three operating systems: two running Solaris, one running Win 2000
two different databases: Oracle on Solaris; not sure what it runs on Win 2000
dozens of mechanical controllers, sensors, pumps and actuators
etc
You can bet that on a product of this complexity, there will be updates.
There is no doubt that medical devices use all sort of operating systems and have all sorts of capabilities, but what they are talking about in the article is communications between patient devices like pacemakers, insulin pumps, etc. That is different than the equipment you show, or an MRI, CT scan, etc. Those, are true computer driven systems. The ones DHS are taking over are the kind that are embedded or worn on your body.
Well you know what they say "Those who can, do. Those who can't, teach." Is it any surprise that a group of educators would want their system based on Windows, even if it is not the best platform? Public education has been indoctrinated into the Microsoft ecosystem through grants and free software. So, why would they even consider a non-Microsoft platform for their infrastructure, even if Microsoft is the non-standard platform?
--- You can do things the right way or the Microsoft way, but rarely can you do both.
You misunderstand my post. I am not saying that we shouldn't have these devices, but if the risk from the software, or somebody hacking the software is so great that homeland security has to take it over, then maybe the very benefits and tradeoffs you mention should be looked at again.
As for the car analogy, computers CAN make cars more fuel efficient, but in reality, they have a smaller impact on fuel efficiency than people think and are really used to keep pollution down and to keep from making the tough decisions that would truly improve fuel efficiency like smaller, lighter vehicles. A 1980 Honda Civic got better mileage than most "fuel efficient" vehicles today and it was computer controlled.
But in reality, the car analogy fails, because it is not the computer that is the problem but the need to be able to update the software remotely and securely. Is this a problem that really requires Homeland Security to solve or even be involved with? If so, then somebody has to ask the question as to whether the ability to do these updates outweighs the benefits. That's all.
It seems to me, that the market can easily fix this problem. Company A says "Buy my pacemaker, it is lower cost." Company B says "By mine, because, it might cost a little more, but then again, you don't have to worry about a stranger with an iPhone turning it off." Which company's pacemaker would you buy? The market is very good at deciding these things, if the market is told the truth.
So, yes, your pacemaker may be vulnerable to somebody hacking it and turning it off and you will die. Then again, without it, you would already be dead. The question is what is the likelihood of your individual pacemaker being hacked and turned off?
Again, the problem is not computers in and of them self. It is what we want to do with them and the trade-offs that must be made to accomplish that. Again, using the pacemaker as an example, it could be as simple as requiring some sort of password. Then again, if only the hospital that installed it knows the password, then what about the paramedics called to your house? What if they need to adjust it on the spot? Most likely, there will be a back door, for the rare situation where that might occur or the hospital simply loses the code. And, like any backdoor, it can be exploited.
I guess, what I am saying is that before turning all of this over to Homeland Security, I'd like to know how many pacemakers and insulin pumps have been hacked versus how many are out there? Is this a true threat or just bad movie plot from the ScyFy Channel that has taken hold in DHS? Or for the paranoid, does DHS want this so they can put their own back door in and turn off the pacemakers of those who are unfriendly to the US?
Again, if it is such a big risk, then go back to when pacemakers and insulin pumps couldn't communicate with the outside world. They might not be as convenient, but if there is such a risk, maybe that is the price to be paid.
As for coming over to your office to meet face to face, well, you'd have to give me the address first. (and please don't).
Berkeley published an article that's comparable to the sfgate-article linked here. It is not comparable to the publication in Nature, which is locked behind a paywall.
Why exactly would universities need a subscription to private journals in order to be able to share publications amongst eachother?! The only effect this has, is that they divert some money to things like JSTOR and probably a lot of journal subscriptions.
Also your assumption that this is not relevant to non-university research is baseless. How can we discuss this properly on slashdot if the information is not publically available? The cost of all required relevant subscriptions to find publications in certain fields is way too high for me. Besides that, hiding such publications from the world makes it very difficult to search within them using e.g. Google. Even worse, since all good publications are hidden, this mechanism favors disinformation. And also worse, less eyes get to see the publications so less people get inspired to do more research and less feedback is given. Thereby it harms quality of and progress in science on a global scale.
It sounds like you are upset because you can't get online access to the article for free, just like in the pre-internet days you couldn't get it free, either, unless the public library had it. Nothing has changed in that regard with having to pay for content, just the medium. Obviously, searching Google does bring up the article, so it can in fact be found, and if it is germane to your project, you pay for it. Plain and simple.
