I knew you were asking how/why this can occur on a technical or process level. Clearly some bad engineering design choices from a security standpoint were made. My assumption would be 'requirements' around keeping the data useful and available for mining/analysis/sale now or in future resulted in a misfeature.
The core issue though is no amount of engineering is going to make a fundamentally bad idea into a good product. Its not smart to let someone company have this kind of access to your personal life. The exception to that rule might be if you are paying them to look out for your interests and its thefore in their interest to do right be you so you keep paying them for that. Kinda like why you trust your Dentists to help you care for your teeth well. He makes money when you take his/her advice but if you are getting bad advice and the result is your are uncomfortable all the time you might go somehere else. Its in their interest to care for you well.
Amazon does not make money looking up stuff on the web for you! They provide services to that smart mic/speaker for two reasons: 1) Maybe you will impulsively buy something else from them. 2) to gather marketing data they can resell or just use to manipulate you.
Giving them the tools to do that isn't a good idea; you place feel good privacy "rules" and such on it all you want but the temptation to use it in ways you don't want will always be there and a real conscientious attitude toward your safety and well being never will be.
This plant already had some existing metabolic process that uses those chemicals. Since the researches just added something - a new protein - without taking anything out my guess is that yes the plant can still live on its "normal" nutrient sources.
That said I would also assume it would be slightly less fit and require a little more inputs than unmodified individuals after all its making a protein it does not need.
And that is the difference: in one case you're making an argument about why you shouldn't vote for Trump and should in fact for for Hilary. In other case you're just focusing on getting the Blacks to not vote. It's a subtle difference but it's real. There's no attempt at discussing policy even as a background. CA was just trying to say "Don't Vote". Not, "Vote this way" but "Don't vote".
That's voter suppression. That's the difference and the genius of CA's approach. It's a whole new type of politicking. You're no longer making arguments, your just trying to game the system. It's an "end justifies the means" form of politics, and it's why everything CA did makes us so uneasy. Again, the genius is that it's hard to put your finger on why what they did was so bad because at first glance it looks like politics as usual. It's not.
No it is absolutely politics as usual. Literally as long as there have been campaigns attempts have been made to convince one group their issue/candidate has no chance they might as well just stay home. Its been done news paper editorials, carefully timed polling, carefully worded polling and then reworded reporting of the results, calling elections before all the votes are cast and a host of other methods..
The only thing different is CA did it slightly better and "with a computer"
Come on speech can't be voter suppression; unless perhaps its clearly intimidating / threading.
If I ran an advertisement on billboard near a majority black university making an argument that statistics say you might as well not bother voting - would you also call that voter suppression?
The fact is the people upset about the electoral angle of this are just sad sack losers. Look at it this way if a voter is so ill informed that they can be manipulated into voting a certain way or forfeiting their franchise entirely by a freaking MEME - they were unfit to participate in the process anyway!
If you want to blame anyone for facebooks ability to manipulate the American voter I would be looking hard at your local school board and the teaching staff in your local public school because clearly what we have here is a systemic failure of civics education - which facebook and others are trivially able to exploit.
No it does not such thing. It creates a stupidly reasoned legal loophole that allows a select group of people to commit murders of convenience.
Use condoms, take the pill whatever; but once you make a life its not yours to take. The bill of rights is very explicit and privacy was NOT an unknown idea at the time. If the framers had intended to create a absolute privacy right they would have done so!
Oh and by the way the same "reasoning" that was ultimately used in Roe could logically be applied to almost ANY activity. If Roe is good law than really government can't do all kinds of other things it does. Why for example can the government require reporting about a private contract with your employer for income tax purposes?
Roe makes exactly no-sense. Its morally repugnant too; literally every pro-abortion argument denies the humanity of the unborn; with zero scientific backing for doing so. Pro-murder advocates used to blather about viability, until that got pushed further and further back. Now they do almost anything they can to prevent ultrasounds of the procedure because guess what they make it painful clear that the unborn feel pain and at least react to it; yet they know the way the procedure is performed would not be acceptable in terms of cruelty to use in a slaughter house on beasts. Abortion appologists and advocates use the same arguments that have been used to justify American slavery, Nazism, and a multitude of other ethnic genocides around the world - that isn't a coincidence.
