I did something similar. I signed up for the twitter account in order to follow a handful of others, and get event results (not all of which I am interested in). Of some use is an education account I follow for occasional tips learning a foreign language.
I think twitter is great for "one to many" information dissemination.
All these problems you attribute to NASA are actually congressional problems. NASA budgets are are the chopping block every year. The only way they get stuff passed is by distributing the work to every Congress member's districts. That's fucked up as you would expect, but we're a country that doesn't give a shit about funding science, paying scientists very well, or even listening to scientists. In fact there's a whole industry around discrediting climate scientists, since that threatens corporate profits, and a huge number of adults Americans don't believe in evolution. Entertainment and sports are the heroes and finance is where the big bucks are.
I don't get it, after reading the comments here, why is there so much resistance accept that man is causing climate change?
Because the average anti-government libertarian retard neckbeard doesn't want to deal with the followup to accepting the science: behavior change, banned products, infringement on their god-given right to burn all the oil they want, conservation of resources, etc.
They just don't give a fuck and the simplest way to resolve any cognitive dissonance or guilt or rationalize not doing anything (i.e. living the same lifestyle they are accustom, unwilling to change change anything), is to simply pretend it doesn't exist and claim the science is bullshit and a conspiracy. They latch on to counter arguments presented to scientists funded by energy companies and the Koch brothers and figure screw the poorer parts of the planet, they didn't get to my massive consumption lifestyle early enough so they lose out first while we all go over the cliff.
Why even have the same agency responsible for foreign electronic intelligence and put them in charge of "cyberdefence" (how I hate that term..).
It's a massive conflict of interest. You're virtually begging them to find and then sit on dangerous exploits.
Their "cyberdefence" mission is to defend DoD systems, not the entire world's computers.
If you don't like it, gripe that NIST and DHS aren't doing their jobs (they are the agencies actually over commercial internet security and non-DoD government sites) or transfer/alter their authority. Everybody thinking the NSA is there to protect their banking and email all have the wrong idea of what they do.
The fact that they didn't tell anyone though shows that the S is NSA is bullshit. They cared more about being able to exploit the vulnerability themselves than making their country's computers more secure. If they cared one shit about their country's security then they'd have big teams dedicated to finding software vulnerabilities and working with vendors to fix them.
You are confused as to what NSA's "defensive" mission is. They aren't there to be the defenders of the internet. They aren't there to be corporate America's QA department. They aren't there to review open source and provide fixes. They aren't there to "make the country's computers more secure".
They are there to protect DoD classified systems. That's the defensive mission, as an agency under the DoD umbrella. Protect DoD classified systems and anything that deals with military activities. All this extraneous whining - none of it is their mission.
It's a simple calculation on their side as far as the defensive mission - does "vulnerability X" involve classified DoD systems or ones that have military information? No? NOT THEIR PROBLEM.
Don't like it? Well too bad, you don't get to gripe when they don't follow their mandate and also gripe when they do.
If you want to complain, take that up with congress or the president to alter their mandate/directive. Or, take it up to congress to provide more funding for the agencies that are actually supposed to be looking out for commercial internet use and regular gov sites - NIST and DHS. Or, lobby congress to create a fully civilian non-DoD agency that's there to provide an extra security layer for the world at large. And in that last case, don't bitch about the government spending money when clearly the free market is failing to provide a solution, since it appears greedy for-profit corporations are happy to use but not contribute any resources towards this critical software infrastructure.
With the constant complaining about them and government in general from all the anti-government libertarian neck beards here, why would they even bother producing a fix? Who would trust code they released? This would not be like the selinux release, which is optional and provided new capabilities - if they produced a fixed openssl nobody would use it until code reviewing for years. They'd spend more time with PR and a ton of bullshit than doing nothing at all which is free from their perspective. If they disclosed the bug, they don't have any power to compel "the internet" to upgrade to a fixed version, so they'd be blamed for exploits and vulnerabilities during the time servers were slowly upgraded.