As for most universities, they have a bulk license that gives them access to numerous research journals for a very low fee. Why? Because the students and professors need access to the information for research and teaching purposes. If you are affiliated with a university, then you probably have access to this research. If you are doing research in the private sector, then your employer should pay for it, assuming it is related to what you are researching. If you are conducting research on your own, then the cost of the article is no different than the cost of any other supply that you would use for your research.
BTW, the public library in the small town I am in has a subscription to Nature, so I can just go look at the article for free. Maybe your public library does likewise.
Sure, people in hospitals need information, but surely something which is assisting in the physical process of a surgery (etc.) doesn't need to be in the cloud, does it?
As someone who works for a company that writes medical systems software, I can tell you that at the very least the systems need network connectivity so that the different systems can consolidate data in one place for examination. The problem is that any network connected device is potentially vulnerable to random Joe plugging a laptop into the network and hacking away.
That's interesting. My uncle had a pacemaker in the 70s and I'm pretty sure it didn't have any network capabilities.
To illustrate why that's bad, I've run into situations in which a client site (read: Hospital) outright prohibited using SSL/TLS on their servers. They deemed their internal network secure and refused to budge on allowing secure communications between the clients and the servers. Authentication information should always be encrypted and some administrators just don't get that.
As a whole, I think the medical technology industry needs someone to force tighter security requirements on software developers and medical sites as a whole. This is a good thing in my opinion. If that appropriate someone is the DHS may require a different discussion, but some government body needs to start pushing information security in the medical industry.
manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.
Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.
When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?
As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.
Why update the software? Pacemakers and insulin pumps were available long before you could wirelessly update them. If it is such a threat, then don't enable wireless updates. Plain and simple. My God, how did we exist before computers did everything for us!?
Yeah, there is nothing wrong with that. DHS, the government agency that believes it is alright to do anything in the name of protecting the population, now has control over the pacemakers and insulin pumps of anybody they suspect might threaten the nation or their own power structure. Nothing will go wrong with that.
The discovery, published in the journal Nature, means corn...
If this research was really worthwhile, they'd have published their paper publicly instead of in some elitist magazine. This kind of behavior by scientists is exactly what late Aaron Swartz denounced. Once again important research stays hidden within the confines of paywall-locked information-vaults. Great...
If Berkley already published about it, then it's not really locked behind a paywall. Besides, even if it was, most researchers have access to publications, including Nature and trade journals, etc. It is usually provided by their University. Even students get access, at least at major universities. It seems your complaint is that John Q. Public can't have free access, but then JQP isn't actually doing any research based on it and if they were, the cost of a subscription would be worth it.
They created their fuel using a fermentation process that was first discovered in 1914, but which was then discontinued in 1965 when petroleum became the dominant source of fuel.
Ah, I see. Wait a minute, what? Was that written from the perspective of Lithuanians or something? In transport petroleum has been the dominant source of fuel for close to a century, for the developed world anyway. Maybe taking the world as a whole some turning point was passed in 1965, along with the first space walk, etc.
I don't know about as late as 1965, but early on, with normally-aspirated engines (ie they had a carburetor), alcohol was used quite extensively, particularly in war time. Indy cars burn methanol for fuel, so an alcohol based fuel is very doable from the combustion side of things. Whether alcohol could be produced on a large enough scale to replace gasoline is a different story. You have to have the land to grow the bio-source and you have to have the water for fermentation. Then to top it off, storage is an issue because it is very hydroscopic. While water and oil do not mix, water and alcohol mix quite well, but it doesn't burn in an engine very well at all, when mixed.
Don't all of these biofuels that require some sort of fermentation require massive amounts of fresh water? What is the impact of diverting limited fresh water supplies to create this fuel? In the Midwest, where they have ethanol plants, the effect on the water table and agriculture has been harsh. Then there is the problem of what happens to your fuel supply in years of drought and low yield?
Most people that embezzle funds (which this guy didn't do, but the principle applies) start with the intention of paying it back.
Except that the principle doesn't apply, because this guy didn't embezzle anything. He was paid to produce code and produced the code. He didn't write the code himself, but that, in itself, is not dishonest, unless there's some particular reason why he should had (security clearance, for example).
