The NSA and Homeland security aren't particularly interested in stopping terrorism. I'd say that they're far more interested in tracking dissent The occasional successful attack justifies their existence.

Less than a year after 9/11, and during a CODE RED alert weekend, I had a kid on my game server who had talked to me about being a fundamental muslim and having issues within that realm make a comment

"That's OK I"ll be dead tomorrow anyways".

Now, if ever there was a case that just stood out like a sore thumb and asked to be investigated, I couldn't think of something better. I was also, at that point just worried about his mental health, generally.

Turns out that the much-touted 1-800 terrorism hotline was already shut down.

It took me almost an entire day to find someone who would take my 'tip' and do something with it.... and that was pretty much in the middle of the post 9/11 hysteria. That's right... we're supposed to turn in tips about possible terrorism but almost all of the avenues of reporting have been shut down.

Not that I took the terrorism hype very seriously to begin with, but you'd think that they'd at least keep up the first layer after the facade.

Does this mean I can get all of the metadata for calls made to and from the Whitehouse?

Remember: No expectation of privacy -- which means that secrecy is a complete no-go..

Many years ago, a friend of mine told me a story about her 'original' land rover... She said that, using it's lowest gear (almost never used in normal driving), she was able to tow a snowed-in tow truck out of her back alley ... sideways.

(Bob Beck, if you're reading this: yes, this is your mother I'm talking about.)

I started back in the early '80s when that was all there is, and I probably have a shell open on my machines most of the time.

On the other hand, I have absolutely no problem using the GUI solutions for most of the simple stuff. I would suggest that one of the first things you need to do is teach newbies when each tool is most appropriate -- not that one is unconditionally better than the other.

Hospitals are required to take care of people who have critical injuries -- at least as long as it takes them to be able to walk away -- so you not wearing a seatbelt costs me when I have to go to the hospital (or -- given that I live in Canada), when I pay my taxes.

It's more complicated than that.

You've got good cops.
You've got bad cops who will engage in criminality for personal gain.
You've got decent cops who still cover for a fellow blue brother by reflex.
You've got so-so cops that might do some not so hot things but not stand for others.
You've got a lot of peer pressure within PDs.
You've got political cops and police agencies who have goals not related to the individual street officer.
You've got an IT infrastructure that cannot keep national secrets (NSA/Snowden) and now you've got poorly funded local cops wanting biometric data they cannot a guarantee secure.

So, there's lots of ways this sort of thing can go badly wrong, counting various agencies and involved parties with self-interest that might not align with citizen interest. Then you've got all the accidents, incompetence, short IT budgets, poor IT practices...and so you'e got lots of accidental ways things can go bad.

How does it help to know that?

Even if 90% of refusals are from drunkards and stoners (doubtful, enough people dislike it on principle), how does that allow the police or anybody to make different decisions? No legitimate way I can see.

Please clarify how any such statistical knowledge would permit any change in police procedure without violating the US Constitution?

Yes, because you can trust the police and the government never to abuse data or leak it to some other agency that will....

Eh? What?

You can't trust that they can't see your stuff, as you point out.

Moving a TrueCrypt is more viable (assuming TC is clean), but it is bandwidth heavy since you have to move the whole crypt.

I would like to see the following product become available:

A 'private cloud' not hosted by folks like Amazon, but rather software available to be hosted by any group. This private cloud software would provide email, SMS/MMS hooks, video and audio chat, and a storage repository system all setup to be encrypted in situ and in transit. The crypto and authentication modules would be pluggable to allow people to mix, match, chain, and choose how many layers they want to have in the picture. Tools would exist to handle cloud functions (like data integrity in case one node drops out and ways to integrate new storage nodes as they are added).

The concept would be that everyone in your group (mine would include a cluster of nodes in the US, another three clusters in Canada potentially) would have an always (or almost always) up node that they hosted several TBs of storage on. There would be distribution and mirroring of data to allow some % of nodes to be offline or to fail completely (I'd say at least 1 in 4 to be paranoid and all data should be replicated to at least 3 other locations in the cloud).

Internally, you could share, store, chat, email, and so on without anyone at your provider, at any corporation, or at any intrusive C third S party E being C involved.

This has nothing to do with having anything to hide. I buy my PDFs, I buy my movies and TV and books and music. I just happen not to think any corporation of government should be looking over my shoulder for purposes that even they don't fully understand. And the potential for data to be stolen from corporate or government databases from external hacks or internal threats is too great to be ignored; If the NSA can't keep its secrets, do you expect the rest of the government IT infrastructure or corporations to be any better? I think not.
And I don't like the idea of corporations constantly using more and more refined models of me to pitch new products at me. I'm contributing to that by using existing online services.

So, this private cloud solution would address that.

I can carry a JVM on a USB key as well as complete Javadocs. I'd say its quite portable!

(Okay, that's a dumb comment, but seriously... yours is a bit much too)

The post mentions Finland's contribution was the national ID card system.

Eek, that's horrible. Even in our cold Canadian winters, we tend to do better than that!

That amount of heat convinces me that AZ is a place for rattlesnakes and sand but not humans....

Of course, I myself don't enjoy temps about 85 F much when humidity is significant as it is in SE Ontario. 80 F is a lovely summer temp.

Many companies don't engage in succession planning and they really should.

I know quite a few IT managers of even significant operations who don't have effective succession options even after them repeatedly bringing the risks to managements attention. I call this management style 'the ostrich'.

