Because that only gets you onezies and twozies. Why not crack into the Sony network and get more juicy pickings, lots of them, and while you're at it, disrupt gamers and drive them mad?
Facebook has few to no credit cards. If you brought them down, it would just mean people lost weight by getting some real exercise for a change.
Then comes the correlation part, the subpoenas, the expert witnesses and experts, but people believe what they see in a log. That it's kept at all still requires a better explanation than Jobs has given. It's not really believable.
They could just overwrite each time if there was no collection data set being accumulated. The last location ought to do it for most applications. I could see the last ten locations where there are a lot of towers and you're using GPS. But a history is a different thing. And we don't know that any of the applications use the data, and we don't know that they don't. The only evidence seen so far is that it's a history-- a long history. Was the coder THAT sloppy?
You're right. They're digging themselves a hole deep and wide enough that others are likely to fall into it as well. I'm guessing that they're about to get spanked pretty hard. If the judiciary is smart they'll stop them immediately before the hole gets wider. Giving them enough rope to hang themselves, while fun to watch, also can have a backlash produced by the tolerance of such a folly.
The other very important point is that SpaceX has to stay in business. The government will be around whether we like it or not, so their incentives are different. And with luck, SpaceX will have competition that will drive them even further. Again, government doesn't have competition save for the meaningless of who's voted into office currently. SpaceX has to think about staying ahead. Government stays in business by edict and law. I'll take economic drivers rather than legal ones any day.
Everyone sweats about Google not releasing source to Honeycomb/3.x and I'm telling you it's mostly meaningless. There are nice gadgets out with 3.x, and the old code works on it just fine. Yeah, you'll get some upticks for specific groups of apps, but by no means the majority.
Still, many point fingers saying NOT FAIR NOT FAIR! when I think Google's trying to prevent or get a head start on the rootkit kids, the modders, and others that the marketplace perceive as disrupters. It might be nice to have the code exposed, but if you haven't figured out what changes in Honeycomb, you aren't really looking hard.
The dangerous thing between iOS and Android is that their security models aren't really that strong. One of these days, people will figure out how to do push cert forgeries, then the battle is on. All those nice plans about using your phone as an ATM card go bye bye. Imagine a CSS with a bad, but seemingly legit cert. Boom.
No doubt there is the highest market cap of any US tech stock, ever.
The bottom has a rocky reputation, and Apple has been there. With ego comes great fear. I mention nothing about desperation. Litigation is just one more type of armor.
The Android Kernel is GPL2. Some components are Apache. I missed a word in front of GPL in the post "Linux."
As regards the cost of OSX and iOS development, I think frankly you're not getting my point. There's a larger, UNPAID (for the large part) developer community paying for Android (mostly non-kernel, like ROMpacks, etc.) development. The Android apps grow, with a less draconian approach than Apple developer orgs. The process Apple devs go thru vs what Android devs go thru is dramatically different-- try them both if you haven't already. Apple paid a huge sum to strengthen and maintain the MacOS and iOS payloads. This is not the case with Linux payloads.
It really boils down to closed vs open source, as Apple in my mind has become more and more closed. Yes, the kernel is out there for others to see and play with, but it's a microkernel, and certainly not the core of Apple's OS development efforts. Apple also has about a dozen closed-source, non-free app trees that it's maintaining, and expensively.
Merging iOS and OSX isn't like what Microsoft had to do when they merged DOS Windows kernels (win95/98/me) into native Intel "win32" code streams to do Windows 2000-- the merged muck. One tree is chained to Intel's fatuous multicore CPUs, while the iOS tree is poised towards custom ARM CPUs that Apple loves so much (as it helps them meet their overall value targets).
To summarize: Apple's code effort costs vastly more than Google's, for the basic classic reasons that closed source costs more than open-- and this holds true if you're a developer organization, too.
The subtle distinctions in UI are another red herring. It's like Apple's claim of the iPad form factor. Because it has round edges, it must be patentable, right?
Apple is desperate to keep their stock price high, and that means entrenching themselves in their beachheaded markets. Fight fight fight. Use the fanboi pawns to astroturf. Litigate every meaningless shred of newness as IP. They learned this from a long line of computer companies going back nearly 50yrs now.
These 'crises', too, will pass.
MeeGo is inventive as is WebOS. But I'm guessing that HP has non-aggression pacts with several of the other companies dating back from the old days, and their acquisition of Palm. Intel desperately wants to play, too.
The problem is: you can build your own proprietary OS from BSD roots and invest a lot of money, or you can get a GPL license derivative (Android) and go with that at a much cheaper cost. Apple's now paying the price for making their deriviations of the Darwin tree more proprietary.
