The government is only *mostly* made up of employees. The employees are ultimately accountable to elected leaders, who are accountable to the voters. Any more direct path of accountability is by grace of the government (and is often a good thing to have -- but that cannot be forced through methods like Wikileaks).
Practically speaking, you will never be able to convince elected officials to live under that kind of transparency, and no one wants to make a career living that way, so a government that tries to impose that on its employees will quickly run out of employees. Anarchists are the only ones who would be happy with that kind of situation.
That is one major reason that libertarians (and I count myself as one) think the way to minimize government sneakiness is by minimizing what government can do.
The chain of accountability for these cables goes to tax payers via elected officials (and layers upon layers of bureaucrats). If you want to change that, elect someone who runs on the platform of total government transparency. (Good luck!) Until then, your argument is stupid.
I can't really go take a look. I like my job, and -- thanks probably to the indiscriminate behavior of Wikileaks -- I have been told not to go looking at the details or else I might not be able to continue doing my job.
I also said "approximately nothing [that is shocking or surprising or reveals illegal activity]", not just "nothing". It is not shocking or surprising that the US would supply the kind of diplomatic pressure you mention; I saw news stories about that well before these cables were released. I don't know the details about the "spying on the UN" charge; that might be something worth investigating. If that is the most relevant thing out of a quarter-million cables, though, I have to think that leaking the whole set is an ineffective way to bring attention to it.
Should I be able to closely watch the IRS as it processes your tax return? Should I be able to closely watch judges as they resolve divorce cases or other sensitive lawsuits? If you start a company that does business with the government, should I be able to closely watch it as it handles contract negotiations and billings for that relationship, to the point that I can tell how much your employees make in a year?
These blanket proclamations that "the government[] has no right of privacy, and in fact should be at all times closely watched" are signs that someone hasn't thought about how little the government would be able to do if there were that much transparency. While I would like that to the extent that it led to a small government that didn't interfere significantly with my freedoms, most of the country would think a government that small and constrained was not doing the things it should be doing.
Because we live in a democracy, and the public cannot make an informed decision about their elected leaders unless they know what those leaders are really doing.
The leaks are primarily -- and perhaps exclusively -- from the writings of career civil servants, not elected officials. Your high-sounding, but ridiculously naive, rhetoric about how elected officials should reveal the details of their political negotiations and meeting schedules (so that voters can make informed decisions) is not relevant to those people.
Your next argument is probably going to be that civil servants still draw a public paycheck and should be answerable for that reason -- but unless you receive no rebates, incentives or other money from the government, that is a slippery slope to start on. Just about everyone who has thought it through has understood that the right way to make civil servants answerable is through a chain of command and responsibility to an elected leader.
You apparently don't know what "reasonable expectation of privacy" means as a legal term of art. For one thing, it triggers Fourth Amendment protection against government search -- but just because the government could search and seize your personal effects does not mean the government could publish them. For another, even the EFF's (quite good) page on "reasonable expectation of privacy" says you don't have a reasonable expectation of privacy in your bank records. For a third, you don't have a reasonable expectation of privacy in what you do at work. For a fourth, the concept doesn't apply to the US government as a whole.
It may not be rocket science, but it is legal art, and you apparently fail hard at it.
Moral relativism is the modern refuge of the coward. If you cannot see why North Korea's mass starvation and rigidly controlled media is worse than the US, or if you think that the mote in the US's eye means it should not criticize the beam in North Korea's eye, then you need to grow a pair. You admit you prefer your country to North Korea -- who are you to make that value judgment?
(Your other examples are also flawed, but I don't want to start on why -- it's off-topic and not relevant to your point, because your other examples do not involve China or North Korea.)
There is a big difference between whistle-blowing and leaking someone's bank account details (or cloying emails to a sweetheart). So far, Wikileaks has published approximately nothing that is shocking or surprising or that reveals unlawful activity -- and I include the misleadingly edited "Collateral Murder" video in my consideration -- but it has published a lot of frank discussion and analysis that is similar to your private emails.
