What's the incentive for federal, state, or local politicians & employees to make their systems secure?
For someone in the private sector, there are incentives at all levels of the corporate hierarchy.
If your job description is security, a significant or catastrophic breach could lead to unemployment. If you're in management and your responsibilities include getting good security people hired and supplied with the tools they need, that breach could lead to unemployment. Top executives whose compensation is tied to stock price could find themselves shy quite a few bucks for a few quarters, even if they keep their jobs.
It doesn't always work out that way in the private sector. But the incentives do exist, and do exert an influence.
The common theme in the plots of many of Larry Niven's "Known Space" stories is that the robotic probes sent back incomplete information. A probe would transmit "Come on in, the water's fine!" because it landed during the non-windy season, for instance. Albinism became common among colonists, because they ended up living underground most of the year. Build-in dermal sunscreen was a waste of melanin.
In retrospect, not checking for surface gravity of every planet seems unlikely. Perhaps the sensor was miscalibrated, or malfunctioned. Either way, once the colony on Jinx was well-established, their descendants tended to migrate to low-gravity worlds.
If no one on the team was already aware of Larry Niven's work -- unlikely -- surely someone has dropped them a copy of "A Gift From Earth", etc. by now.
Quick question: Delay shipping while there is any known issue, no matter how minor?
Quick comment: If that's really what you meant, you might want to reconsider your position, or at least talk with someone who's been involved with software development or software testing.
Another quick question: Or did I misunderstand your meaning?
If you can get shot by a cop for holding a cellphone that looks like a cellphone (the cop says: that's my story, and I'm sticking to it), you can get shot for holding a gun that looks like a cellphone.
Glad to hear it. One December I got sick in the end. At one point, the length of my digestive tract, measured in time, became 20 minutes from the time I ate or drank anything to the time I sat on the toilet.
Security gets little attention for all sorts of reasons. It seems to boil down to being unobvious, in two stages.
In a world where "Good, cheap, fast: pick any two" is true (the world we live in, where tradeoffs exist) the two that get picked most often are the ones management and others can easily see: schedule ("fast") and budget ("cheap"). Quality ("good") gets slighted a lot.
Especially the part of quality that isn't easy to spot.
Security that doesn't work right because it makes things difficult or impossible for customers is obvious, and gets addressed pretty quickly. Security that doesn't work right because it makes things possible or even easy for criminals (private sector or public sector) is inconspicuous, and gets found and addressed later or never.
So, engineers and software developers focus on how to make things work and be usable for their intended ways, not how how to make them not work (for criminals) and not be usable for unintended ways by criminals.
Slashdot Mirror
Go ahead. Release the information.
If you have nothing to hide, you have nothing to fear.
What? Isn't that what you keep telling us?
Also works as impeachment deterrent.
Also, Streisand Effect. http://duckduckgo.com?q=streis...
Time to re-read _Snow Crash_, speaking of delivery of small items.
Nate Silvers book, _The Signal and the Noise: Why So Many Predictions Fail-but Some Don't_, contains a more detailed explanation.
Well, that's a relief. Now I don't have to post anything.
Oh, wait ...
Sure, now.
But check back in 70 years, or 5 millennia, and see if it still is.
If those cryptic little ads in the back of old magazines are right, Jesus was made up, too. http://duckduckgo.com/?q=josep...
What's the incentive for federal, state, or local politicians & employees to make their systems secure?
For someone in the private sector, there are incentives at all levels of the corporate hierarchy.
If your job description is security, a significant or catastrophic breach could lead to unemployment. If you're in management and your responsibilities include getting good security people hired and supplied with the tools they need, that breach could lead to unemployment. Top executives whose compensation is tied to stock price could find themselves shy quite a few bucks for a few quarters, even if they keep their jobs.
It doesn't always work out that way in the private sector. But the incentives do exist, and do exert an influence.
Not so much in the government sector.
So, the most effective way to deal with terrible cops is to punish all cops? If I understand you correctly.
Once I'm done telling the mice how to bell the cat, I'll get right on it.
Dev: "You broke my code."
QA: "It was broken when I got it."
The common theme in the plots of many of Larry Niven's "Known Space" stories is that the robotic probes sent back incomplete information. A probe would transmit "Come on in, the water's fine!" because it landed during the non-windy season, for instance. Albinism became common among colonists, because they ended up living underground most of the year. Build-in dermal sunscreen was a waste of melanin.
In retrospect, not checking for surface gravity of every planet seems unlikely. Perhaps the sensor was miscalibrated, or malfunctioned. Either way, once the colony on Jinx was well-established, their descendants tended to migrate to low-gravity worlds.
If no one on the team was already aware of Larry Niven's work -- unlikely -- surely someone has dropped them a copy of "A Gift From Earth", etc. by now.
Quick question: Delay shipping while there is any known issue, no matter how minor?
Quick comment: If that's really what you meant, you might want to reconsider your position, or at least talk with someone who's been involved with software development or software testing.
Another quick question: Or did I misunderstand your meaning?
Oh, my.
I knew it was racist in its effects. But I hadn't heard it was deliberately so, before now.
FDR is slowly getting de-deified. http://duckduckgo.com/?q=regim...
So, "people". More than one.
Good to know. Do you know how many more than one?
Let me know when it's just about unanimous, OK? So I'll know it's time to start worrying.
Because their stupidity is an important thing working in our favor.
In post-Constitutional America, what is supposed to happen and what actually happens are quite a bit different.
Likewise, what is supposed to not happen and what actually doesn't happen are quite different, too.
"Fusion reactors you can unplug and they tend to be safer."
For now. But 25 years from now, when we have practical fusion power, the fusion reactor can power itself.
On the plus side, 25 years from now, we will still be 25 years away from practical fusion power so, no worries.
"Intelligence is a military function always has been."
And when a government routinely spies on its citizens?
Doesn't that mean that the government thinks it is at war, and that it thinks of us as the enemy?
The Huffington Post has a new slogan: More professional than "Rolling Stone".
OK, OK. I'll read the article.
Since then, someone else has taken up the slack. And then some.
How about burn dozens of people to death? Would they do that?
It was an accident, of course, not deliberate and not negligent.
If you can get shot by a cop for holding a cellphone that looks like a cellphone (the cop says: that's my story, and I'm sticking to it), you can get shot for holding a gun that looks like a cellphone.
That was before this product came along.
The shareholders took a bath on each of them, I bet.
Let me guess: they're not owned by shareholders. Golly.
I now believe in reincarnation.
Welcome back, Ned Ludd!
P.S. There have been some remarkable theoretical and empirical developments in economics while you were away. You may want to look into them.
Glad to hear it. One December I got sick in the end. At one point, the length of my digestive tract, measured in time, became 20 minutes from the time I ate or drank anything to the time I sat on the toilet.
Security gets little attention for all sorts of reasons. It seems to boil down to being unobvious, in two stages.
In a world where "Good, cheap, fast: pick any two" is true (the world we live in, where tradeoffs exist) the two that get picked most often are the ones management and others can easily see: schedule ("fast") and budget ("cheap"). Quality ("good") gets slighted a lot.
Especially the part of quality that isn't easy to spot.
Security that doesn't work right because it makes things difficult or impossible for customers is obvious, and gets addressed pretty quickly. Security that doesn't work right because it makes things possible or even easy for criminals (private sector or public sector) is inconspicuous, and gets found and addressed later or never.
So, engineers and software developers focus on how to make things work and be usable for their intended ways, not how how to make them not work (for criminals) and not be usable for unintended ways by criminals.