Whatever they do, somebody would gripe and given it ISN'T THEIR JOB in the first place, doing nothing looks like the game-theory resulting best call.
If you replace "functional" with "object oriented" and went back in time 20 years ago, your dismissive, skeptical attitude would have fit right in that era as well.
As in: many languages have benefited by gaining object-oriented aspects, haven't found a reason to use an object-oriented language, nothing compelling enough to apply elsewhere, fully aware that a month isn't long enough to master anything but it were cool and earth-shattering then it would obviously manifest.
Sure, maybe the functional hype machine is cranked a little high, but what are you expecting - a concise summary of the years of improvements knowledge, experience in software development and language research, summarized and tailored to highlight the personal benefits to your workflow?
I would suggest picking up a few books and investing more than one month in figuring anything out. Start with the functional support in a language like Python (https://docs.python.org/2/howto/functional.html). Code stuff up one way and then in another. Basically unless you actually invest some effort you won't believe what somebody comes along to tell you.
>authorization from "installing too much" was Apple to activate iTunes.
I've never had to call Apple for that. Just "Deauthorize all computers" to wipe out the non-functional, no longer owned, temporarily installed, whatever iTunes instances, and then reauthorize my current machines.
Much faster than the times (admittedly small handful) I've had to call Microsoft and then deal with their automatic phone system to get activation codes.
If you don't like it, vote for somebody who will increase science spending.
Sad but true; only the government can make this happen, since there isn't any profit to be had via science spending in the next quarter or year (which is all modern corporations look at).
Well, too bad. I mean sorry, kids, that your parents were dumbasses, but you don't get to complain about a nanny state (preventing you from building in a risky location) and complain about the lack of a nanny state (that didn't forcibly remove you or removed your kids) at the same time.
Here is my view, as a Libertarian: Government has no right to define what is or what isn't marriage.
Marriage confers various legal statuses, and as such, involves the gov't.
Now if you are talking about some kind of Libertarian exception that exempts both spouses from ALL legal status and responsibilities, then sure, knock yourself out. Just be happy with a giant middle finger if later you wanted one of those rights/benefits you passed on, to avoid the gov't definition.
But it would be very hypocritical to expect the gov't to grant legal status with marriage, without agreeing to the definition of marriage.
Monopoly abuse? You mean of Comcast, the ISP, right?
Once Netflix caved, paying for bandwidth (the whole thing about an ISP not actually providing the bandwidth they claim to their consumers is another issue), the race will be on for others to do the same.
Or are you going to claim that Comcast, after extorting special payments from Netflix and then demanding the same from Apple, is the fair and free-market way an ISP is supposed to behave??
Corporations generally don't give a flip about this situation:
>I could convince a company to hire me based on willingness to learn and improve.
If that's true, what sets you apart from anybody else that is also willing to learn and improve, with a more extensive background that you have?
That being said, I think what you should do is start networking immediately, reach out to anybody and everyone you know for entry level positions in development and/or system administration. Do not spend the next 6 months studying on your own in the evening, in isolation.
>violate the US Constitution, US law, international treaties, the trust of US allies
Dude, they are an intelligence agency, what the fuck do you think they do? Except the constitutional violation part, that should be reigned in. Violate treaties and trust? Hello are you that naive? If you want to get all butthurt about US violations, start with the wars in Iraq and Afghanistan, which killed thousand, pissed away trillions, and had us take a dump on the world. That an intel agency is developing exploits - this confuses you?
I'm not sure you'll get that much out of studying the Accumulo source code, honestly. Secure coding practices have been widely knows for decades at this point, and it isn't as if they've got some magic way to call sprintf() securely, that nobody else has figured out.
High performance data storage and retrieval? So basically they are interested in dealing with lots of data? I could have told you that without bothering to look at Accumulo (and I haven't). Where their magic lies isn't in the software, it is the DATA, which they aren't releasing (obviously) and don't want to talk about gathering.