They start small, find there aren't any consequences and continue to escalate their dishonesty. That is the pattern with almost all employee dishonesty issues and there is no reason to expect this guy would have been different.
Yes, there is: this guy had delivered what he had been paid for, and according to the summary done that in a timely manner and commendable quality.
There are problems with the approach the guy took to his job, which mostly deal with outsiders getting access to information they possibly shouldn't, but getting your assigned task accomplished in an unorthodox manner cannot in itself be considered dishonest.
The delivering what he was paid to approach only applies if he was a contractor, not an employee. There is no question that he was in fact an employee, so delivering what he was paid to approach does not apply. If I work in a warehouse and I am supposed to move six pallets that were just delivered to the appropriate shelves and it is supposed to take eight hours and it only takes me three? Is it alright for me to sit around the rest of the day and expect to be paid my full wage? Why do people get upset about government workers who seem to sit around not working, but not this guy? It's the same principle - employees are expected to perform the work they are assigned. And that means they themselves are expected to do it.
If you hired somebody to remodel your house, check his references, chose him as the best candidate based on his experience and quality of work, and came home one day and saw him watching TV and some body else actually doing the work, would you say, my I applaud your idea, great job? Probably not.
Oddly enough, this is pretty much exactly what a general contractor does. Although they tend to do other things rather than watching TV.
While true, when hiring a general contractor, the business arrangement is that they will hire subcontractors. When hiring an employee or a regular contractor, that is not the case.
So money is the only thing that motivates you to work? That's really sad, you're in the wrong job (whatever it is). I enjoy my work, but there's a certain amount of drudgery associated with it at times (mostly data entry setting up new customer sites). If there were a way to hand off that portion of my work, and still get paid half or more what I normally would while I goofed off instead, I would consider it a good deal. Mind you I'm not an idiot who would ship off my security token without customer approval, but otherwise I think he found an interesting solution.
I never said money was my motivator (as a matter of fact, I am currently working for a large non-profit as significantly less than market rate). However, you state you that if you could hand off part of your work and still get paid half while you goofed off instead, you would do it. What's stopping you? There are plenty of part time jobs out there. Nobody is forcing you to work full time if you want to be paid less and work less.
OTOH, that is not what this guy did. He was paid in full and worked less. The difference is in the above scenario, you are still being paid a supposedly just wage for the amount of work you are doing. In his case, he was not -- he was not working at all, or very little and receiving his full wage. How is that any different than the bookkeeper keeping a little extra from the accounts?
The report said that "evidence suggests" that he did this among several companies in the area. That would be suspect because for the same scheme to work with other companies, they would have to either be hiring him to work from home or not requiring him to work in the office or that he used the scheme previously, but not simultaneously.
Unfortunately, since his actions could be construed as fraud, if the conclusion of the report writer is accurate, it just bolsters the prosecutor's case.
Yes, and he should have copied the environment that gave access to his subcontractors and make the copied environment update at his employers environment by scripting.
He was only half smart, his lazyness did him under.
I appaud his idea as he did the same that most corporations do, but he was sloppy doing it.
You applaud his idea? Why, He was dishonest and a cheat? If you hired somebody to remodel your house, check his references, chose him as the best candidate based on his experience and quality of work, and came home one day and saw him watching TV and some body else actually doing the work, would you say, my I applaud your idea, great job? Probably not.
Yet, that is exactly what happened in this case. This guy was hired to do a specific job and instead of doing it, got somebody else to do it for him. He then took credit for the other person's work and all the while get accepting your cash for doing the work. That is hardly something to applaud. He was dishonest and a cheat, plain and simple.
What's the problem? Does the employee contract have a clause against subcontracting?
Probably not. Most likely the guy would be in trouble for fraud, since he was accepting wages but not doing the work those wages were being paid for. The fact that he paid somebody else to do the work doesn't matter.
If a corporation outsources a job for a fifth of the wage of a local worker, then.... yes, that really is more efficient than having a guy paid four fifths of a wage to do nothing.
If a company outsources work a consumer pays $10 for a widget, and the company keeps $9 as profit and sends $1 to the people doing the work in China.
If the employees subcontract their own work to China on the side, then the consumer pays $10 for a widget, and the company keeps $3 as profit and gives $7 to the employees, who secretly give $1 to the people doing the work in China.
In both cases 90% of the money goes to people doing nothing. The only difference is whether those people are executives and shareholders, or employees. Corporations naturally seek rent, and it is only natural for their employees to do so as well.