My view is anyone who isn't prolife at this point is 1) ignorant of the science; 2) ignorant of history; or 3) a really terrible person.
Right now its plainly obvious to everyone that 1) They don't enjoy the information access the rest of the world does 2) They government is responsible 3) Things are better elsewhere
When you give people a 'good enough' alternative there are those who might believe:
1) The have access to most information, what is censored is really just awful stuff they'd have no interest in 2) The government is helping them or at least not hindering 3) Things are probably like this everywhere.
Right now with the Great Firewall and crapy Bidu; the Part has a tight grip on the internet - but some things slip thru their fingers. Letting Google et al play might seem like a loosening of that grip but really it will be a more insidious form of control; and the people who NEED to find ways around will find few allies to help them.
Actually most likely they will set the effort aside for some time. Management that still invested in it will recall who the loyalists were. Those folks will be promoted for being "team players".
Having solidified their support among middle management upper management will try again in a year or two. They will tell everyone how "this time its different" while those newly minted middle manager dust off the old projects plans, check the old code back into new repos and pass everything through sed replacing the old name with the latest feel good version. More than likely with some obnoxious new Orwellian name like the People's Democratic Search Engine of China.
This how it usually works.
I am off to find out if I can register pdse.cn later...
I think MIPS might very well fall into that category too. Mozilla survived not because Seamonkey/gekko were any good at the time compared to IE. They were not; for all the problems IE 4/5 had; it was better. Mozilla technology was good enough though and solid enough to be built on and made better. Nobody would have bother but for the fact the MS had essentially abandon the idea of making a contemporary web browser available on anything other then 32-bit Windows.
MIPS while a good design is really obsolete. Ever where it might edge some other technologies in say total computation per/watt or something its obsoleted by other advances in batteries etc that make it mostly not worth the trouble. On there other end there are plenty of 8 and 16 bit micro controller products to pick from in energy use is first thing you are optimizing for.
I just don't see a market for other than to people who have fond memories of writing MIPS assembly in school or something. I mean maybe someone can put out a line of MaplePi computers or something as educational toys..
I realize its not exactly the CRaP issue but it might be what shoves some products into that category. I use Prime alot because even Walmart means a 25 mile round trip here. So having stuff delivered is usually great value proposition for me in terms of my personal time and my own costs in driving to go get stuff.
Some of Amazon's packaging choices however are atrocities. I have lost count of the number of times I have got a shoeboxed sized or larger carton packed with bubble wrap when a padded envelope would have been fine. Padded to keep the product from puncturing the envelope not protect the product it from damage.
That and Amazon always uses bubble wrap, never paper? Why not paper Amazon - cheaper and more environmentally friendly (and I could use it for kindling like I already use your boxes!)
There is a big difference between Omaha and Minneapolis, St Louis, Nashville, Charlotte, Indianapolis, Louisville, Dallas or even Chicago though. Certainly none of those are without their own problems and higher costs but nothing like NYC.
I am no fan of City life; but any of those places are way more approachable and livable than NYC and for the most part have every bit as much to offer.
Right but that is a black list - NOT different than having humans watching cameras.
What I would want to know is: if someone buys a ticket say with credit card do that attach the name to the ticket number (of course they do; will call etc) and when you present the ticket do the sample your face and stored that data with the identifying information they already have or do they just check you are NOT one of the barred individuals. THAT is a big difference.
I get if you are financial services company or offer services specific to other companies in that sector. NYC is a center of mass for that; and its near other cities like Hartford, Boston, DC, etc that are also heavy in that.
I don't get why if you are tech company like Google you'd have any interest in maintaining anything more than some sales offices etc there.
It super expensive so you will have pay high salaries, much higher than you would elsewhere. There are plenty of other big cities that are less expensive where you could still certainly find top talent; and if you are Google you can pay key people to move to one of them if need be.
