit... Insane though. 90,000 at a measly $100 a pop (labour, booking etc) = $9m minimum. If they keep that up, they'll eventually eat into the profit so bad they fail...
Reading the actual story and announcement (yeah, craaaazy!) the test is to visually inspect the base of the seat belt and apply a sudden yank of at least 80 pounds force by the tech, followed by another visual inspection to see if anything deformed, bent, or otherwise broke.
This is not a cost of $100 per. For most people this will be 60 seconds added to their existing regular inspection.
"hadn’t received any direct payment for its Tor research from the FBI or any other government funder"...
So they have received indirect payments or have received direct payments from non-government funders.
Yes, that is exactly true. I'm assuming you didn't read the actual statement by the school.
It begins: "Carnegie Mellon University includes the Software Engineering Institute, which is a federally funded research and development center (FFRDC) established specifically to focus on software-related security and engineering issues."
So there you go, a blatant admission to an indirect payment. The government did not say "We will pay you to develop this specific technology" which would have been direct. The government told that lab, and many more, "Here is money to research this type of technology generally", and the lab happened to fund that project among many others, yielding an indirect payment. What most people probably didn't expect, the lab included, was that they would get a subpoena demanding the research.
While the tin-foil hat may be necessary elsewhere, no need for it here. The lab has always openly admitted to the indirect funding from federal grants. In their research papers, and in fact in the vast majority of university research papers, there is a line about the grants funding the lab. That is a non-secret.
So have a division of the medical device company dedicated to Q/Aing Windows updates. This is an easy problem to solve, and frankly the manufacturer should be held responsible for the inevitable malpractice lawsuits.
There is no reason that a medical device should be as much as a month out of date on updates, let alone the years and years out of date these devices get to be.
In some respects I agree with you. In a perfect world all the devices would be re-certified with every patch as soon as the patch is available, updated promptly, and all the latest security safeguards in place. They would be re-certified and verified to meet all the latest security requirements, safety requirements, and efficacy requirements.
However, these are not home computers.
These are medical devices that must meet strict certification requirements that they do exactly what they say they do.
Any time the device changes or the software is updated, it must be re-certified. Getting a full PMA (Pre-Market Approval) certification is both expensive and time consuming, the current fee is $261,388. The wait is normally anywhere from 3 to 6 months for certification. If the product fails for any reason, it means fixing it and paying re-submission fees.
When "install the latest Windows update" comes with a $261,388 fee to re-certify, any business is going to reject that idea unless they are required to do it.
Fair enough, but I don't think the piece was written to inform about the balance or blame of the hacking. Instead, it was to inform the unaware that the agreement wasn't worth the paper it was written on.
Many international agreements are that way, as are many high-profile acts of congress in the US.
This particular one was a "Joint Statement" that they intend to be nicer in the future. These are usually called resolutions, much like your resolution to lose ten or twenty pounds that you make every year at your new year's party. Politicians resolve that the nations will place nice together but there are no specifics and they have no consequences if the resolutions are broken. The politicians create and sign these in very public settings with lots of cameras and smiling faces.
The feel-good fluff news stories are popular with the masses and the media.
I'm a hiring manager. ... When I selected an older worker to advance in the interview process I got my hand slapped. I was told, "we want younger workers ... not younger workers age-wise, but younger workers".
That's the kind of thing you carefully capture in multiple emails, then forward on to the state's labor department while quietly sending around your own applications for a less shitty workplace.
Because YOU ALREADY KNOW in the next one or two rounds of layoffs, you'll be considered the old one ready to be terminated.
>> have been in safekeeping beneath the Arctic Ice
Wait, I thought all that was melting because the sky is falling.
Correct.
When the ice melts due to global warming, the formerly-arctic area will be sub-tropical. They'll just take the top off the vault, letting in the sunshine and warm rain to start growing all the crops. No need to transport them around the world. :-)
People above can't afford to live the same city they work because of housing prices. I once asked a night janitor, who had his two sons with him at work that day, where he lived. He told me he lived more than an hour out of the city. I don't have any solutions but this isn't a good thing.
Was recently looking at a potential job in the area.
The job looked great. Then I started looking for a home within 15 minutes of the workplace. Nothing family sized (4+ bedroom) shows up on Zillow for anything less than $800,000. Many homes comparable to my $200K current residence were selling for well over a million dollars. Zooming out a bit, finding family homes even remotely affordable (under $300K) would require a full hour commute.
