Except that removing the device would be interfering with law enforcement and therefore obstructing justice. Regardless, once anyone destroys one of these devices, they'll quickly pass a law making the destruction or removal of the device illegal.
As for the constitution. It's not a matter of "the constitution only works when the government follows it". It's a matter of "the constitution only works when the people FORCE the government to follow it". Yes, FORCE the government to follow it. Force, as in armed rebellion.
From the link you posted: "The C compiler contained code that would recognise when the "login" command was being recompiled"
It says right there that he added code to the C compiler. The backdoor itself did not exist in source code until someone compiled the login command. At that point, the compiler added code to make a backdoor. The original hack (messing with the C compiler) WAS IN SOURCE CODE FROM THE BEGINNING.
It doesn't matter how well documented it is. If you disclosed something like trade secrets or something that an NDA forbid you from disclosing then your ass is in the fire regardless of what documentation you have.
"that relies mostly on salesmen and marketing (in other words, can rely on *paper* docs as backup)"
Are you insane? Let's assume for even a second that they can actually rely on paper for everything that happens from the IT meltdown forward. There's still no way they can access the previous records. Has this customer paid? Did this customer order anything? Someone just called in, they said that their package hasn't arrived, what was the tracking number? Email is managed through IT, which the sales people can't access. This can be critical to communicating with customers and it does not look good when your sales inquiries start getting bounced back because their email server is down. In some places even the phones are voip and can be taken out by a rogue admin. Business can still grind to a halt when the computers go down even if the company isn't web based.
"One of many reasons CEOs are given golden parachutes are to keep them quiet about trade secrets and certain contacts."
No. The only people with more money and power than the CEOs are the companies that the CEOs left. If a CEO were to leak trade secrets then the previous company's legal team would tear him to shreds, rebuild him, and then do it again. The reason they're given golden parachutes is so that they'll leave without being fired (and because they expect to be paid for simply taking a shit). No CEO is ever fired. They resign due to "personal reasons" or because "they thought that it would be best for the company", etc. And they're paid millions of dollars for it. That way they can get another job being the CEO of another company and the process repeats every few months.
Standard practice mandates that backups should be tested regularly in such a way that will not interfere with current operations. Only a moron would delete everything BEFORE seeing if the backup works.
"I suppose everyone should suspect secretaries of publishing address books, bank statements, inventories, employee social security numbers, etc., all over the internet because they had access to that information all along. How about janitors? They go through garbage. How many things dont get shredded? Perhaps every business should conduct documentation accounting practices because who knows what the janitor might know."
If you want to be secure, then yes. There is ALWAYS a risk when giving information to ANYONE. Anyone that knows information COULD disclose that information. This is why you have to go through lots of background checks and investigation in order to work on certain projects related to the government, so that you are found to be unlikely to disclose this information. In a lot of places, there are policies to prevent employees from seeing information that they don't need to see. For example, there's no reason that a secretary needs to see the social security numbers of anyone. There's no reason that the accounting department needs to see the latest designs for some new product that's being launched, etc. In the past, companies have been compromised because janitors have stolen the backup tapes that were left where they could get them.
Now, the article isn't saying that EVERY admin that gets fired is a criminal. They're saying that IF you have reason to suspect that he is then you need to take some serious measures, which is true. If you have reason to suspect that your secretary/janitor/accountant is leaking information then you need to put a stop to it.
Why is this modded informative? A lack of free time might prevent proper security procedures from being followed, but it doesn't remove the risk of not doing so. These security audits should happen, if you don't have time to do them then you have a security problem.
In fact, any admin that works somewhere that doesn't have the time to implement these security procedures will probably be more likely to attempt something than an admin that works at a place with proper security procedures. In the latter case, the admin knows he will likely be caught and brought up on criminal charges for vandalism and destruction of property. In the former, the admin knows there's no way he'll be caught even if he's sloppy.
"The whole point of the hack was that it wasn't in the source code"
That's impossible. You can't hard code something into a piece of software without it being in the source code. The hack would have been in the source code for the compiler.
"It's fairly impossible to audit all systems to the extent needed. You can easily burn enormous amounts of money and time doing that, and the remedies can disrupt production more than the damage the disgruntled employee would do."