Actually, that is close, but most corporations require a certain ROI (return on investment) so a product outsourced tends to have a lower consumer cost than if it is not outsourced, because of the difference in labor costs. As consumers we don't often see it, because the decision to outsource occurs in lieu of increasing the price or stopping production if the price is at the top of the demand curve.
But, in your case, if the company is only going to make $3 profit and that profit is less than their ROI, then they will either raise the price or lower the cost (or a combination of the two). Outsourcing usually is the part that leads to lowering the cost. Ironically, labor costs have been increasing quite a bit in SE Asia, so the benefit of outsourcing is diminishing, at least in manufacturing, which has to also take into account the transportation cost of getting goods across the Pacific.
(He paid other people less than the work was worth, he routinely breached company IT security policy, and he spent all day watching cat videos. He was perfect. Give him fifteen years and he'll be CEO.)
When corporations do it, it's efficient. When an actual human does it, it's a scam. Can this social order please collapse now? It's bankrupt.
No, when corporations do it, it sucks, but it saves them money, which they are in the business to make. When an employee does it, it is dishonest. His employer paid him to code and expected him to code.
Would your view be any different if this were a college student who showed up each day for class but paid somebody to do the homework and take the tests for him? Most people would think that such a scenario would be wrong and said student should be punished. Well, this guy accepted money from his employer to do specific work and turned in somebody else's work instead. That does sound like a scam, but not the scam you were referring to.
The ends don't justify the means and just because the code turned out to be good code does not change that.
Most employment contracts require you to turn up, and do what someone else tells you to do while present. If you don't do what they tell you to do, then you're certainly in breach of contract.
If he had been a contractor, and simply had to produce the goods, this might have been different.
That's my thought on this, more or less. In addition, since he obviously wasn't doing the work he was paid to do, it is quite possible that his employer will go after him to recoup the money they paid him (it doesn't matter that the work was done, they were paying him to do it).
Presumably the cost of the sub-contractor is deductible?
Absolutely 100%. Not only that but you can deduct other expenses like dry cleaning clothes to make it look like you were doing the work and the VPN used to migrate your subcontractor into the job site. Get a real crafty accountant and you should be able to keep every red cent.
That is true, only if the guy doing this is an employer, which he is not. It is possible that he set up his own separate company and filed all the paperwork with the State Department to hire foreign nationals, but it is unlikely. Since he is an employee and not an actual employer, then he has no legitimate business expenses to deduct.
The danger for this guy, if he wants to go that route is that his real employer can then go after him for fraud, because he was running a business on their time, using their resources for his personal gain. The government can also go after him for corporate espionage if he was actually a business, but impersonating an individual and then sending sensitive corporate data to a foreign national. The list goes on.
On one hand, companies outsource "our" jobs with absolutely no remorse at all.
On the other hand,... fingers?
On the gripping hand, the problem is giving your personal RSA encryped access into a company's network to unidentified third parties. Perhaps this developer could provide his services for a fifth of the going rate because he also snooped around and collected and sold data. Clandestine data mining and illegal data bourses is no longer a SciFi concept; it happens every day.
All of the problems that you list, while serious, are actually symptoms of a deeper problem. In short, this is really the tale of a dishonest employee and dishonest employees can do all sorts of damage in a company. People shouldn't marvel at how crafty he was, but instead how devious he was. If he was willing to do this, then what else was he willing to do or would he have done in the future, if not caught? Most people that embezzle funds (which this guy didn't do, but the principle applies) start with the intention of paying it back. Most never pay it back until ordered by the court. They start small, find there aren't any consequences and continue to escalate their dishonesty. That is the pattern with almost all employee dishonesty issues and there is no reason to expect this guy would have been different.
The major issue is handing over access keys to a corporate VPN to a random bloke in another country. Frankly, I'm quite impressed with the general concept, but introducing a huge security breach isn't going to make you popular, he should have just had the guy email him code and the ctrl-V it himself, cutting the security breach out, he'd probably never have been caught unless there was something unexpected in the code.
The major issue is a dishonest employee. While he may be crafty, he still took credit for others work and tried to cheat the system. Handing over the access keys is just a manifestation of the dishonesty, but not the problem, itself.