It isn't as if they are giving out do_mitm_attack.a or break_encryption.dll.
>To fix existing weaknesses while also deliberately creating others seems illogical and self defeating to me...
Makes perfect sense to me. Think of the low hanging fruit theory. Fix a weakness that adversaries and script kiddies can find (thus, the weakness has no actual long term value) and create ones that take nation-state levels of effort to get.
I thought Slashdot was the bastion of "technology is inherently neutral; anything can be used for various purposes and that doesn't make them bad". See previous argument as applied to guns, encryption, laser pointers, chemistry, hell scientific progress in general.
So now you just need to bribe a few extra people to clear a plane for flight with a non-functional tracking device installed by maintainence?
Folks, we're talking about protection $250 million. If your simple suggestion won't resist $25 million of theft effort, it is worthless, as in it merely provides the illusion of protection.
Simple: is it possible to protect a $250 million dollar asset against, say 10% effort ($25 million) to steal it? $25 million pays for a lot of training, bypass devices, and bribes.
If Slashdot let me edit posts I'd put that in my original: what is the break even point of added cost of incremental protection versus cost of theft? For a $250 million dollar asset, you need a system that at least resists $25 million of theft effort. Otherwise it is an illusion of protection.
So you've added two or three more people to be bribed to ignore a faulty tracking device - 1 or 2 in maintenance, and someone in the control tower? A group bankrolling a $250 million theft attempt, this is small peanuts to work around.
More info about what happened will help, but at the moment it appears adding a few more beacons on the aircraft would be an illusion of protection. Now if they were super cheap, sure do it. But for a $250 million profit I think you can bypass a hell of a lot of gizmos between training and bribes, if you were willing to invest say 10% of that.
How would you guarantee such a tracking device resists all possible sabotage efforts?
That kind of mindset seems to be common in Slashdot. "If something is not completely perfect, it's completely useless." Many times comes up in security-related articles.
Like cryptography, it comes down to the value being protected versus the cost of protecting it. For a 777 worth a quarter of a billion dollars, a couple of transponders located wherever (outside, inside, in the tail fin, wing) would increment the cost of ripping the plane off just a little - mostly by including a few more people to bribe to ignore problems.
What I'm saying is that given how expensive the asset is, what is the real added value of a few enhancements (all the suggestions boil down to more locator beacons)? I'd argue bypassing a handful of locator beacons would cost less than say $25 million in more bribes and so on, making a 777 theft still profitable.
The point is somebody willing to ripoff a hundred million dollars is willing to invest several million doing it. If your anti-theft device can't resist millions of dollars of effort, then it is pointless.
As for putting it outside the plane and whatever, the ring of thieves merely has to bribe an extra person or two in the maintenance hangar and air traffic control, to sign off on a non-functional device and then clear the plane for takeoff. Then the reasonably impervious device is bypassed altogether.
Again, the asset being protected is worth hundreds of millions. It comes down to how much are you willing to spend to steal it? Google tells me the "list price" of a 777 is around $250 million. Could 5-10 key people splitting 25 million do it?
If somebody is willing to ripoff a hundred million dollar plane, as the OP mentions, they are also willing to invest millions in stealing it. Your car with an anti-theft device isn't the same reward to effort that motivated people interested in stealing a 777 would be willing to put in.
So the cost of bypassing the anti-theft device needs to be very large, or there isn't a point in having it.
Slashdot Mirror
I did something similar. I signed up for the twitter account in order to follow a handful of others, and get event results (not all of which I am interested in). Of some use is an education account I follow for occasional tips learning a foreign language.
I think twitter is great for "one to many" information dissemination.