NYC is for the most part a dirty crowded shit hole. Its fun as a tourist destination if you are just there to see a show, visit the museums and seem some famous architectural achievements. I have a lot of experience traveling there for business and my take away everytime is that: Gee everything takes longer here, costs twice as much, and I have to spend the night in an EXPENSIVE hotel room only to still be kept up all night by the endless traffic, both inside the building and on the streets.
Really its my least favorite place to be sent. I would NEVER for any salary consider living there.
The trouble is a lot of her fans are minors. So many of them actually are not going to have any sort of reasonably tamper/forgery resistant identification.
A 16 year old could be as dangerous to her as an adult. An adult stalker might pose as a minor concert goer without ID. So I can see in this instant why being able to positively identify individuals on the "No admittance list" using methods other than asking for ID would be required.
In the past this form of facial recognition would have been implemented with a team of security people in a room some place with photos of the black listed folks in front of them, watching monitors displaying images from cameras training on people while they present their tickets at the gate. Big acts have been doing that for decades. All that happened here is a some wetware has been replaced with hardware/software.
The question is the data being correlated and stored or not.
but doing it without leaving evidence is something else
Umm you know they had presence on the network for YEARS right?
That is literally years on a network run by large organization which should have a formal security practice with in it. Conclusion either these guys are pretty good, the IT group within Marriott is deeply incompetent, or some combination thereof.
There is more to espionage than just data gathering. There are psychological and diplomatic aspects too.
Looking at this: 1) No Chinese nationals or Chinese intel assets (known to us anyway) have been grabbed so either they did all this entirely by remote or the people onsite were long gone before this was discovered (presumably as planned)
2) They were in the system long enough to exfil just about all possible information assets, detect trends in behavior by VIP guests etc. They got what they wanted on that score.
3) Letting it eventually be discovered sends a pretty scary message - we can do this do you! - we can get away with it for years. Consider how crippling it might actually be for the CIA to realize that literally every hotel everywhere might have Chinese eyes on it. Obviously covert agents don't exactly check in under their own names but they could still track an identity from place to place; they might using big data be able to pickup on habits, combine with other intel and spot the spy. This creates a whole new worry for that group.
4) This is yet another opportunity to test the readiness and resolve of western governments to react to this type of threat. Its unlikely anyone is going to go nuclear (figuratively speaking) and knee-jerk axe trade deals, close boarders, or seize assets over a hotel chain hack. At the same time the nature response or lack of response will provide Chinese strategists with insight into what they can get away with and what the risks are in going after higher profile/value targets.
Its sad fact that a lot of employees just are not excited about changing gears to speak. A lot of the blame gets placed on management being unwilling train and develop talent but its not the whole of the story. For a lot of folks who mostly come into work and do the same things each day and are happy about it change is seen as threat. They might not be good at the new stuff, they might not pick it up as fast as their peers etc. These fears become a self fulfilling prophecy, because they are resentful about the change they don't adapt to it nearly as well as they are actually capable of.
By contrast that same person can go take a new job somewhere else, and even though it means learning all kinds of new stuff their perception is that its an interesting challenge and they may very well excel. The difference is who took away the feeling of security.
Management at big firms that have to roll out new processes and technology frequently understand this effect. Offering a buyout is a good way to encourage those folks who might be good employees but are not the thought leaders and eager go geters to move on without some of the negatives of direct firing/layoffs. You get rid of the talent least likely to accept the changes and don't create a many people telling other talent "Never work for X they suck they will lay you off in an instant.." Sure you have to than rehire or contract (usually at higher rates) a portion of your staff and incur those costs as well but its often the best of bad options. This types of actions are not great for moral; but neither is having a large number of disgruntled employees around who are resisting the changes.
I don't know if it was a deliberate distraction but FFS the OMB breach should be far and away the biggest concern! Its a major compromise that put intelligence assets at significant risk, and basically every federal employee and their families in all the same ways the Equifax breach and others do.
We also have a lot of reason to think China was behind it.