Slashdot Mirror
Medical software runs a wide gamut, and pace makers are at the very bottom end of the scale. Check this out:
http://www.medical.siemens.com/webapp/wcs/stores/servlet/ProductDisplay~q_catalogId~e_-101~a_catTree~e_100001,1023065,1015817~a_langId~e_-101~a_productId~e_172960~a_storeId~e_10001.htm
This thing has:
You can bet that on a product of this complexity, there will be updates.
There is no doubt that medical devices use all sort of operating systems and have all sorts of capabilities, but what they are talking about in the article is communications between patient devices like pacemakers, insulin pumps, etc. That is different than the equipment you show, or an MRI, CT scan, etc. Those, are true computer driven systems. The ones DHS are taking over are the kind that are embedded or worn on your body.
Well you know what they say "Those who can, do. Those who can't, teach." Is it any surprise that a group of educators would want their system based on Windows, even if it is not the best platform? Public education has been indoctrinated into the Microsoft ecosystem through grants and free software. So, why would they even consider a non-Microsoft platform for their infrastructure, even if Microsoft is the non-standard platform?
---
You can do things the right way or the Microsoft way, but rarely can you do both.
You misunderstand my post. I am not saying that we shouldn't have these devices, but if the risk from the software, or somebody hacking the software is so great that homeland security has to take it over, then maybe the very benefits and tradeoffs you mention should be looked at again.
As for the car analogy, computers CAN make cars more fuel efficient, but in reality, they have a smaller impact on fuel efficiency than people think and are really used to keep pollution down and to keep from making the tough decisions that would truly improve fuel efficiency like smaller, lighter vehicles. A 1980 Honda Civic got better mileage than most "fuel efficient" vehicles today and it was computer controlled.
But in reality, the car analogy fails, because it is not the computer that is the problem but the need to be able to update the software remotely and securely. Is this a problem that really requires Homeland Security to solve or even be involved with? If so, then somebody has to ask the question as to whether the ability to do these updates outweighs the benefits. That's all.
It seems to me, that the market can easily fix this problem. Company A says "Buy my pacemaker, it is lower cost." Company B says "By mine, because, it might cost a little more, but then again, you don't have to worry about a stranger with an iPhone turning it off." Which company's pacemaker would you buy? The market is very good at deciding these things, if the market is told the truth.
So, yes, your pacemaker may be vulnerable to somebody hacking it and turning it off and you will die. Then again, without it, you would already be dead. The question is what is the likelihood of your individual pacemaker being hacked and turned off?
Again, the problem is not computers in and of them self. It is what we want to do with them and the trade-offs that must be made to accomplish that. Again, using the pacemaker as an example, it could be as simple as requiring some sort of password. Then again, if only the hospital that installed it knows the password, then what about the paramedics called to your house? What if they need to adjust it on the spot? Most likely, there will be a back door, for the rare situation where that might occur or the hospital simply loses the code. And, like any backdoor, it can be exploited.
I guess, what I am saying is that before turning all of this over to Homeland Security, I'd like to know how many pacemakers and insulin pumps have been hacked versus how many are out there? Is this a true threat or just bad movie plot from the ScyFy Channel that has taken hold in DHS? Or for the paranoid, does DHS want this so they can put their own back door in and turn off the pacemakers of those who are unfriendly to the US?
Again, if it is such a big risk, then go back to when pacemakers and insulin pumps couldn't communicate with the outside world. They might not be as convenient, but if there is such a risk, maybe that is the price to be paid.
As for coming over to your office to meet face to face, well, you'd have to give me the address first. (and please don't).
Berkeley published an article that's comparable to the sfgate-article linked here. It is not comparable to the publication in Nature, which is locked behind a paywall.
Why exactly would universities need a subscription to private journals in order to be able to share publications amongst eachother?! The only effect this has, is that they divert some money to things like JSTOR and probably a lot of journal subscriptions.
Also your assumption that this is not relevant to non-university research is baseless. How can we discuss this properly on slashdot if the information is not publically available? The cost of all required relevant subscriptions to find publications in certain fields is way too high for me. Besides that, hiding such publications from the world makes it very difficult to search within them using e.g. Google. Even worse, since all good publications are hidden, this mechanism favors disinformation. And also worse, less eyes get to see the publications so less people get inspired to do more research and less feedback is given. Thereby it harms quality of and progress in science on a global scale.
It sounds like you are upset because you can't get online access to the article for free, just like in the pre-internet days you couldn't get it free, either, unless the public library had it. Nothing has changed in that regard with having to pay for content, just the medium. Obviously, searching Google does bring up the article, so it can in fact be found, and if it is germane to your project, you pay for it. Plain and simple.