I'll deal with the second point first. A disgruntled employee could potentially have access to EVERYTHING. Every server, every backup. I'm not an IT professional but I know that companies failing to have secure offsite backups is relatively common. If an admin who had root access to everything (apparently, somewhat common) wanted to, he could conceivably wipe everything out over a weekend if he knew what he was doing. If your auditing procedures are more expensive than loosing every single piece of data then something is seriously wrong.
As for it being impossible to audit all systems to this extent. Seems to me that something is seriously wrong if it is literally IMPOSSIBLE to audit these systems. This shows a huge lack of planning. What the hell did you plan to do if an admin went rogue? If you can't do a routine security audit then it's really just a matter of time before something goes horribly wrong.
Everywhere I've been inserting complexity to ensure job security is the number one (or at least in the top 5) way to find yourself without a job. Making something intentionally complex to the point that only you can fix it is unprofessional and, at least in the case of engineers, unethical. The only reason these firings are done without cause as opposed to for cause is because it's more paperwork if you're actually fired for being unprofessional.
Also, this: "directed health inspectors to use "professional discretion" in enforcing food-safety laws intended for adults in commercial businesses."
Food-safety laws aren't a matter of taxation or the government getting its share, it's about making sure that people wash their hands before selling food products. It doesn't matter if the law was written for adults, it should apply to everyone. E coli isn't any less severe because it came from a 6-year-old that doesn't understand that they need to wash their hands after "going potty" rather than an industrial manufacturer.
The issue is that there's no way to tell whether this is some moron who doesn't know which way is up or a prepared and experienced hiker who took a nasty fall and broke his leg. You have to send a chopper either way and if you've sent the chopper then you might as well help the person out. It's not like you're going to fly out there and then say "oh, too bad, see you later".
As for the people in the article, they should have been forcibly airlifted back the first time they hit the panic button. None of this traveling back and forth nonsense. Either it's a serious situation and you need help out, or you shouldn't have hit the button and you need to get kicked out for wasting everyone's time.
GPS is NOT cell tower based. GPS uses GPS satellites. Any device that does not use the GPS satellites is not a GPS device. Anything that bases your location off of cell towers is probably of such amazingly poor accuracy that you'd be better off throwing darts onto a map.
"lets just put our national identity on servers owned by governments hostile to us"
It's not like they're uploading critical information (i.e. classified materials) to facebook. The worst the US could do is to deface the page. Of course if they were going to do that then they could have already set up a fake north Korean page and filled it with lies. Of course, there's no point in doing either of these things because there's nothing to be gained. It's not like the US needs to change the public view of North Korea.
The constitution guarantees what you can do by restricting with the government can do. No, it never says that you have the right to free speech. It says that the government can't restrict free speech. It's the same damn thing though.
No, trash is considered legally abandoned. Thus, you have no rights to it. Using a gun to enforce your own illegal views, brilliant. Go use that gun and remove yourself from the population, please. There's a difference between your car and a trash can.
The EM field generated by any cable is fucking moot in comparison to the noise generated by AC power lines, radio towers, etc. Shielding for cables of this size is not to prevent noise from leaking, it's to prevent noise from entering. Your super duper shielded ANALOG cables might be necessary if you lived underneath a power transformer or something. Your super duper shielded digital cables are completely worthless unless the level of noise (from external sources) is so high as to completely disrupt all communication between the two devices.
Of course, if you have noise levels that high then you really have bigger problems than your audio signal.
It looks like he's disabled comments on ALL of his posts. I was looking for another post to go comment in and found that comments are closed on all posts.
Just work the last 6 weeks, standard work day, no overtime, no busting your ass all night to get something done, then leave on your last day. They'll be stuck with a heap of trouble because they were morons and fired everyone. You'll be at your next job.
Basically, you're not going to be around when the shit hits the fan and it wasn't your fault in the first place, so don't even worry about it.
Except that people quitting usually aren't the kind of people seeking revenge. It's the people that get fired or laid off that are the ones you have to worry about.
Brake checking him could be very effective. You'd be damn sure that he'd be loosing his job at the least and probably loosing his license if he rear-ended someone while towing a vehicle on a highway.
Slashdot Mirror
Except that removing the device would be interfering with law enforcement and therefore obstructing justice. Regardless, once anyone destroys one of these devices, they'll quickly pass a law making the destruction or removal of the device illegal.