Would you mind uploading your email archive to a web server for the rest of us to look over? If you wouldn't do that, why would you want the US government to do the same thing?
How do you accurately calculate interest if your least significant bit always signifies cents? What about representing US gas prices? There are probably even better reasons for radix-10 floating-point numbers, but those are what I came up with in the time it took to read your last paragraph and edit this post. (For those not familiar with US gas prices, the price per gallon modulo 10 cents is usually 9.9 cents. A disappointing number of my countrymen see $2.999/gal and think it is significantly cheaper than $3/gal.)
I've seen this claim made elsewhere (I haven't gone looking for such a book; nor do I intend to, until and unless they are officially declassified), but I do not think it holds water.
First, has Amazon noticed those ebooks yet, or is now like the time period between Wikileaks signing up for an EC2 account and Amazon seeing and axing the account? Second, are they really the leaked cables?
Also, might those sales be a sting operation? Even if I wanted to handle classified information without proper authorization, I would be leery of paying a major electronic merchant for access to such information -- following the payment trail to me would be a too easy for my likes.
I didn't say Wikileaks was in violation of laws -- the US branch of Amazon hosting their files would be in violation of laws. Read more closely before saying stupid things please.
Yes, they probably would. Have you made them aware of it? Amazon's marketplace services are a lot like their computing services: They tend to assume things are legitimate, and investigate or react when they find a reason to do so.
Would you want Amazon (or any other company) to assume you were up to no good until you convince them they should do business with you? Would you prefer that they gate new business transactions upon a manual (and therefore error-prone and usually subjective) review before a vendor could offer a product for you to buy?
These particular laws would hold Amazon liable for what you call "staying out of it". The safe harbor exclusion you mention is part of the DMCA, and only covers copyright liability -- not espionage.
The US government can give Amazon a much more compelling business reason to drop Wikileaks (it is a clear-cut violation of the Espionage Act, and unlike copyright laws, espionage laws do not make exceptions for data service providers). Do either Wikileaks or anon honestly think they can out-gun the government?
Did Wikileaks give Amazon that choice? Or did they just sign up for an EC2 account, forcing Amazon to make a decision sooner or later?
Do you mean that every business should scrutinize their customers and refuse, up front, to serve people who might incur legal liability for the business? If that's what you mean, it would be a generally bad thing for freedom.
People are irrationally risk averse, but we should at least try to make informed and accurate cost-benefit analyses. The cost of a security measure is the number of times it is performed times the time and liberty lost any time the measure is applied but doesn't stop an attack. (We should probably also add the marginal cost in fuel and accidents when people use alternative travel methods, such as driving.) The benefit is the number of times it stops an attack times the expected loss due to an attack. When people point out that the rate of attacks is so low, they are pointing out that the potential benefit is rather small, so we had better think hard whether the cost is worth that benefit.
In fact, terrorist attacks are so infrequent that applying security measures to stop the last one is bad for two reasons. The obvious reason is that attacks are so infrequent that these checks are not likely to stop many of them. The less obvious reason is that attacks are so infrequent that an attacker can spend a lot of observation and thought to find the weak spot in a dumbed-down security process. First we made it hard to sneak explosives in via shoes. Next we made it hard to sneak explosives in via underwear. The time after that we will have to solve a different problem. Screening against yesterday's (attempted, and incidentally failed) attack is like closing the barn door after the horse has escaped.
So "*really* following Agile methods" means you make a plan (for a short period) and follow that, rather than responding to change? It seems to contradict some policy preference I heard recently...
I think you overstate the level of complexity of software where high-maturity processes pay off. In my experience, if there are more than five to seven engineers -- of any discipline -- working on a safety-critical project, they need the kind of processes that CMMI suggests. And good luck trying to convince third parties that your product meets safety requirements without proper documentation and traceability.