Eventually, however, the transaction relates to a buyer at an IPv6 address. As most IPv6 addresses aren't behind a NAT, they can be eventually profiled as to who they are.
And since those carrying an iPhone to make the purchase have their GPS tracked, we know where they are for large parts of the day. Let's say that the phone location between 10pm and 6am is likely where they live. Oh, let's crossref that to a Google map to find out what their apartment looks like. Gosh, see where else they go? Neat, huh?
I'm not sure DHS need to do much of anything. Between IPv6 and phone-home-with-GPS data, we're all tracked in the US (and other parts of the planet) now.
Which is why four 12 gauge shells ought to be just the masochism that a forensic artist was looking for, after a few CDs are lined up in a row for target practice.
Superficial surfing (IANAL and don't have access to lots of pending litigation databases) reveals one (http://privacyblog.littler.com/2010/06/articles/hipaa-1/jail-time-for-physicians-hipaa-violation-highlights-need-to-redouble-compliance-efforts/) and that's about it.
Is it snake oil? Perhaps. IANAL. Can't really say. But you didn't answer my question: would you posit to your executive management to "just lay lax" on HIPAA rules?
"Federal Enforcement Reports indicate that between April 2003 and April 2007, more than 27,000 HIPAA complaints have been registered with the Department of Health and Human Services; however, to date, convictions have been few. HIPAA privacy enforcement has been assigned to the DHHS Office of Civil Rights, which has openly characterized its past enforcement efforts as being largely educational and remedial.
However, there are indications that federal enforcement is likely to increase. One such indication is an April 16, 2007, notice in the Federal Register that the secretary of the DHHS has delegated to the director of the OCR subpoena authority to obtain testimony from witnesses in ongoing violation investigations. Meanwhile, Centers for Medicare and Medicaid Services is investigating security violations. If the investigation discloses possible criminal violation, the matter is now referred to the Department of Justice for investigation.
In what appears to be the first HIPAA audit of a hospital performed by the DHHS, the Office of the Inspector General of DHHS presented Piedmont Hospital in Atlanta a list of 42 items about which the DHHS wanted information within ten days.3 Public information on this audit is otherwise presently scarce, but other hospitals are certainly taking notice, and many are upgrading their security systems or taking other data protection measures.
Federal Convictions The first HIPAA conviction was of Richard Gibson in November 2004 and was based upon Gibsonâ(TM)s admission that he disclosed protected health information of a patient for the purpose of obtaining credit cards in the patientâ(TM)s name, which he then used to make thousands of dollars worth of personal purchases.
The second criminal conviction was of Liz Ramirez in Texas. This defendant worked in the office of a physician who provided FBI agents with physical examinations and medical treatment. An undercover investigator posed as a drug trafficker to buy PHI on a particular FBI agent for a $500 payment to Ramirez.
More recently, a widely publicized south Florida case involved Isis Machado, a former employee of Cleveland Clinic Hospital, who printed out the PHI on over 1,100 patients and passed them to her cousin, Fernando Ferrer â" who happened to own a claims company. Through that company, he filed over $2.5 million in fraudulent Medicare claims. Machado plead guilty to the conspiracy and received a reduced sentence of three yearsâ(TM) probation, including six months of home confinement, for her testimony against Ferrer. Ferrer plead not guilty but was found guilty and sentenced to seven years, three months in prison â" plus supervised release. The defendants were ordered to make restitution of a combined $2.51 million to the government."
Fines? Not yet. Litigation: yeah. Firings? Watched them in action.
Lax does get punished. I've done it myself. I'd posit that if you told the president of your company that HIPAA compliance was irresponsible, you'd get a negative reaction, and deservedly. We don't shoot people because they're assholes-- we prosecute and litigate.
Did you ever think that one of the reasons that there aren't any big HIPAA lawsuits is that there might be actual compliance? I know. Tough to believe.
Yes, there are some consultants making too may bucks on the subject. But patient data privacy has some very large case law backing up the need to comply. Indeed patient privacy may have the strongest protection for privacy in all of US case law. Lax security causes breaches. Breeahes cause both litigation but also client dissatisfaction.
No matter the industry, there's SarBox, Patriot Act, and regulatory issues to deal with as well. If you want to be lax, you also thwart the denominator of security for your organization. It's irresponsible.
There are pesky due-process theories that might be in the way, but I've seen machines confiscated, stripped of data (even firmware), rejuvenated to just-purchased state, and returned.
I think the intent might have seemed honorable but it seems very badly executed.
It's meaningless. Browsers don't really participate in DDoS attacks; the attacks come from software that uses DNS reflection techniques to saturate TCP and other socket connections until load balancers fail, the servers are saturated, and everything has to time-out.