All these problems you attribute to NASA are actually congressional problems. NASA budgets are are the chopping block every year. The only way they get stuff passed is by distributing the work to every Congress member's districts. That's fucked up as you would expect, but we're a country that doesn't give a shit about funding science, paying scientists very well, or even listening to scientists. In fact there's a whole industry around discrediting climate scientists, since that threatens corporate profits, and a huge number of adults Americans don't believe in evolution. Entertainment and sports are the heroes and finance is where the big bucks are.
I don't get it, after reading the comments here, why is there so much resistance accept that man is causing climate change?
Because the average anti-government libertarian retard neckbeard doesn't want to deal with the followup to accepting the science: behavior change, banned products, infringement on their god-given right to burn all the oil they want, conservation of resources, etc.
They just don't give a fuck and the simplest way to resolve any cognitive dissonance or guilt or rationalize not doing anything (i.e. living the same lifestyle they are accustom, unwilling to change change anything), is to simply pretend it doesn't exist and claim the science is bullshit and a conspiracy. They latch on to counter arguments presented to scientists funded by energy companies and the Koch brothers and figure screw the poorer parts of the planet, they didn't get to my massive consumption lifestyle early enough so they lose out first while we all go over the cliff.
Why even have the same agency responsible for foreign electronic intelligence and put them in charge of "cyberdefence" (how I hate that term..).
It's a massive conflict of interest. You're virtually begging them to find and then sit on dangerous exploits.
Their "cyberdefence" mission is to defend DoD systems, not the entire world's computers.
If you don't like it, gripe that NIST and DHS aren't doing their jobs (they are the agencies actually over commercial internet security and non-DoD government sites) or transfer/alter their authority. Everybody thinking the NSA is there to protect their banking and email all have the wrong idea of what they do.
The fact that they didn't tell anyone though shows that the S is NSA is bullshit. They cared more about being able to exploit the vulnerability themselves than making their country's computers more secure. If they cared one shit about their country's security then they'd have big teams dedicated to finding software vulnerabilities and working with vendors to fix them.
You are confused as to what NSA's "defensive" mission is. They aren't there to be the defenders of the internet. They aren't there to be corporate America's QA department. They aren't there to review open source and provide fixes. They aren't there to "make the country's computers more secure".
They are there to protect DoD classified systems. That's the defensive mission, as an agency under the DoD umbrella. Protect DoD classified systems and anything that deals with military activities. All this extraneous whining - none of it is their mission.
It's a simple calculation on their side as far as the defensive mission - does "vulnerability X" involve classified DoD systems or ones that have military information? No? NOT THEIR PROBLEM.
Don't like it? Well too bad, you don't get to gripe when they don't follow their mandate and also gripe when they do.
If you want to complain, take that up with congress or the president to alter their mandate/directive. Or, take it up to congress to provide more funding for the agencies that are actually supposed to be looking out for commercial internet use and regular gov sites - NIST and DHS. Or, lobby congress to create a fully civilian non-DoD agency that's there to provide an extra security layer for the world at large. And in that last case, don't bitch about the government spending money when clearly the free market is failing to provide a solution, since it appears greedy for-profit corporations are happy to use but not contribute any resources towards this critical software infrastructure.
With the constant complaining about them and government in general from all the anti-government libertarian neck beards here, why would they even bother producing a fix? Who would trust code they released? This would not be like the selinux release, which is optional and provided new capabilities - if they produced a fixed openssl nobody would use it until code reviewing for years. They'd spend more time with PR and a ton of bullshit than doing nothing at all which is free from their perspective. If they disclosed the bug, they don't have any power to compel "the internet" to upgrade to a fixed version, so they'd be blamed for exploits and vulnerabilities during the time servers were slowly upgraded.
Whatever they do, somebody would gripe and given it ISN'T THEIR JOB in the first place, doing nothing looks like the game-theory resulting best call.
Slow weekend at Ars? Had you actually looked at the Ars article, you may have noticed it was from one month ago, March 4 2014.
The fact it's here now (and is also a dupe of a previous article here) reflects more on Slashdot and its submitters and editors, than Ars.