Frankly the way it was handled is disgusting. Firstly being and Obama admin failure the press basically ignored it to the degree they could. Because it was China the politicians did nothing in terms of retaliation or punitive actions.
Really forget the damned Russia investigation we need to be investigating China and every one in governments ties to it! How is a top interpol official can just disappear in China and it gets virtually no press coverage, and nobody on the hill talks about it but we go weeks because the Saudis kill a some Muslim brotherhood propaganda mouthpiece; because woop de doo he got a few opinions published in some our rags a few times therefore anyone touching him is a threat democracy.
Two things are clear: China owns our government and press corps.
Our government is absolutely in capable of protecting our information assets as organized today, while there are some smart people at NIST and the NSA they are not making the decisions around how the chicken coup is guarded. I would argue until the Federal government is able to re-establish itself as an exemplar for good information security and asset protection they have no business telling anyone else what to do. Make some standards, prove them out in government first and then if they really are good, regulate and force them on others but ONLY then
The thing is facebook has the methods of subtly steering people into their apps that are very effective. One example and I have little doubt there are others, is "private" and I use the term loosely messages. You can't read them on the mobile site! You can't even read them in the mobile app you have install FBs other app messenger and give it the access it wants. Oh but you can see that you have a private message - or - maybe its not really a message maybe its a bogus friend request from one of what I suspect are likely FB's own or otherwise sanctioned bots.
Now you can use the full version of the site if you can get it on your mobile somehow; to do so you will need to fake the useragent; which most people can't do at least without rooting their device; which carries its own set of risks.
Its also true leaving facebook does next to nil for your privacy (well okay stop using their vpn). The thing is all your friends are still on facebook. facebook is still slurping up their contact lists with you on it. They are still gobbling up pictures with you in them and their geo tags; if anyone has ever tagged you before they have your face and will recognize you anyway.
Unless you can literally get the majority of people you know to dump facebook too - they have and they will continue to be able to assemble a pretty darn complete picture of your life like it or not.
The real choice before you right now is this: Have a facebook account and put some stuff on their you want people to see/know about you or don't. if you choose don't realize that when someone searches you on facebook they will still find stuff but all of it will be sourced from places you don't control directly. Ditto with having stuff on the web. You put some stuff other there that will likely come up first when someone searches you in hopes they look at that and maybe stop looking or you leave the first results to be whatever they are. You might think whatever I have nothing to hide; sure but guess what the shell scrip you wrote 15 years ago while still in school is going to pop up and I am going to conclude you're a terrible programmer if I don't find anything else...
The tech guys usually are not wrong they just believe time to mass market is shorter than it usually is. The first wave investors get burned the same way.
Example in 99 IBM predicted in a Super Bowl ad that checkout free grocery stores were literally right around the corner. Here we are in 2018 and Amazon (Notably not IBM) has finally delivered a few test stores.
Touch Screen Smart Phones. RIM/Microsoft/Handspring etc all tried it; with first gen stuff that really was not far behind iPhone 1 in terms of tech; just lacked polish. All are in the dust bin of history as far as those products go; Apple late to party road theirs to become the most valuable company on earth.
You could say similar things about other tech; MITS never really exactly cleaned up on the Altair but the S100 market was huge for a while. How many Altos did Xerox sell? Not many compared to the number of Macintosh machines that rolled out.
There is a tendency to bring tech out that falls just short of good enough for mass market. You tend to over look your babies flaws and you tend to justify the deficiencies. Its like most power doors on cars. Great idea super handy when you have big bag of groceries in your arms etc. The fist gen stuff in he late 70's 80's though was terrible - nobody had 37 seconds to stand there why their door opened. The people working on that stuff thought probably felt they'd solved the problems; until the market told them "not quite" not its a popular feature
Slashdot Mirror
I knew you were asking how/why this can occur on a technical or process level. Clearly some bad engineering design choices from a security standpoint were made. My assumption would be 'requirements' around keeping the data useful and available for mining/analysis/sale now or in future resulted in a misfeature.