As for most universities, they have a bulk license that gives them access to numerous research journals for a very low fee. Why? Because the students and professors need access to the information for research and teaching purposes. If you are affiliated with a university, then you probably have access to this research. If you are doing research in the private sector, then your employer should pay for it, assuming it is related to what you are researching. If you are conducting research on your own, then the cost of the article is no different than the cost of any other supply that you would use for your research.
BTW, the public library in the small town I am in has a subscription to Nature, so I can just go look at the article for free. Maybe your public library does likewise.
Sure, people in hospitals need information, but surely something which is assisting in the physical process of a surgery (etc.) doesn't need to be in the cloud, does it?
As someone who works for a company that writes medical systems software, I can tell you that at the very least the systems need network connectivity so that the different systems can consolidate data in one place for examination. The problem is that any network connected device is potentially vulnerable to random Joe plugging a laptop into the network and hacking away.
That's interesting. My uncle had a pacemaker in the 70s and I'm pretty sure it didn't have any network capabilities.
To illustrate why that's bad, I've run into situations in which a client site (read: Hospital) outright prohibited using SSL/TLS on their servers. They deemed their internal network secure and refused to budge on allowing secure communications between the clients and the servers. Authentication information should always be encrypted and some administrators just don't get that.
As a whole, I think the medical technology industry needs someone to force tighter security requirements on software developers and medical sites as a whole. This is a good thing in my opinion. If that appropriate someone is the DHS may require a different discussion, but some government body needs to start pushing information security in the medical industry.
manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.
Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.
When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?
As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.
Why update the software? Pacemakers and insulin pumps were available long before you could wirelessly update them. If it is such a threat, then don't enable wireless updates. Plain and simple. My God, how did we exist before computers did everything for us!?
Yeah, there is nothing wrong with that. DHS, the government agency that believes it is alright to do anything in the name of protecting the population, now has control over the pacemakers and insulin pumps of anybody they suspect might threaten the nation or their own power structure. Nothing will go wrong with that.
The discovery, published in the journal Nature, means corn...
If this research was really worthwhile, they'd have published their paper publicly instead of in some elitist magazine. This kind of behavior by scientists is exactly what late Aaron Swartz denounced. Once again important research stays hidden within the confines of paywall-locked information-vaults. Great...
By the way, Berkeley itself already published about this in November.
http://newscenter.lbl.gov/news-releases/2012/11/08/more-bang-for-the-biofuel-buck/
If Berkley already published about it, then it's not really locked behind a paywall. Besides, even if it was, most researchers have access to publications, including Nature and trade journals, etc. It is usually provided by their University. Even students get access, at least at major universities. It seems your complaint is that John Q. Public can't have free access, but then JQP isn't actually doing any research based on it and if they were, the cost of a subscription would be worth it.
Ah, I see. Wait a minute, what? Was that written from the perspective of Lithuanians or something? In transport petroleum has been the dominant source of fuel for close to a century, for the developed world anyway. Maybe taking the world as a whole some turning point was passed in 1965, along with the first space walk, etc.
I don't know about as late as 1965, but early on, with normally-aspirated engines (ie they had a carburetor), alcohol was used quite extensively, particularly in war time. Indy cars burn methanol for fuel, so an alcohol based fuel is very doable from the combustion side of things. Whether alcohol could be produced on a large enough scale to replace gasoline is a different story. You have to have the land to grow the bio-source and you have to have the water for fermentation. Then to top it off, storage is an issue because it is very hydroscopic. While water and oil do not mix, water and alcohol mix quite well, but it doesn't burn in an engine very well at all, when mixed.
Don't all of these biofuels that require some sort of fermentation require massive amounts of fresh water? What is the impact of diverting limited fresh water supplies to create this fuel? In the Midwest, where they have ethanol plants, the effect on the water table and agriculture has been harsh. Then there is the problem of what happens to your fuel supply in years of drought and low yield?
Does the State Department have any relevance here if there are no ITAR restricted data in play?
Depends what he was working on. Working on a new encryption algorithm might not use any data but would still be restricted.
Except that the principle doesn't apply, because this guy didn't embezzle anything. He was paid to produce code and produced the code. He didn't write the code himself, but that, in itself, is not dishonest, unless there's some particular reason why he should had (security clearance, for example).