This whole comment doesn't even make sense.
The Fibonacci examples at Rosetta Code are all longer for Ocaml than C, iterative and recursive.
And are you implying ML "encourages economy of expression that's actually antithetical to maintainable code"... but C doesn't? Seriously?
If you replace "functional" with "object oriented" and went back in time 20 years ago, your dismissive, skeptical attitude would have fit right in that era as well.
As in: many languages have benefited by gaining object-oriented aspects, haven't found a reason to use an object-oriented language, nothing compelling enough to apply elsewhere, fully aware that a month isn't long enough to master anything but it were cool and earth-shattering then it would obviously manifest.
Sure, maybe the functional hype machine is cranked a little high, but what are you expecting - a concise summary of the years of improvements knowledge, experience in software development and language research, summarized and tailored to highlight the personal benefits to your workflow?
I would suggest picking up a few books and investing more than one month in figuring anything out. Start with the functional support in a language like Python (https://docs.python.org/2/howto/functional.html). Code stuff up one way and then in another. Basically unless you actually invest some effort you won't believe what somebody comes along to tell you.
>authorization from "installing too much" was Apple to activate iTunes.
I've never had to call Apple for that. Just "Deauthorize all computers" to wipe out the non-functional, no longer owned, temporarily installed, whatever iTunes instances, and then reauthorize my current machines.
Much faster than the times (admittedly small handful) I've had to call Microsoft and then deal with their automatic phone system to get activation codes.
If you don't like it, vote for somebody who will increase science spending.
Sad but true; only the government can make this happen, since there isn't any profit to be had via science spending in the next quarter or year (which is all modern corporations look at).
Well, too bad. I mean sorry, kids, that your parents were dumbasses, but you don't get to complain about a nanny state (preventing you from building in a risky location) and complain about the lack of a nanny state (that didn't forcibly remove you or removed your kids) at the same time.
Here is my view, as a Libertarian: Government has no right to define what is or what isn't marriage.
Marriage confers various legal statuses, and as such, involves the gov't.
Now if you are talking about some kind of Libertarian exception that exempts both spouses from ALL legal status and responsibilities, then sure, knock yourself out. Just be happy with a giant middle finger if later you wanted one of those rights/benefits you passed on, to avoid the gov't definition.
But it would be very hypocritical to expect the gov't to grant legal status with marriage, without agreeing to the definition of marriage.
Dude, your original claim is complete bullshit (can't get ANY manual), so come on, man up, and admit you were either willfully ignorant or stupid.
Monopoly abuse? You mean of Comcast, the ISP, right?
Once Netflix caved, paying for bandwidth (the whole thing about an ISP not actually providing the bandwidth they claim to their consumers is another issue), the race will be on for others to do the same.
Or are you going to claim that Comcast, after extorting special payments from Netflix and then demanding the same from Apple, is the fair and free-market way an ISP is supposed to behave??
Corporations generally don't give a flip about this situation:
>I could convince a company to hire me based on willingness to learn and improve.
If that's true, what sets you apart from anybody else that is also willing to learn and improve, with a more extensive background that you have?
That being said, I think what you should do is start networking immediately, reach out to anybody and everyone you know for entry level positions in development and/or system administration. Do not spend the next 6 months studying on your own in the evening, in isolation.
>violate the US Constitution, US law, international treaties, the trust of US allies
Dude, they are an intelligence agency, what the fuck do you think they do? Except the constitutional violation part, that should be reigned in. Violate treaties and trust? Hello are you that naive? If you want to get all butthurt about US violations, start with the wars in Iraq and Afghanistan, which killed thousand, pissed away trillions, and had us take a dump on the world. That an intel agency is developing exploits - this confuses you?
I'm not sure you'll get that much out of studying the Accumulo source code, honestly. Secure coding practices have been widely knows for decades at this point, and it isn't as if they've got some magic way to call sprintf() securely, that nobody else has figured out.