It's amazing how fired and bankrupt companies can get when the 'never happens' scenario ensues - somebody takes another job, gets hit by a care, has a heart attack, etc.

There are also a lot of areas where there isn't a clear ethical line.

You work in petrochem. Are you killing the planet or providing necessary energy?
You are an interior ballistics expert working for a swedish arms manufacturer (Hi Oerjan). The weapons can be used to stomp ruthless murderers and terrorists or it can be shot into crowded buses. Do you own all of that?
You build dams. They provide power but they flood habitat. Are you doing something ethically good or bad?
You develop car engines. Cars get people around. Your engine might save on greenhouse gases. But it furthers the automotive culture. Ehtical or not?

I have written software for: Large HR system, massive multi-user gaming platform, 3G/4G network policy enforcement, massive online gaming platform where many of the games were slots, poker, etc, major federal police force dispatch and mobile computing software, point of sale systems, network management systems, RCAF Tactical Navigation Trainer, etc.

I'd say at least half of the projects had some dodgy aspect somewhere in them (the online gambling one was the most distasteful but it was legal and thus within general public acceptance although I felt a bit slimy as did many developers). You can pick ethical issues out in most projects both in terms of the final product, the marketing, or the underlying model of operations that the invention supports.

Do engineers own all of that? That's a lot to expect. If none of us worked on projects in any way dodgy ethically or morally, society would not have most of what it has today. I'd image a good 70% of technology would not exist.

Being a programmer suggests skills like:

Software design and architecture
Coding in various languages
Understanding scripting
Understanding hardware to the extent you need to interface with it an design well (which, if you work in UI for instance, isn't a whole heck of a lot)
Knowing a lot of toolsets related to programming: languages, deployment tools, code debuggers, maybe a bit about debugging IP if you do networked apps, IDEs, compilers, IDLs, maybe ability to read a core, etc.

This is not exactly the IP network manager's issues nor the manager of productivity and enterprise software and backup solutions set of skills.

Those would linclude:
a) Understanding repositories (email alone is its own huge beast software wise with lots of idioscyncratic stuff) - this could include administering your companies source repositories and recovering ones that crash, something devs don't often have to deal with
b) Understanding RAIDs, Clouds, and other backup hardware and software (again, its own beast)
c) Understanding scripting (okay, one commonality)
d) Understanding all sorts of admin tools for users, accounts, security policy, etc. across multiple OSes and platforms (not something the average developer has to know, certainly not from the perspective of a manager)
e) Understanding network capacity planning, troubleshooting, network monitoring and troubleshooting toolsets, and everything there is to know about wired and wireless LANs, WAN access tech, routers, hubs, switches, firewalls, gateways, and so on
f) Understanding all the office and productivity software your users use or might need to plan for future needs
g) Understanding all of the legal and internal policy limitations which affect anything to do with data retention, employee dismissal, privacy, etc. as it pertains to IT activity
h) Help desk ops - knowing everything about all of your customers diverse platforms and OSes from an operational point of view and to support all development operations and enterprise activities

The skill sets can overlap in places (more if your programmer has to work on multiple platforms, works closer to hardware or the network, or the like) but it is distinct. No IT manager I know can ever keep up with the full width and breadth of deployed environments. They all play to black gods that when they have to patch a SAN or rebuild an email store, that it comes up okay. They all have higher stress, in any busy environment, than most developers. (I say that as a developer with two decades of experience in military, large corporation, multi-tiered, networked, sometimes massively multi-user systems for possibly tens or hundreds of thousands of users or 7 million as the last 3G/LTE policy software I worked on was supporting....)

I wouldn't trade my job, no matter how bad the day (like the day, 6 months out of school, I was in an RCMP command center when the dispatch system and mobile computing systems crashed, and the dispatchers were trying to figure out where everyone was and if it was possible to land ERT in a school parking lot due to autofire in a public park.... and I had to get the entire system back up ASAP), for the average job of an IT manager.

IT managers are always treated as overhead. Thus nobody wants to pay for them or give the support to ensure a robust infrastructure.

Two questions I'd propose for execs:
A) What is your cost if key industrial data is lost and irrecoverable because the IT budget isn't sufficient to protect it?
B) What is your cost per day if key manufacturing ops are suspended due to an IT system failure again due to insufficient investment?

These can be catastrophic. I've seen companies who've lost datastores (hardware failure, corruption, backups that had never been tested because nobody every wants to buy a system to unpack bacukups on or to spend the time and money to verify them) of code actually have to rewrite multi-month projects. That can be tens or hundreds of thousands of dollars, not to mention contractual penalties and business losses.

Here is one approach:

Try to convince them IT is not an expense, but is the glue that keeps the company doing what it does. IT should be, at least partly, billable internally to all other projects. This reflects the truth of IT's role as an enabler and it starts removing the 'IT is just overhead' perspective. It also means IT will get some cost support from every project they touch or support. There has to be a non-project part, to cover always-on infrastructure and support that is not project-tied, but some part of IT's budget should be treated as a payment for service from other projects.

That's how it is done in a number of large and medium firms I am aware of now to help de-stigmatize IT.

Mostly, developers don't want to do the IT job (nor vice versa). Don't conflate the too. I want to work at a place with adequately resourced IT. Burning out your IT guys is a sure recipe for corporate disasters.