The core issue though is no amount of engineering is going to make a fundamentally bad idea into a good product. Its not smart to let someone company have this kind of access to your personal life. The exception to that rule might be if you are paying them to look out for your interests and its thefore in their interest to do right be you so you keep paying them for that. Kinda like why you trust your Dentists to help you care for your teeth well. He makes money when you take his/her advice but if you are getting bad advice and the result is your are uncomfortable all the time you might go somehere else. Its in their interest to care for you well.
Amazon does not make money looking up stuff on the web for you! They provide services to that smart mic/speaker for two reasons: 1) Maybe you will impulsively buy something else from them. 2) to gather marketing data they can resell or just use to manipulate you.
Giving them the tools to do that isn't a good idea; you place feel good privacy "rules" and such on it all you want but the temptation to use it in ways you don't want will always be there and a real conscientious attitude toward your safety and well being never will be.
Its possible because Amazon and others have convinced people its a great idea to have hot mic; under third party control in their homes.
Its possible because people are stupid.
This plant already had some existing metabolic process that uses those chemicals. Since the researches just added something - a new protein - without taking anything out my guess is that yes the plant can still live on its "normal" nutrient sources.
That said I would also assume it would be slightly less fit and require a little more inputs than unmodified individuals after all its making a protein it does not need.
You are right A/C. I had not even spotted that angle of it. Wish I could up mod you insightful but I am commenting on this story.
And that is the difference: in one case you're making an argument about why you shouldn't vote for Trump and should in fact for for Hilary. In other case you're just focusing on getting the Blacks to not vote. It's a subtle difference but it's real. There's no attempt at discussing policy even as a background. CA was just trying to say "Don't Vote". Not, "Vote this way" but "Don't vote".
That's voter suppression. That's the difference and the genius of CA's approach. It's a whole new type of politicking. You're no longer making arguments, your just trying to game the system. It's an "end justifies the means" form of politics, and it's why everything CA did makes us so uneasy. Again, the genius is that it's hard to put your finger on why what they did was so bad because at first glance it looks like politics as usual. It's not.
No it is absolutely politics as usual. Literally as long as there have been campaigns attempts have been made to convince one group their issue/candidate has no chance they might as well just stay home. Its been done news paper editorials, carefully timed polling, carefully worded polling and then reworded reporting of the results, calling elections before all the votes are cast and a host of other methods..
The only thing different is CA did it slightly better and "with a computer"
Come on speech can't be voter suppression; unless perhaps its clearly intimidating / threading.
If I ran an advertisement on billboard near a majority black university making an argument that statistics say you might as well not bother voting - would you also call that voter suppression?
The fact is the people upset about the electoral angle of this are just sad sack losers. Look at it this way if a voter is so ill informed that they can be manipulated into voting a certain way or forfeiting their franchise entirely by a freaking MEME - they were unfit to participate in the process anyway!
If you want to blame anyone for facebooks ability to manipulate the American voter I would be looking hard at your local school board and the teaching staff in your local public school because clearly what we have here is a systemic failure of civics education - which facebook and others are trivially able to exploit.
No it does not such thing. It creates a stupidly reasoned legal loophole that allows a select group of people to commit murders of convenience.
Use condoms, take the pill whatever; but once you make a life its not yours to take. The bill of rights is very explicit and privacy was NOT an unknown idea at the time. If the framers had intended to create a absolute privacy right they would have done so!
Oh and by the way the same "reasoning" that was ultimately used in Roe could logically be applied to almost ANY activity. If Roe is good law than really government can't do all kinds of other things it does. Why for example can the government require reporting about a private contract with your employer for income tax purposes?
Roe makes exactly no-sense. Its morally repugnant too; literally every pro-abortion argument denies the humanity of the unborn; with zero scientific backing for doing so. Pro-murder advocates used to blather about viability, until that got pushed further and further back. Now they do almost anything they can to prevent ultrasounds of the procedure because guess what they make it painful clear that the unborn feel pain and at least react to it; yet they know the way the procedure is performed would not be acceptable in terms of cruelty to use in a slaughter house on beasts. Abortion appologists and advocates use the same arguments that have been used to justify American slavery, Nazism, and a multitude of other ethnic genocides around the world - that isn't a coincidence.