Protections really don't involve browser back-offs, they relate to parsing source address data, then filtering those out so genuine traffic gets through, rather than traffic that saturates the sockets.
This isn't about power, it's about teamwork. Opening up an organization to a lot of liability is *a bad thing*. I believe in trying to help interdepartmental and interdisciplinary efforts as much as is reasonably possible, but certain responsibilities are really clear and obvious.
Yes, there are also some really underfunded IT departments and staff, and some IT departments clearly need improvement. I cite my case as I execute my responsibilities. YMMV.
Hence my caveat about not knowing all of the facts. If this is a hospital in a developed country, IT policy and the implications of rogue equipment ought to be well known to a department head.
While handing such a device over to IT might seem the right thing, ownership isn't currently established and it's implied the individual bought it with his own funds and deployed it him/herself. Handing such a device over to IT might not allow it to be work as it's not established that IT supports such a server or wants to-- like it or not-- and he/she may not.
To analogize: installing an unapproved stent into a patient's not a wise idea.
Depending on the poster's country, there may be a lot of regulatory, compliance, legal, and other issues at play here. This appears to be a rogue server as you cite. If I were the head of IT, I'd have it outta-there in a heartbeat and write up whomever deployed it-- on the surface and without other information, this is a problem.
WIthout more information, it sounds to me like a convenience issue for the department head, but it's a legal nightmare looking for a spot marked X-- that server, for starters.
Acquisition can be love and war, but in the end, it's for business expansion/continuation whatever the motive is for the press.
If Google buys them, it's bad news. Google sucks at acquisitions. Apple's a bit better, but also has more ecosystem development experience. Apple has fewer brains, but better market discipline. Apple has zen, but Google has testosterone and people that do mental bungie jumping--- and an eye for acquisitions. However: when investors look at ten year revenue streams, it's the ecosystem developmental experience that would drive Apple to success. Even Microsoft could do this, but they didn't invent it.
Slashdot Mirror
Because that only gets you onezies and twozies. Why not crack into the Sony network and get more juicy pickings, lots of them, and while you're at it, disrupt gamers and drive them mad?
Facebook has few to no credit cards. If you brought them down, it would just mean people lost weight by getting some real exercise for a change.
Then comes the correlation part, the subpoenas, the expert witnesses and experts, but people believe what they see in a log. That it's kept at all still requires a better explanation than Jobs has given. It's not really believable.
They could just overwrite each time if there was no collection data set being accumulated. The last location ought to do it for most applications. I could see the last ten locations where there are a lot of towers and you're using GPS. But a history is a different thing. And we don't know that any of the applications use the data, and we don't know that they don't. The only evidence seen so far is that it's a history-- a long history. Was the coder THAT sloppy?
You're right. They're digging themselves a hole deep and wide enough that others are likely to fall into it as well. I'm guessing that they're about to get spanked pretty hard. If the judiciary is smart they'll stop them immediately before the hole gets wider. Giving them enough rope to hang themselves, while fun to watch, also can have a backlash produced by the tolerance of such a folly.
The other very important point is that SpaceX has to stay in business. The government will be around whether we like it or not, so their incentives are different. And with luck, SpaceX will have competition that will drive them even further. Again, government doesn't have competition save for the meaningless of who's voted into office currently. SpaceX has to think about staying ahead. Government stays in business by edict and law. I'll take economic drivers rather than legal ones any day.
Everyone sweats about Google not releasing source to Honeycomb/3.x and I'm telling you it's mostly meaningless. There are nice gadgets out with 3.x, and the old code works on it just fine. Yeah, you'll get some upticks for specific groups of apps, but by no means the majority.
Still, many point fingers saying NOT FAIR NOT FAIR! when I think Google's trying to prevent or get a head start on the rootkit kids, the modders, and others that the marketplace perceive as disrupters. It might be nice to have the code exposed, but if you haven't figured out what changes in Honeycomb, you aren't really looking hard.
The dangerous thing between iOS and Android is that their security models aren't really that strong. One of these days, people will figure out how to do push cert forgeries, then the battle is on. All those nice plans about using your phone as an ATM card go bye bye. Imagine a CSS with a bad, but seemingly legit cert. Boom.
We have to disagree. I'm in both dev programs. Been doing OS watching for nearly 40 years.
I understand the size of each organization's code, how it's made, approximately by whom.
You're a fanboi. There's no saving you. Your opinions are formed, hardened, and are trying to stand the test of time.
No doubt there is ego.
No doubt there is the highest market cap of any US tech stock, ever.