In other fields, "engineering" implies a degree of rigor and assurance through design approaches that is less often found in software development. Unfortunately, only a tiny fraction of programmers can deliver high-quality software when they are pushed to deliver as fast as possible; doing so requires a combination of good design and development practices with pushing back against some of the schedule pressure. Other fields emphasize those habits more often than software programmers do. I would guess that is largely a result of people getting Computer Science degrees rather than Software Engineering degrees: The focus is on theoretical foundations and elegant techniques rather than on the (relatively boring) daily practices that lead to large high-quality software.
That is why I (personally, as a code writer and sometimes manager) find it useful to distinguish "software engineering" -- knowing and applying approaches to design reliable and complete software -- from "software development" -- programming, occasionally writing great code, but with end products that might not be thought through as well, which might crash once a week, or otherwise won't have consistently high quality.
Good programmers can switch between the two roles as the job requires, but because few programmers are good enough to always deliver at the "engineering" quality level, serious programmers and their managers should keep the distinction in mind.
I think onionman was driving at the distinction that Agile development tends to produce a different class of software than high-formality development. (Also that most software is the kind that Agile is good at developing, so applying too much process can stifle productivity for those.)
When the software absolutely must meet a large set of standard rules and requirements -- which is true of the three industries mentioned before, plus other fields like business accounting (due to Sarbanes-Oxley) and medical records management (due to HIPAA) -- the "network effect" of interactions between the requirements makes unfocused development and testing impractical.
You need contract negotiation to pin down the set of external requirements. You need a plan to understand and track the budget and schedule risks as the project progresses. You need comprehensive documentation to make sure you have addressed everything, so that new staff can find their way around, and so that you get predictable results from a change. Finally, you need processes and tools to help you manage the documentation, coding and testing.
You still need all the things on the left side of the agile preference list, but the "working software" part is so tightly defined in these fields that ad-hoc and hero-driven development (which is what Agile's preferences really amount to) will not deliver working software.
Maybe in some places that's true. In other places traceability gets used to ensure coverage (hey, we didn't derive any design from this requirement! why not?) and to analyze change impacts (if we change this requirement, what code and tests are affected?). Recording traceability to that level is a serious amount of work, though.
I would echo Dolphinzilla's suggestions. Every proprietary vendor out there will talk about how easy it is to build a bridge to import data from other sources. Half of them make it hard to export data, and most of them only make it easy for *them* to build the bridge software (so that you're stuck paying them to do the work). Also get references, and ask how much maintenance and preventive care the software packages need.
If your company is starting significant process-improvement, be sure to factor in a "build" option to compare with the "buy" options. You may end up dedicating a person (or several) to tool maintenance, but a lot of the third-party packages need that level of baby-sitting anyway, and you should have fewer concerns about data conversion and tool functionality with in-house stuff.
Typical liberal response. Government employees make more than private sector employees, but it's because of EVUL CORPORATIONS. The solution isn't for government to also tighten its belt and become more efficient -- the solution is to return everybody to standards of living circa 1970! (I adjusted your "past 30 years or so" to 40 years because of the serious inflation in the 1970s, and you cited inflation as a factor in the wage imbalance.)
Believe it. Ignoring the job security of government jobs (at least here in the US), someone doing a particular job as a government employee gets on average a significantly higher total compensation than someone doing the same job in the private sector. Sometimes the government base salary is higher even before you add in the better benefits that greap listed.
Amazon could collect (and pay) sales tax from consumers everywhere, but localities make it a real pain to figure out sales tax, so Amazon would inevitably get it wrong.
For example, food items are often exempt from sales tax, but the definition of exempt food items varies from place to place. Another case: Some counties, towns, and even smaller areas have additional sales taxes that go to the local government instead of the state government. Where I live, there is often a "sales tax holiday" for back-to-school supplies, but the criteria and timing for that are hard to figure out (if you buy something online that happens to be back-ordered, does the order date, the ship date, or the delivery date qualify the purchase for the sales tax holiday?).
I expect that if I worked in retail operations or any other kind of sales, I would be able to cite more examples, but those are the kind of things that complicate taxes. If all these places had a central database that retailers could query, that would (probably) make it practical to charge the right sales tax -- but they do not, and most local governments don't provide any kind of structured database with that data.