As for the constitution. It's not a matter of "the constitution only works when the government follows it". It's a matter of "the constitution only works when the people FORCE the government to follow it". Yes, FORCE the government to follow it. Force, as in armed rebellion.
From the link you posted: "The C compiler contained code that would recognise when the "login" command was being recompiled"
It says right there that he added code to the C compiler. The backdoor itself did not exist in source code until someone compiled the login command. At that point, the compiler added code to make a backdoor. The original hack (messing with the C compiler) WAS IN SOURCE CODE FROM THE BEGINNING.
Next time, read your own article, moron.
It doesn't matter how well documented it is. If you disclosed something like trade secrets or something that an NDA forbid you from disclosing then your ass is in the fire regardless of what documentation you have.
"that relies mostly on salesmen and marketing (in other words, can rely on *paper* docs as backup)"
Are you insane? Let's assume for even a second that they can actually rely on paper for everything that happens from the IT meltdown forward. There's still no way they can access the previous records. Has this customer paid? Did this customer order anything? Someone just called in, they said that their package hasn't arrived, what was the tracking number? Email is managed through IT, which the sales people can't access. This can be critical to communicating with customers and it does not look good when your sales inquiries start getting bounced back because their email server is down. In some places even the phones are voip and can be taken out by a rogue admin. Business can still grind to a halt when the computers go down even if the company isn't web based.
"One of many reasons CEOs are given golden parachutes are to keep them quiet about trade secrets and certain contacts."
No. The only people with more money and power than the CEOs are the companies that the CEOs left. If a CEO were to leak trade secrets then the previous company's legal team would tear him to shreds, rebuild him, and then do it again. The reason they're given golden parachutes is so that they'll leave without being fired (and because they expect to be paid for simply taking a shit). No CEO is ever fired. They resign due to "personal reasons" or because "they thought that it would be best for the company", etc. And they're paid millions of dollars for it. That way they can get another job being the CEO of another company and the process repeats every few months.
Standard practice mandates that backups should be tested regularly in such a way that will not interfere with current operations. Only a moron would delete everything BEFORE seeing if the backup works.
"I suppose everyone should suspect secretaries of publishing address books, bank statements, inventories, employee social security numbers, etc., all over the internet because they had access to that information all along. How about janitors? They go through garbage. How many things dont get shredded? Perhaps every business should conduct documentation accounting practices because who knows what the janitor might know."
If you want to be secure, then yes. There is ALWAYS a risk when giving information to ANYONE. Anyone that knows information COULD disclose that information. This is why you have to go through lots of background checks and investigation in order to work on certain projects related to the government, so that you are found to be unlikely to disclose this information.
In a lot of places, there are policies to prevent employees from seeing information that they don't need to see. For example, there's no reason that a secretary needs to see the social security numbers of anyone. There's no reason that the accounting department needs to see the latest designs for some new product that's being launched, etc. In the past, companies have been compromised because janitors have stolen the backup tapes that were left where they could get them.
Now, the article isn't saying that EVERY admin that gets fired is a criminal. They're saying that IF you have reason to suspect that he is then you need to take some serious measures, which is true. If you have reason to suspect that your secretary/janitor/accountant is leaking information then you need to put a stop to it.
Why is this modded informative? A lack of free time might prevent proper security procedures from being followed, but it doesn't remove the risk of not doing so. These security audits should happen, if you don't have time to do them then you have a security problem.
In fact, any admin that works somewhere that doesn't have the time to implement these security procedures will probably be more likely to attempt something than an admin that works at a place with proper security procedures. In the latter case, the admin knows he will likely be caught and brought up on criminal charges for vandalism and destruction of property. In the former, the admin knows there's no way he'll be caught even if he's sloppy.
"The whole point of the hack was that it wasn't in the source code"
That's impossible. You can't hard code something into a piece of software without it being in the source code. The hack would have been in the source code for the compiler.
"It's fairly impossible to audit all systems to the extent needed. You can easily burn enormous amounts of money and time doing that, and the remedies can disrupt production more than the damage the disgruntled employee would do."
I'll deal with the second point first. A disgruntled employee could potentially have access to EVERYTHING. Every server, every backup. I'm not an IT professional but I know that companies failing to have secure offsite backups is relatively common. If an admin who had root access to everything (apparently, somewhat common) wanted to, he could conceivably wipe everything out over a weekend if he knew what he was doing.