I went on to the next job listing, in a more reasonable cost city. The tech jobs may be good, but they aren't THAT good. Currently Austin and Salt Lake are the main contenders.
It is a good thing when high profile and medium profile people get caught in these stupid things.
When celebrities, including political celebrities, get caught by government aggression it draws a spotlight on the programs that are harassing millions. With the spotlight on them, they tend to withdraw or become legally curtailed.
Sadly many of the abuses committed by government are against the dregs of society, the people already in trouble with the law, the despicable criminals, drug dealers, child abusers, rapists, murderers, and more. Most of society doesn't care when government abuses these people, which is why so many lawsuits are filed against agencies and officers that people dismiss as just another attempt to get out of being caught. If those same abuses were publicly made against people of celebrity status the programs would be quickly curtailed, or pushed further into the darkness of secrecy.
Good job DHS, keep targeting popular people. Best thing you can do for the country.
It depends on the union contract.Unionization doesn't automagically mean lazy employees abound.
What you describe is my observation as well. Unions can cause problems, but they can also solve problems. Unions can solve very broad problems that individuals cannot.
Some unions are more powerful and effective than others. Some are very good at helping union members, others not so much.
I see two big difficulties in a programmer union.
1. Skills are different and hard to quantify. One person is highly skilled in one tool, another is highly skilled in another tool. Both are very productive, but they are not directly interchangeable. Alice is an expert in MySQL, Bob is an expert in PostgreSQL, Charlie is an expert in Oracle. While any of them can likely write up a solution for generic SQL problems, for other problems one of them is going to be the best choice for your specific workplace. Similarly, Dan knows DirectX and Emma knows OpenGL, both are great graphics programmers, but they are not directly interchangeable.
In other fields, unions have less degree of specialization. You can roughly exchange teachers by domain: elementary school teachers are roughly interchangeable. Secondary education teachers are roughly interchangeable by field, a HS math teacher can be replaced by another HS math teacher. Among plumbers, two journeyman plumbers are roughly interchangeable, two master plumbers are roughly interchangeable. Classes of workers are roughly interchangeable. This is harder to isolate in software development. You can start by dividing people by programming languages and experience levels, but it quickly falls apart. I daily use four different programming languages, routinely use 8 over the course of my job, and have worked with around 20, mostly custom languages and scripting languages on our wider project. So it isn't like "HS math teacher", but "Java/C#/SQL/Python programmer who also knows Lua, ActionScript, HTML, PHP, JavaScript, etc." In general terms programmers bundle together neatly, but specifics really muddle any equivalency test.
2. Too many programmers have giant egos, thinking they are a special snowflake that is irreplaceable. Often they imagine there might be a bell curve or other distribution, but whatever the distribution is, they are skewed at the highest top 1% of them all. A little dose of reality, it is a bell curve and the vast majority of people are average. This is largely fed by the first problem, where they look around the workplace and notice that they are a domain expert. The thought "I am the domain expert on my team", wrongly translates to "I am the domain expert globally". Whatever your specific domain, you are easily replaced by others who are expert in that domain.
It is easy to get caught up in that. I am the only person with my exact skill set, so feel I'm highly valuable and difficult to replace. While it is true that my EXACT skill set is difficult to replace, others with SIMILAR skill sets can more or less overlap my job duties and replace me, with others in the team filling in the gaps.
Other tasks done by unions, such as group negotiation of salaries, become a little more difficult because of the individual variability. As a programmer I can potentially leverage my own specialty for higher pay, but in practice that rarely happens, in most workplaces the programmer is just a cog in the machine paid in the same bucket range as others.
... Which isn't all of what you need, but it is a better start than nothing at all. I'd rather see a link to a journal I can't read than no link at all.
Tend to agree.
I would prefer to have links to stuff I can actually use. But if I cannot view the actual citation, I would like the citation to be verified in a reputable source, perhaps a book (which I also generally cannot click to read), or a journal I cannot freely access on the subject.
Wikipedia's guidelines ask that editors should use independent resource, but the policy notes that it isn't always the case. While the ideal is to cite references that are publicly available, sometimes those don't exist. In their guidelines, "For example, many books are not available online at all, and subscriptions to academic databases such as JSTOR can be fairly expensive." Editors should use free resources if they can find them, but sometimes out-of-print books and pay-to-view journals are the only sources.
That is also part of the reason Wikipedia prefers secondary sources. The primary sources tend to be journal articles, research notes, reports, and complex research-related books. Secondary sources tend to be online writeups that are much more accessible.