Yes, there is: this guy had delivered what he had been paid for, and according to the summary done that in a timely manner and commendable quality.
There are problems with the approach the guy took to his job, which mostly deal with outsiders getting access to information they possibly shouldn't, but getting your assigned task accomplished in an unorthodox manner cannot in itself be considered dishonest.
The delivering what he was paid to approach only applies if he was a contractor, not an employee. There is no question that he was in fact an employee, so delivering what he was paid to approach does not apply. If I work in a warehouse and I am supposed to move six pallets that were just delivered to the appropriate shelves and it is supposed to take eight hours and it only takes me three? Is it alright for me to sit around the rest of the day and expect to be paid my full wage? Why do people get upset about government workers who seem to sit around not working, but not this guy? It's the same principle - employees are expected to perform the work they are assigned. And that means they themselves are expected to do it.
If you hired somebody to remodel your house, check his references, chose him as the best candidate based on his experience and quality of work, and came home one day and saw him watching TV and some body else actually doing the work, would you say, my I applaud your idea, great job? Probably not.
Oddly enough, this is pretty much exactly what a general contractor does. Although they tend to do other things rather than watching TV.
While true, when hiring a general contractor, the business arrangement is that they will hire subcontractors. When hiring an employee or a regular contractor, that is not the case.
So money is the only thing that motivates you to work? That's really sad, you're in the wrong job (whatever it is). I enjoy my work, but there's a certain amount of drudgery associated with it at times (mostly data entry setting up new customer sites). If there were a way to hand off that portion of my work, and still get paid half or more what I normally would while I goofed off instead, I would consider it a good deal. Mind you I'm not an idiot who would ship off my security token without customer approval, but otherwise I think he found an interesting solution.
I never said money was my motivator (as a matter of fact, I am currently working for a large non-profit as significantly less than market rate). However, you state you that if you could hand off part of your work and still get paid half while you goofed off instead, you would do it. What's stopping you? There are plenty of part time jobs out there. Nobody is forcing you to work full time if you want to be paid less and work less.
OTOH, that is not what this guy did. He was paid in full and worked less. The difference is in the above scenario, you are still being paid a supposedly just wage for the amount of work you are doing. In his case, he was not -- he was not working at all, or very little and receiving his full wage. How is that any different than the bookkeeper keeping a little extra from the accounts?
The report said that "evidence suggests" that he did this among several companies in the area. That would be suspect because for the same scheme to work with other companies, they would have to either be hiring him to work from home or not requiring him to work in the office or that he used the scheme previously, but not simultaneously.
Unfortunately, since his actions could be construed as fraud, if the conclusion of the report writer is accurate, it just bolsters the prosecutor's case.
Yes, and he should have copied the environment that gave access to his subcontractors and make the copied environment update at his employers environment by scripting.
He was only half smart, his lazyness did him under.
I appaud his idea as he did the same that most corporations do, but he was sloppy doing it.
You applaud his idea? Why, He was dishonest and a cheat? If you hired somebody to remodel your house, check his references, chose him as the best candidate based on his experience and quality of work, and came home one day and saw him watching TV and some body else actually doing the work, would you say, my I applaud your idea, great job? Probably not.
Yet, that is exactly what happened in this case. This guy was hired to do a specific job and instead of doing it, got somebody else to do it for him. He then took credit for the other person's work and all the while get accepting your cash for doing the work. That is hardly something to applaud. He was dishonest and a cheat, plain and simple.
What's the problem? Does the employee contract have a clause against subcontracting?
Probably not. Most likely the guy would be in trouble for fraud, since he was accepting wages but not doing the work those wages were being paid for. The fact that he paid somebody else to do the work doesn't matter.
If a corporation outsources a job for a fifth of the wage of a local worker, then.... yes, that really is more efficient than having a guy paid four fifths of a wage to do nothing.
If a company outsources work a consumer pays $10 for a widget, and the company keeps $9 as profit and sends $1 to the people doing the work in China.
If the employees subcontract their own work to China on the side, then the consumer pays $10 for a widget, and the company keeps $3 as profit and gives $7 to the employees, who secretly give $1 to the people doing the work in China.
In both cases 90% of the money goes to people doing nothing. The only difference is whether those people are executives and shareholders, or employees. Corporations naturally seek rent, and it is only natural for their employees to do so as well.