Slashdot Mirror
The government is only *mostly* made up of employees. The employees are ultimately accountable to elected leaders, who are accountable to the voters. Any more direct path of accountability is by grace of the government (and is often a good thing to have -- but that cannot be forced through methods like Wikileaks).
Practically speaking, you will never be able to convince elected officials to live under that kind of transparency, and no one wants to make a career living that way, so a government that tries to impose that on its employees will quickly run out of employees. Anarchists are the only ones who would be happy with that kind of situation.
That is one major reason that libertarians (and I count myself as one) think the way to minimize government sneakiness is by minimizing what government can do.
The chain of accountability for these cables goes to tax payers via elected officials (and layers upon layers of bureaucrats). If you want to change that, elect someone who runs on the platform of total government transparency. (Good luck!) Until then, your argument is stupid.
I can't really go take a look. I like my job, and -- thanks probably to the indiscriminate behavior of Wikileaks -- I have been told not to go looking at the details or else I might not be able to continue doing my job.
I also said "approximately nothing [that is shocking or surprising or reveals illegal activity]", not just "nothing". It is not shocking or surprising that the US would supply the kind of diplomatic pressure you mention; I saw news stories about that well before these cables were released. I don't know the details about the "spying on the UN" charge; that might be something worth investigating. If that is the most relevant thing out of a quarter-million cables, though, I have to think that leaking the whole set is an ineffective way to bring attention to it.
Should I be able to closely watch the IRS as it processes your tax return? Should I be able to closely watch judges as they resolve divorce cases or other sensitive lawsuits? If you start a company that does business with the government, should I be able to closely watch it as it handles contract negotiations and billings for that relationship, to the point that I can tell how much your employees make in a year?
These blanket proclamations that "the government[] has no right of privacy, and in fact should be at all times closely watched" are signs that someone hasn't thought about how little the government would be able to do if there were that much transparency. While I would like that to the extent that it led to a small government that didn't interfere significantly with my freedoms, most of the country would think a government that small and constrained was not doing the things it should be doing.
Because we live in a democracy, and the public cannot make an informed decision about their elected leaders unless they know what those leaders are really doing.
The leaks are primarily -- and perhaps exclusively -- from the writings of career civil servants, not elected officials. Your high-sounding, but ridiculously naive, rhetoric about how elected officials should reveal the details of their political negotiations and meeting schedules (so that voters can make informed decisions) is not relevant to those people.
Your next argument is probably going to be that civil servants still draw a public paycheck and should be answerable for that reason -- but unless you receive no rebates, incentives or other money from the government, that is a slippery slope to start on. Just about everyone who has thought it through has understood that the right way to make civil servants answerable is through a chain of command and responsibility to an elected leader.
You apparently don't know what "reasonable expectation of privacy" means as a legal term of art. For one thing, it triggers Fourth Amendment protection against government search -- but just because the government could search and seize your personal effects does not mean the government could publish them. For another, even the EFF's (quite good) page on "reasonable expectation of privacy" says you don't have a reasonable expectation of privacy in your bank records. For a third, you don't have a reasonable expectation of privacy in what you do at work. For a fourth, the concept doesn't apply to the US government as a whole.
It may not be rocket science, but it is legal art, and you apparently fail hard at it.
Moral relativism is the modern refuge of the coward. If you cannot see why North Korea's mass starvation and rigidly controlled media is worse than the US, or if you think that the mote in the US's eye means it should not criticize the beam in North Korea's eye, then you need to grow a pair. You admit you prefer your country to North Korea -- who are you to make that value judgment?
(Your other examples are also flawed, but I don't want to start on why -- it's off-topic and not relevant to your point, because your other examples do not involve China or North Korea.)
There is a big difference between whistle-blowing and leaking someone's bank account details (or cloying emails to a sweetheart). So far, Wikileaks has published approximately nothing that is shocking or surprising or that reveals unlawful activity -- and I include the misleadingly edited "Collateral Murder" video in my consideration -- but it has published a lot of frank discussion and analysis that is similar to your private emails.