The bottom has a rocky reputation, and Apple has been there. With ego comes great fear. I mention nothing about desperation. Litigation is just one more type of armor.
The Android Kernel is GPL2. Some components are Apache. I missed a word in front of GPL in the post "Linux."
As regards the cost of OSX and iOS development, I think frankly you're not getting my point. There's a larger, UNPAID (for the large part) developer community paying for Android (mostly non-kernel, like ROMpacks, etc.) development. The Android apps grow, with a less draconian approach than Apple developer orgs. The process Apple devs go thru vs what Android devs go thru is dramatically different-- try them both if you haven't already. Apple paid a huge sum to strengthen and maintain the MacOS and iOS payloads. This is not the case with Linux payloads.
It really boils down to closed vs open source, as Apple in my mind has become more and more closed. Yes, the kernel is out there for others to see and play with, but it's a microkernel, and certainly not the core of Apple's OS development efforts. Apple also has about a dozen closed-source, non-free app trees that it's maintaining, and expensively.
Merging iOS and OSX isn't like what Microsoft had to do when they merged DOS Windows kernels (win95/98/me) into native Intel "win32" code streams to do Windows 2000-- the merged muck. One tree is chained to Intel's fatuous multicore CPUs, while the iOS tree is poised towards custom ARM CPUs that Apple loves so much (as it helps them meet their overall value targets).
To summarize: Apple's code effort costs vastly more than Google's, for the basic classic reasons that closed source costs more than open-- and this holds true if you're a developer organization, too.
The subtle distinctions in UI are another red herring. It's like Apple's claim of the iPad form factor. Because it has round edges, it must be patentable, right?
Apple is desperate to keep their stock price high, and that means entrenching themselves in their beachheaded markets. Fight fight fight. Use the fanboi pawns to astroturf. Litigate every meaningless shred of newness as IP. They learned this from a long line of computer companies going back nearly 50yrs now.
These 'crises', too, will pass.
MeeGo is inventive as is WebOS. But I'm guessing that HP has non-aggression pacts with several of the other companies dating back from the old days, and their acquisition of Palm. Intel desperately wants to play, too.
The problem is: you can build your own proprietary OS from BSD roots and invest a lot of money, or you can get a GPL license derivative (Android) and go with that at a much cheaper cost. Apple's now paying the price for making their deriviations of the Darwin tree more proprietary.
Eventually, however, the transaction relates to a buyer at an IPv6 address. As most IPv6 addresses aren't behind a NAT, they can be eventually profiled as to who they are.
And since those carrying an iPhone to make the purchase have their GPS tracked, we know where they are for large parts of the day. Let's say that the phone location between 10pm and 6am is likely where they live. Oh, let's crossref that to a Google map to find out what their apartment looks like. Gosh, see where else they go? Neat, huh?
I'm not sure DHS need to do much of anything. Between IPv6 and phone-home-with-GPS data, we're all tracked in the US (and other parts of the planet) now.
Which is why four 12 gauge shells ought to be just the masochism that a forensic artist was looking for, after a few CDs are lined up in a row for target practice.
Seems so. The linked article is just as insane as the post. I guess I got sucked in.
Superficial surfing (IANAL and don't have access to lots of pending litigation databases) reveals one (http://privacyblog.littler.com/2010/06/articles/hipaa-1/jail-time-for-physicians-hipaa-violation-highlights-need-to-redouble-compliance-efforts/) and that's about it.
Is it snake oil? Perhaps. IANAL. Can't really say. But you didn't answer my question: would you posit to your executive management to "just lay lax" on HIPAA rules?
From http://www.lorman.com/newsletter/article.php?article_id=830&newsletter_id=182&category_id=8&topic=LIT
"Federal Enforcement
Reports indicate that between April 2003 and April 2007, more than 27,000 HIPAA complaints have been registered with the Department of Health and Human Services; however, to date, convictions have been few. HIPAA privacy enforcement has been assigned to the DHHS Office of Civil Rights, which has openly characterized its past enforcement efforts as being largely educational and remedial.
However, there are indications that federal enforcement is likely to increase. One such indication is an April 16, 2007, notice in the Federal Register that the secretary of the DHHS has delegated to the director of the OCR subpoena authority to obtain testimony from witnesses in ongoing violation investigations. Meanwhile, Centers for Medicare and Medicaid Services is investigating security violations. If the investigation discloses possible criminal violation, the matter is now referred to the Department of Justice for investigation.
In what appears to be the first HIPAA audit of a hospital performed by the DHHS, the Office of the Inspector General of DHHS presented Piedmont Hospital in Atlanta a list of 42 items about which the DHHS wanted information within ten days.3 Public information on this audit is otherwise presently scarce, but other hospitals are certainly taking notice, and many are upgrading their security systems or taking other data protection measures.