My view is anyone who isn't prolife at this point is 1) ignorant of the science; 2) ignorant of history; or 3) a really terrible person.
Have you tried an iPhone; they are quite popular; and quite free of facebook OOB.
Keep those nuclear plants and hydroelectric dams in service longer
Ahh yes because that never leads to ecological calamity
That is not how it really works though.
Right now its plainly obvious to everyone that
1) They don't enjoy the information access the rest of the world does
2) They government is responsible
3) Things are better elsewhere
When you give people a 'good enough' alternative there are those who might believe:
1) The have access to most information, what is censored is really just awful stuff they'd have no interest in
2) The government is helping them or at least not hindering
3) Things are probably like this everywhere.
Right now with the Great Firewall and crapy Bidu; the Part has a tight grip on the internet - but some things slip thru their fingers. Letting Google et al play might seem like a loosening of that grip but really it will be a more insidious form of control; and the people who NEED to find ways around will find few allies to help them.
Actually most likely they will set the effort aside for some time. Management that still invested in it will recall who the loyalists were. Those folks will be promoted for being "team players".
Having solidified their support among middle management upper management will try again in a year or two. They will tell everyone how "this time its different" while those newly minted middle manager dust off the old projects plans, check the old code back into new repos and pass everything through sed replacing the old name with the latest feel good version. More than likely with some obnoxious new Orwellian name like the
People's Democratic Search Engine of China.
This how it usually works.
I am off to find out if I can register pdse.cn later...
I think MIPS might very well fall into that category too. Mozilla survived not because Seamonkey/gekko were any good at the time compared to IE. They were not; for all the problems IE 4/5 had; it was better. Mozilla technology was good enough though and solid enough to be built on and made better. Nobody would have bother but for the fact the MS had essentially abandon the idea of making a contemporary web browser available on anything other then 32-bit Windows.
MIPS while a good design is really obsolete. Ever where it might edge some other technologies in say total computation per/watt or something its obsoleted by other advances in batteries etc that make it mostly not worth the trouble. On there other end there are plenty of 8 and 16 bit micro controller products to pick from in energy use is first thing you are optimizing for.
I just don't see a market for other than to people who have fond memories of writing MIPS assembly in school or something. I mean maybe someone can put out a line of MaplePi computers or something as educational toys..
Thanks for providing a bit of useful analysis.
I realize its not exactly the CRaP issue but it might be what shoves some products into that category. I use Prime alot because even Walmart means a 25 mile round trip here. So having stuff delivered is usually great value proposition for me in terms of my personal time and my own costs in driving to go get stuff.
Some of Amazon's packaging choices however are atrocities. I have lost count of the number of times I have got a shoeboxed sized or larger carton packed with bubble wrap when a padded envelope would have been fine. Padded to keep the product from puncturing the envelope not protect the product it from damage.
That and Amazon always uses bubble wrap, never paper? Why not paper Amazon - cheaper and more environmentally friendly (and I could use it for kindling like I already use your boxes!)
There is a big difference between Omaha and Minneapolis, St Louis, Nashville, Charlotte, Indianapolis, Louisville, Dallas or even Chicago though. Certainly none of those are without their own problems and higher costs but nothing like NYC.
I am no fan of City life; but any of those places are way more approachable and livable than NYC and for the most part have every bit as much to offer.
Right but that is a black list - NOT different than having humans watching cameras.
What I would want to know is: if someone buys a ticket say with credit card do that attach the name to the ticket number (of course they do; will call etc) and when you present the ticket do the sample your face and stored that data with the identifying information they already have or do they just check you are NOT one of the barred individuals. THAT is a big difference.
I get if you are financial services company or offer services specific to other companies in that sector. NYC is a center of mass for that; and its near other cities like Hartford, Boston, DC, etc that are also heavy in that.
I don't get why if you are tech company like Google you'd have any interest in maintaining anything more than some sales offices etc there.