If your auditing procedures are more expensive than loosing every single piece of data then something is seriously wrong.
As for it being impossible to audit all systems to this extent. Seems to me that something is seriously wrong if it is literally IMPOSSIBLE to audit these systems. This shows a huge lack of planning. What the hell did you plan to do if an admin went rogue? If you can't do a routine security audit then it's really just a matter of time before something goes horribly wrong.
Everywhere I've been inserting complexity to ensure job security is the number one (or at least in the top 5) way to find yourself without a job. Making something intentionally complex to the point that only you can fix it is unprofessional and, at least in the case of engineers, unethical. The only reason these firings are done without cause as opposed to for cause is because it's more paperwork if you're actually fired for being unprofessional.
Also, this: "directed health inspectors to use "professional discretion" in enforcing food-safety laws intended for adults in commercial businesses."
Food-safety laws aren't a matter of taxation or the government getting its share, it's about making sure that people wash their hands before selling food products. It doesn't matter if the law was written for adults, it should apply to everyone. E coli isn't any less severe because it came from a 6-year-old that doesn't understand that they need to wash their hands after "going potty" rather than an industrial manufacturer.
The issue is that there's no way to tell whether this is some moron who doesn't know which way is up or a prepared and experienced hiker who took a nasty fall and broke his leg. You have to send a chopper either way and if you've sent the chopper then you might as well help the person out. It's not like you're going to fly out there and then say "oh, too bad, see you later".
As for the people in the article, they should have been forcibly airlifted back the first time they hit the panic button. None of this traveling back and forth nonsense. Either it's a serious situation and you need help out, or you shouldn't have hit the button and you need to get kicked out for wasting everyone's time.
They should have arrested the hikers the first time. There shouldn't have been a third time.
"depending on GPS that depends on cell towers"
GPS is NOT cell tower based. GPS uses GPS satellites. Any device that does not use the GPS satellites is not a GPS device. Anything that bases your location off of cell towers is probably of such amazingly poor accuracy that you'd be better off throwing darts onto a map.
Brilliant idea. Restrict exploring PUBLIC LAND to only those who can afford hundreds of thousands of dollars. This is NOT an acceptable solution.
"lets just put our national identity on servers owned by governments hostile to us"
It's not like they're uploading critical information (i.e. classified materials) to facebook. The worst the US could do is to deface the page. Of course if they were going to do that then they could have already set up a fake north Korean page and filled it with lies. Of course, there's no point in doing either of these things because there's nothing to be gained. It's not like the US needs to change the public view of North Korea.
The constitution guarantees what you can do by restricting with the government can do. No, it never says that you have the right to free speech. It says that the government can't restrict free speech. It's the same damn thing though.
You're arguing pointless semantics here.
No, trash is considered legally abandoned. Thus, you have no rights to it. Using a gun to enforce your own illegal views, brilliant. Go use that gun and remove yourself from the population, please. There's a difference between your car and a trash can.
That's exactly the point. They gold plate the ends, make them look nice, and sell them at 2000% their actual value.
The EM field generated by any cable is fucking moot in comparison to the noise generated by AC power lines, radio towers, etc. Shielding for cables of this size is not to prevent noise from leaking, it's to prevent noise from entering. Your super duper shielded ANALOG cables might be necessary if you lived underneath a power transformer or something. Your super duper shielded digital cables are completely worthless unless the level of noise (from external sources) is so high as to completely disrupt all communication between the two devices.
Of course, if you have noise levels that high then you really have bigger problems than your audio signal.
It looks like he's disabled comments on ALL of his posts. I was looking for another post to go comment in and found that comments are closed on all posts.
Here's a question: Why do you give a shit?
Just work the last 6 weeks, standard work day, no overtime, no busting your ass all night to get something done, then leave on your last day. They'll be stuck with a heap of trouble because they were morons and fired everyone. You'll be at your next job.
Basically, you're not going to be around when the shit hits the fan and it wasn't your fault in the first place, so don't even worry about it.
Except that people quitting usually aren't the kind of people seeking revenge. It's the people that get fired or laid off that are the ones you have to worry about.
Brake checking him could be very effective. You'd be damn sure that he'd be loosing his job at the least and probably loosing his license if he rear-ended someone while towing a vehicle on a highway.