Federal Convictions
The first HIPAA conviction was of Richard Gibson in November 2004 and was based upon Gibsonâ(TM)s admission that he disclosed protected health information of a patient for the purpose of obtaining credit cards in the patientâ(TM)s name, which he then used to make thousands of dollars worth of personal purchases.
The second criminal conviction was of Liz Ramirez in Texas. This defendant worked in the office of a physician who provided FBI agents with physical examinations and medical treatment. An undercover investigator posed as a drug trafficker to buy PHI on a particular FBI agent for a $500 payment to Ramirez.
More recently, a widely publicized south Florida case involved Isis Machado, a former employee of Cleveland Clinic Hospital, who printed out the PHI on over 1,100 patients and passed them to her cousin, Fernando Ferrer â" who happened to own a claims company. Through that company, he filed over $2.5 million in fraudulent Medicare claims. Machado plead guilty to the conspiracy and received a reduced sentence of three yearsâ(TM) probation, including six months of home confinement, for her testimony against Ferrer. Ferrer plead not guilty but was found guilty and sentenced to seven years, three months in prison â" plus supervised release. The defendants were ordered to make restitution of a combined $2.51 million to the government."
Fines? Not yet. Litigation: yeah. Firings? Watched them in action.
Lax does get punished. I've done it myself. I'd posit that if you told the president of your company that HIPAA compliance was irresponsible, you'd get a negative reaction, and deservedly. We don't shoot people because they're assholes-- we prosecute and litigate.
My Droid 2 looks the same way. Is there a hold-harmless cross-license between Moto and Apple? Oh, wait....
Did you ever think that one of the reasons that there aren't any big HIPAA lawsuits is that there might be actual compliance? I know. Tough to believe.
Yes, there are some consultants making too may bucks on the subject. But patient data privacy has some very large case law backing up the need to comply. Indeed patient privacy may have the strongest protection for privacy in all of US case law. Lax security causes breaches. Breeahes cause both litigation but also client dissatisfaction.
No matter the industry, there's SarBox, Patriot Act, and regulatory issues to deal with as well. If you want to be lax, you also thwart the denominator of security for your organization. It's irresponsible.
There are pesky due-process theories that might be in the way, but I've seen machines confiscated, stripped of data (even firmware), rejuvenated to just-purchased state, and returned.
I think the intent might have seemed honorable but it seems very badly executed.
It's meaningless. Browsers don't really participate in DDoS attacks; the attacks come from software that uses DNS reflection techniques to saturate TCP and other socket connections until load balancers fail, the servers are saturated, and everything has to time-out.
Protections really don't involve browser back-offs, they relate to parsing source address data, then filtering those out so genuine traffic gets through, rather than traffic that saturates the sockets.
This isn't about power, it's about teamwork. Opening up an organization to a lot of liability is *a bad thing*. I believe in trying to help interdepartmental and interdisciplinary efforts as much as is reasonably possible, but certain responsibilities are really clear and obvious.
Yes, there are also some really underfunded IT departments and staff, and some IT departments clearly need improvement. I cite my case as I execute my responsibilities. YMMV.
Hence my caveat about not knowing all of the facts. If this is a hospital in a developed country, IT policy and the implications of rogue equipment ought to be well known to a department head.
While handing such a device over to IT might seem the right thing, ownership isn't currently established and it's implied the individual bought it with his own funds and deployed it him/herself. Handing such a device over to IT might not allow it to be work as it's not established that IT supports such a server or wants to-- like it or not-- and he/she may not.
To analogize: installing an unapproved stent into a patient's not a wise idea.
Depending on the poster's country, there may be a lot of regulatory, compliance, legal, and other issues at play here. This appears to be a rogue server as you cite. If I were the head of IT, I'd have it outta-there in a heartbeat and write up whomever deployed it-- on the surface and without other information, this is a problem.
WIthout more information, it sounds to me like a convenience issue for the department head, but it's a legal nightmare looking for a spot marked X-- that server, for starters.
It's true. Lincoln freed the slaves.
Acquisition can be love and war, but in the end, it's for business expansion/continuation whatever the motive is for the press.
If Google buys them, it's bad news. Google sucks at acquisitions. Apple's a bit better, but also has more ecosystem development experience. Apple has fewer brains, but better market discipline. Apple has zen, but Google has testosterone and people that do mental bungie jumping--- and an eye for acquisitions. However: when investors look at ten year revenue streams, it's the ecosystem developmental experience that would drive Apple to success. Even Microsoft could do this, but they didn't invent it.