It super expensive so you will have pay high salaries, much higher than you would elsewhere. There are plenty of other big cities that are less expensive where you could still certainly find top talent; and if you are Google you can pay key people to move to one of them if need be.
NYC is for the most part a dirty crowded shit hole. Its fun as a tourist destination if you are just there to see a show, visit the museums and seem some famous architectural achievements. I have a lot of experience traveling there for business and my take away everytime is that: Gee everything takes longer here, costs twice as much, and I have to spend the night in an EXPENSIVE hotel room only to still be kept up all night by the endless traffic, both inside the building and on the streets.
Really its my least favorite place to be sent. I would NEVER for any salary consider living there.
just a camera or ask for ID at the door
The trouble is a lot of her fans are minors. So many of them actually are not going to have any sort of reasonably tamper/forgery resistant identification.
A 16 year old could be as dangerous to her as an adult. An adult stalker might pose as a minor concert goer without ID. So I can see in this instant why being able to positively identify individuals on the "No admittance list" using methods other than asking for ID would be required.
In the past this form of facial recognition would have been implemented with a team of security people in a room some place with photos of the black listed folks in front of them, watching monitors displaying images from cameras training on people while they present their tickets at the gate. Big acts have been doing that for decades. All that happened here is a some wetware has been replaced with hardware/software.
The question is the data being correlated and stored or not.
but doing it without leaving evidence is something else
Umm you know they had presence on the network for YEARS right?
That is literally years on a network run by large organization which should have a formal security practice with in it. Conclusion either these guys are pretty good, the IT group within Marriott is deeply incompetent, or some combination thereof.
There is more to espionage than just data gathering. There are psychological and diplomatic aspects too.
Looking at this:
1) No Chinese nationals or Chinese intel assets (known to us anyway) have been grabbed so either they did all this entirely by remote or the people onsite were long gone before this was discovered (presumably as planned)
2) They were in the system long enough to exfil just about all possible information assets, detect trends in behavior by VIP guests etc. They got what they wanted on that score.
3) Letting it eventually be discovered sends a pretty scary message - we can do this do you! - we can get away with it for years. Consider how crippling it might actually be for the CIA to realize that literally every hotel everywhere might have Chinese eyes on it. Obviously covert agents don't exactly check in under their own names but they could still track an identity from place to place; they might using big data be able to pickup on habits, combine with other intel and spot the spy. This creates a whole new worry for that group.
4) This is yet another opportunity to test the readiness and resolve of western governments to react to this type of threat. Its unlikely anyone is going to go nuclear (figuratively speaking) and knee-jerk axe trade deals, close boarders, or seize assets over a hotel chain hack. At the same time the nature response or lack of response will provide Chinese strategists with insight into what they can get away with and what the risks are in going after higher profile/value targets.
Its sad fact that a lot of employees just are not excited about changing gears to speak. A lot of the blame gets placed on management being unwilling train and develop talent but its not the whole of the story. For a lot of folks who mostly come into work and do the same things each day and are happy about it change is seen as threat. They might not be good at the new stuff, they might not pick it up as fast as their peers etc. These fears become a self fulfilling prophecy, because they are resentful about the change they don't adapt to it nearly as well as they are actually capable of.
By contrast that same person can go take a new job somewhere else, and even though it means learning all kinds of new stuff their perception is that its an interesting challenge and they may very well excel. The difference is who took away the feeling of security.
Management at big firms that have to roll out new processes and technology frequently understand this effect. Offering a buyout is a good way to encourage those folks who might be good employees but are not the thought leaders and eager go geters to move on without some of the negatives of direct firing/layoffs. You get rid of the talent least likely to accept the changes and don't create a many people telling other talent "Never work for X they suck they will lay you off in an instant.." Sure you have to than rehire or contract (usually at higher rates) a portion of your staff and incur those costs as well but its often the best of bad options. This types of actions are not great for moral; but neither is having a large number of disgruntled employees around who are resisting the changes.