High performance data storage and retrieval? So basically they are interested in dealing with lots of data? I could have told you that without bothering to look at Accumulo (and I haven't). Where their magic lies isn't in the software, it is the DATA, which they aren't releasing (obviously) and don't want to talk about gathering.
It isn't as if they are giving out do_mitm_attack.a or break_encryption.dll.
>To fix existing weaknesses while also deliberately creating others seems illogical and self defeating to me...
Makes perfect sense to me. Think of the low hanging fruit theory. Fix a weakness that adversaries and script kiddies can find (thus, the weakness has no actual long term value) and create ones that take nation-state levels of effort to get.
How is heck is this insightful?
I thought Slashdot was the bastion of "technology is inherently neutral; anything can be used for various purposes and that doesn't make them bad". See previous argument as applied to guns, encryption, laser pointers, chemistry, hell scientific progress in general.
Put it on the outside of the plane.
So now you just need to bribe a few extra people to clear a plane for flight with a non-functional tracking device installed by maintainence?
Folks, we're talking about protection $250 million. If your simple suggestion won't resist $25 million of theft effort, it is worthless, as in it merely provides the illusion of protection.
Simple: is it possible to protect a $250 million dollar asset against, say 10% effort ($25 million) to steal it?
$25 million pays for a lot of training, bypass devices, and bribes.
If Slashdot let me edit posts I'd put that in my original: what is the break even point of added cost of incremental protection versus cost of theft? For a $250 million dollar asset, you need a system that at least resists $25 million of theft effort. Otherwise it is an illusion of protection.
So you've added two or three more people to be bribed to ignore a faulty tracking device - 1 or 2 in maintenance, and someone in the control tower?
A group bankrolling a $250 million theft attempt, this is small peanuts to work around.
More info about what happened will help, but at the moment it appears adding a few more beacons on the aircraft would be an illusion of protection. Now if they were super cheap, sure do it. But for a $250 million profit I think you can bypass a hell of a lot of gizmos between training and bribes, if you were willing to invest say 10% of that.
How would you guarantee such a tracking device resists all possible sabotage efforts?
That kind of mindset seems to be common in Slashdot. "If something is not completely perfect, it's completely useless." Many times comes up in security-related articles.
Like cryptography, it comes down to the value being protected versus the cost of protecting it. For a 777 worth a quarter of a billion dollars, a couple of transponders located wherever (outside, inside, in the tail fin, wing) would increment the cost of ripping the plane off just a little - mostly by including a few more people to bribe to ignore problems.
What I'm saying is that given how expensive the asset is, what is the real added value of a few enhancements (all the suggestions boil down to more locator beacons)? I'd argue bypassing a handful of locator beacons would cost less than say $25 million in more bribes and so on, making a 777 theft still profitable.
The point is somebody willing to ripoff a hundred million dollars is willing to invest several million doing it.
If your anti-theft device can't resist millions of dollars of effort, then it is pointless.
As for putting it outside the plane and whatever, the ring of thieves merely has to bribe an extra person or two in the maintenance hangar and air traffic control, to sign off on a non-functional device and then clear the plane for takeoff. Then the reasonably impervious device is bypassed altogether.
Again, the asset being protected is worth hundreds of millions. It comes down to how much are you willing to spend to steal it? Google tells me the "list price" of a 777 is around $250 million. Could 5-10 key people splitting 25 million do it?
If somebody is willing to ripoff a hundred million dollar plane, as the OP mentions, they are also willing to invest millions in stealing it.
Your car with an anti-theft device isn't the same reward to effort that motivated people interested in stealing a 777 would be willing to put in.
So the cost of bypassing the anti-theft device needs to be very large, or there isn't a point in having it.
include any kind of built in, always-on, hard-wired tracking device
How would you guarantee such a tracking device resists all possible sabotage efforts?
They should try Kickstarter!