Actually, that is close, but most corporations require a certain ROI (return on investment) so a product outsourced tends to have a lower consumer cost than if it is not outsourced, because of the difference in labor costs. As consumers we don't often see it, because the decision to outsource occurs in lieu of increasing the price or stopping production if the price is at the top of the demand curve.
But, in your case, if the company is only going to make $3 profit and that profit is less than their ROI, then they will either raise the price or lower the cost (or a combination of the two). Outsourcing usually is the part that leads to lowering the cost. Ironically, labor costs have been increasing quite a bit in SE Asia, so the benefit of outsourcing is diminishing, at least in manufacturing, which has to also take into account the transportation cost of getting goods across the Pacific.
Nothing? Nothing?!
Sir, he was a Manager!
(He paid other people less than the work was worth, he routinely breached company IT security policy, and he spent all day watching cat videos. He was perfect. Give him fifteen years and he'll be CEO.)
Shouldn't that be "He was purrrfect?"
When corporations do it, it's efficient. When an actual human does it, it's a scam. Can this social order please collapse now? It's bankrupt.
No, when corporations do it, it sucks, but it saves them money, which they are in the business to make. When an employee does it, it is dishonest. His employer paid him to code and expected him to code.
Would your view be any different if this were a college student who showed up each day for class but paid somebody to do the homework and take the tests for him? Most people would think that such a scenario would be wrong and said student should be punished. Well, this guy accepted money from his employer to do specific work and turned in somebody else's work instead. That does sound like a scam, but not the scam you were referring to.
The ends don't justify the means and just because the code turned out to be good code does not change that.
Most employment contracts require you to turn up, and do what someone else tells you to do while present. If you don't do what they tell you to do, then you're certainly in breach of contract.
If he had been a contractor, and simply had to produce the goods, this might have been different.
That's my thought on this, more or less. In addition, since he obviously wasn't doing the work he was paid to do, it is quite possible that his employer will go after him to recoup the money they paid him (it doesn't matter that the work was done, they were paying him to do it).
Presumably the cost of the sub-contractor is deductible?
Absolutely 100%. Not only that but you can deduct other expenses like dry cleaning clothes to make it look like you were doing the work and the VPN used to migrate your subcontractor into the job site. Get a real crafty accountant and you should be able to keep every red cent.
That is true, only if the guy doing this is an employer, which he is not. It is possible that he set up his own separate company and filed all the paperwork with the State Department to hire foreign nationals, but it is unlikely. Since he is an employee and not an actual employer, then he has no legitimate business expenses to deduct.
The danger for this guy, if he wants to go that route is that his real employer can then go after him for fraud, because he was running a business on their time, using their resources for his personal gain. The government can also go after him for corporate espionage if he was actually a business, but impersonating an individual and then sending sensitive corporate data to a foreign national. The list goes on.
The IRS will have MUCH to say over this. Of that you can be sure.
Along with the State Department since he was working with foreign nationals.
On one hand, companies outsource "our" jobs with absolutely no remorse at all.
On the other hand, ... fingers?
On the gripping hand, the problem is giving your personal RSA encryped access into a company's network to unidentified third parties.
Perhaps this developer could provide his services for a fifth of the going rate because he also snooped around and collected and sold data.
Clandestine data mining and illegal data bourses is no longer a SciFi concept; it happens every day.
All of the problems that you list, while serious, are actually symptoms of a deeper problem. In short, this is really the tale of a dishonest employee and dishonest employees can do all sorts of damage in a company. People shouldn't marvel at how crafty he was, but instead how devious he was. If he was willing to do this, then what else was he willing to do or would he have done in the future, if not caught? Most people that embezzle funds (which this guy didn't do, but the principle applies) start with the intention of paying it back. Most never pay it back until ordered by the court. They start small, find there aren't any consequences and continue to escalate their dishonesty. That is the pattern with almost all employee dishonesty issues and there is no reason to expect this guy would have been different.
The major issue is handing over access keys to a corporate VPN to a random bloke in another country. Frankly, I'm quite impressed with the general concept, but introducing a huge security breach isn't going to make you popular, he should have just had the guy email him code and the ctrl-V it himself, cutting the security breach out, he'd probably never have been caught unless there was something unexpected in the code.
The major issue is a dishonest employee. While he may be crafty, he still took credit for others work and tried to cheat the system. Handing over the access keys is just a manifestation of the dishonesty, but not the problem, itself.