I don't know if it was a deliberate distraction but FFS the OMB breach should be far and away the biggest concern! Its a major compromise that put intelligence assets at significant risk, and basically every federal employee and their families in all the same ways the Equifax breach and others do.
We also have a lot of reason to think China was behind it.
Frankly the way it was handled is disgusting. Firstly being and Obama admin failure the press basically ignored it to the degree they could. Because it was China the politicians did nothing in terms of retaliation or punitive actions.
Really forget the damned Russia investigation we need to be investigating China and every one in governments ties to it! How is a top interpol official can just disappear in China and it gets virtually no press coverage, and nobody on the hill talks about it but we go weeks because the Saudis kill a some Muslim brotherhood propaganda mouthpiece; because woop de doo he got a few opinions published in some our rags a few times therefore anyone touching him is a threat democracy.
Two things are clear:
China owns our government and press corps.
Our government is absolutely in capable of protecting our information assets as organized today, while there are some smart people at NIST and the NSA they are not making the decisions around how the chicken coup is guarded. I would argue until the Federal government is able to re-establish itself as an exemplar for good information security and asset protection they have no business telling anyone else what to do. Make some standards, prove them out in government first and then if they really are good, regulate and force them on others but ONLY then
The thing is facebook has the methods of subtly steering people into their apps that are very effective. One example and I have little doubt there are others, is "private" and I use the term loosely messages. You can't read them on the mobile site! You can't even read them in the mobile app you have install FBs other app messenger and give it the access it wants. Oh but you can see that you have a private message - or - maybe its not really a message maybe its a bogus friend request from one of what I suspect are likely FB's own or otherwise sanctioned bots.
Now you can use the full version of the site if you can get it on your mobile somehow; to do so you will need to fake the useragent; which most people can't do at least without rooting their device; which carries its own set of risks.
Its also true leaving facebook does next to nil for your privacy (well okay stop using their vpn). The thing is all your friends are still on facebook. facebook is still slurping up their contact lists with you on it. They are still gobbling up pictures with you in them and their geo tags; if anyone has ever tagged you before they have your face and will recognize you anyway.
Unless you can literally get the majority of people you know to dump facebook too - they have and they will continue to be able to assemble a pretty darn complete picture of your life like it or not.
The real choice before you right now is this: Have a facebook account and put some stuff on their you want people to see/know about you or don't. if you choose don't realize that when someone searches you on facebook they will still find stuff but all of it will be sourced from places you don't control directly. Ditto with having stuff on the web. You put some stuff other there that will likely come up first when someone searches you in hopes they look at that and maybe stop looking or you leave the first results to be whatever they are. You might think whatever I have nothing to hide; sure but guess what the shell scrip you wrote 15 years ago while still in school is going to pop up and I am going to conclude you're a terrible programmer if I don't find anything else...
Maybe its time to re-think not enabling the mitigations in the Linux by default?
This looking more exploitable in the wild all the time
The tech guys usually are not wrong they just believe time to mass market is shorter than it usually is. The first wave investors get burned the same way.
Example in 99 IBM predicted in a Super Bowl ad that checkout free grocery stores were literally right around the corner. Here we are in 2018 and Amazon (Notably not IBM) has finally delivered a few test stores.
Touch Screen Smart Phones. RIM/Microsoft/Handspring etc all tried it; with first gen stuff that really was not far behind iPhone 1 in terms of tech; just lacked polish. All are in the dust bin of history as far as those products go; Apple late to party road theirs to become the most valuable company on earth.
You could say similar things about other tech; MITS never really exactly cleaned up on the Altair but the S100 market was huge for a while. How many Altos did Xerox sell? Not many compared to the number of Macintosh machines that rolled out.
There is a tendency to bring tech out that falls just short of good enough for mass market. You tend to over look your babies flaws and you tend to justify the deficiencies. Its like most power doors on cars. Great idea super handy when you have big bag of groceries in your arms etc. The fist gen stuff in he late 70's 80's though was terrible - nobody had 37 seconds to stand there why their door opened. The people working on that stuff thought probably felt they'd solved the problems; until the market told them "not quite" not its a popular feature