Would you mind uploading your email archive to a web server for the rest of us to look over? If you wouldn't do that, why would you want the US government to do the same thing?
How do you accurately calculate interest if your least significant bit always signifies cents? What about representing US gas prices? There are probably even better reasons for radix-10 floating-point numbers, but those are what I came up with in the time it took to read your last paragraph and edit this post. (For those not familiar with US gas prices, the price per gallon modulo 10 cents is usually 9.9 cents. A disappointing number of my countrymen see $2.999/gal and think it is significantly cheaper than $3/gal.)
I've seen this claim made elsewhere (I haven't gone looking for such a book; nor do I intend to, until and unless they are officially declassified), but I do not think it holds water.
First, has Amazon noticed those ebooks yet, or is now like the time period between Wikileaks signing up for an EC2 account and Amazon seeing and axing the account? Second, are they really the leaked cables?
Also, might those sales be a sting operation? Even if I wanted to handle classified information without proper authorization, I would be leery of paying a major electronic merchant for access to such information -- following the payment trail to me would be a too easy for my likes.
I didn't say Wikileaks was in violation of laws -- the US branch of Amazon hosting their files would be in violation of laws. Read more closely before saying stupid things please.
Yes, they probably would. Have you made them aware of it? Amazon's marketplace services are a lot like their computing services: They tend to assume things are legitimate, and investigate or react when they find a reason to do so.
Would you want Amazon (or any other company) to assume you were up to no good until you convince them they should do business with you? Would you prefer that they gate new business transactions upon a manual (and therefore error-prone and usually subjective) review before a vendor could offer a product for you to buy?
These particular laws would hold Amazon liable for what you call "staying out of it". The safe harbor exclusion you mention is part of the DMCA, and only covers copyright liability -- not espionage.
The US government can give Amazon a much more compelling business reason to drop Wikileaks (it is a clear-cut violation of the Espionage Act, and unlike copyright laws, espionage laws do not make exceptions for data service providers). Do either Wikileaks or anon honestly think they can out-gun the government?
Did Wikileaks give Amazon that choice? Or did they just sign up for an EC2 account, forcing Amazon to make a decision sooner or later?
Do you mean that every business should scrutinize their customers and refuse, up front, to serve people who might incur legal liability for the business? If that's what you mean, it would be a generally bad thing for freedom.
People are irrationally risk averse, but we should at least try to make informed and accurate cost-benefit analyses. The cost of a security measure is the number of times it is performed times the time and liberty lost any time the measure is applied but doesn't stop an attack. (We should probably also add the marginal cost in fuel and accidents when people use alternative travel methods, such as driving.) The benefit is the number of times it stops an attack times the expected loss due to an attack. When people point out that the rate of attacks is so low, they are pointing out that the potential benefit is rather small, so we had better think hard whether the cost is worth that benefit.
In fact, terrorist attacks are so infrequent that applying security measures to stop the last one is bad for two reasons. The obvious reason is that attacks are so infrequent that these checks are not likely to stop many of them. The less obvious reason is that attacks are so infrequent that an attacker can spend a lot of observation and thought to find the weak spot in a dumbed-down security process. First we made it hard to sneak explosives in via shoes. Next we made it hard to sneak explosives in via underwear. The time after that we will have to solve a different problem. Screening against yesterday's (attempted, and incidentally failed) attack is like closing the barn door after the horse has escaped.
It figures that a white supremacist would say that.
So "*really* following Agile methods" means you make a plan (for a short period) and follow that, rather than responding to change? It seems to contradict some policy preference I heard recently...
I think you overstate the level of complexity of software where high-maturity processes pay off. In my experience, if there are more than five to seven engineers -- of any discipline -- working on a safety-critical project, they need the kind of processes that CMMI suggests. And good luck trying to convince third parties that your product meets safety requirements without proper documentation and traceability.
In other fields, "engineering" implies a degree of rigor and assurance through design approaches that is less often found in software development. Unfortunately, only a tiny fraction of programmers can deliver high-quality software when they are pushed to deliver as fast as possible; doing so requires a combination of good design and development practices with pushing back against some of the schedule pressure. Other fields emphasize those habits more often than software programmers do. I would guess that is largely a result of people getting Computer Science degrees rather than Software Engineering degrees: The focus is on theoretical foundations and elegant techniques rather than on the (relatively boring) daily practices that lead to large high-quality software.
That is why I (personally, as a code writer and sometimes manager) find it useful to distinguish "software engineering" -- knowing and applying approaches to design reliable and complete software -- from "software development" -- programming, occasionally writing great code, but with end products that might not be thought through as well, which might crash once a week, or otherwise won't have consistently high quality.
Good programmers can switch between the two roles as the job requires, but because few programmers are good enough to always deliver at the "engineering" quality level, serious programmers and their managers should keep the distinction in mind.
I think onionman was driving at the distinction that Agile development tends to produce a different class of software than high-formality development. (Also that most software is the kind that Agile is good at developing, so applying too much process can stifle productivity for those.)
When the software absolutely must meet a large set of standard rules and requirements -- which is true of the three industries mentioned before, plus other fields like business accounting (due to Sarbanes-Oxley) and medical records management (due to HIPAA) -- the "network effect" of interactions between the requirements makes unfocused development and testing impractical.
You need contract negotiation to pin down the set of external requirements. You need a plan to understand and track the budget and schedule risks as the project progresses. You need comprehensive documentation to make sure you have addressed everything, so that new staff can find their way around, and so that you get predictable results from a change. Finally, you need processes and tools to help you manage the documentation, coding and testing.
You still need all the things on the left side of the agile preference list, but the "working software" part is so tightly defined in these fields that ad-hoc and hero-driven development (which is what Agile's preferences really amount to) will not deliver working software.
Maybe in some places that's true. In other places traceability gets used to ensure coverage (hey, we didn't derive any design from this requirement! why not?) and to analyze change impacts (if we change this requirement, what code and tests are affected?). Recording traceability to that level is a serious amount of work, though.
I would echo Dolphinzilla's suggestions. Every proprietary vendor out there will talk about how easy it is to build a bridge to import data from other sources. Half of them make it hard to export data, and most of them only make it easy for *them* to build the bridge software (so that you're stuck paying them to do the work). Also get references, and ask how much maintenance and preventive care the software packages need.
If your company is starting significant process-improvement, be sure to factor in a "build" option to compare with the "buy" options. You may end up dedicating a person (or several) to tool maintenance, but a lot of the third-party packages need that level of baby-sitting anyway, and you should have fewer concerns about data conversion and tool functionality with in-house stuff.
Typical liberal response. Government employees make more than private sector employees, but it's because of EVUL CORPORATIONS. The solution isn't for government to also tighten its belt and become more efficient -- the solution is to return everybody to standards of living circa 1970! (I adjusted your "past 30 years or so" to 40 years because of the serious inflation in the 1970s, and you cited inflation as a factor in the wage imbalance.)
Believe it. Ignoring the job security of government jobs (at least here in the US), someone doing a particular job as a government employee gets on average a significantly higher total compensation than someone doing the same job in the private sector. Sometimes the government base salary is higher even before you add in the better benefits that greap listed.
Amazon could collect (and pay) sales tax from consumers everywhere, but localities make it a real pain to figure out sales tax, so Amazon would inevitably get it wrong.
For example, food items are often exempt from sales tax, but the definition of exempt food items varies from place to place. Another case: Some counties, towns, and even smaller areas have additional sales taxes that go to the local government instead of the state government. Where I live, there is often a "sales tax holiday" for back-to-school supplies, but the criteria and timing for that are hard to figure out (if you buy something online that happens to be back-ordered, does the order date, the ship date, or the delivery date qualify the purchase for the sales tax holiday?).
I expect that if I worked in retail operations or any other kind of sales, I would be able to cite more examples, but those are the kind of things that complicate taxes. If all these places had a central database that retailers could query, that would (probably) make it practical to charge the right sales tax -- but they do not, and most local governments don't provide any kind of structured database with that data.