If it is so easy to do this, why haven't the Russian internet criminals rolled anything out on this scale? It seems to me that a platform like this would be all kinds of ideal for criminal purposes.

They have. That is exactly what I just said - Zeus is also a modular, plugin based malware platform that is developed by Russian/east European fraud gangs. It bears a lot of similarities to the NSA/GCHQ malware platforms in terms of how it gets onto people's systems, general design, etc.

because of the work they do and the requirements that work puts on their infrastructure they were probably into the whole "big data" mindset several years before mainstream commercial, civilian IT companies got there

It's not the case. For instance the NSA scalable data store (Accumulo) is basically a reimplementation of Google's BigTable, and they don't try to hide it. They adopted tech from the civilian space for their own requirements but it wasn't invented there.

With respect to your other points, I never said they don't know what they're doing, only that what they're doing is not particularly interesting and I don't think it will keep the best people interested for more than a few years before they find it becomes humdrum routine. And by "product" you knew perfectly well what I meant - not some crappy in house web app used by a few hundred people who have no other choice, I mean a product that's available in the marketplace which competes for end users, probably consumers or professionals. Something where quality matters.

I don't think so.

1) You don't see ads on Facebook.com if you aren't logged in, and DATR isn't sent for social plugins around the web.

2) They have already said they don't do that.

So we have both their own statements and technical evidence.

OK, so we have an article claiming Facebook is tracking everyone for evil advertising purposes, even when logged out. Facebook denies it and says it's garbage.

Let's go do 30 seconds of digging and see who is right, shall we?

1. Open an incognito window. Open Chrome developer tools.
2. Load a Facebook "page" (i.e. a product page for some third party product or service)
3. Be amused by the giant "STOP!" warning printed to the console, apparently people are being tricked into copy/pasting stuff into the developer console to get their accounts hacked.
4. Observe the cookies that are set.

There are three cookies set. Two of them appear to simply encode the loaded URL and have no ids or other interesting info. The last is the "DATR" cookie. What does DATR do? Well, we know what it does because last time this garbage blew up in the press Facebook explained what it does:

We set the ‘datr’ cookie when a web browser accesses facebook.com (except social plugin iframes), and the cookie helps us identify suspicious login activity and keep users safe. For instance, we use it to flag questionable activity like failed login attempts and attempts to create multiple spam accounts.

(link from here)

So it's an anti abuse and security feature. Nothing to do with advertising. Also, guess what - such cookies are common across many websites. They are quite useful for detecting spammers. Presumably Facebook tried to explain this to the Belgian regulator in question, but it's just so much better politically for said regulator to pretend they caught some evil company in their terrible advertising habits red handed, than learn how large websites work.

The problem is the more time the media and government regulators cry wolf over this stuff, the more inclined I am to believe they're all harmful idiots who want to break the web.

Yes The Equation Group [arstechnica.com] really seemed "2nd rate" and they sure didn't "make" anything.

TAO is what you would expect to see given a sufficiently large budget spent exclusively on hacking everything possible. The hacks are impressive in the sense that they take a lot of resources and time to develop and it wasn't previously obvious to what extent governments were committing resources to infrastructure subversion. They are not especially impressive from a technical perspective: it's basically a more professional and larger scale version of the types of malware produced by Russian banking fraudsters. Working from that down into BIOS hacks and the like is the inevitable result of spending billions on hackers year after year - they need to keep finding new things to exploit. Interesting, but only because it reinforces the idea that everything seems to be hackable.

But, what kind of people find this work interesting? I can imagine it would be interesting for a few years, especially if you're young and trapped inside a heavily propaganda controlled environment where you're told daily you're the Forces of Good in an epochal struggle against the Axis of Evil. But the amount of technical design work involved is minimal. The level of new technology is minimal. The "research" is simply finding ordinary bugs and flaws in other people's code. People oooh and aaah about the fact that these state malware platforms use a plugin architecture, whilst simultaneously finding the same thing in Photoshop entirely mundane.

Even the data analytics stuff is essentially just an A-B-C application of big data tech originally developed elsewhere, like at Google.

And the advanced maths the NSA is supposed to be famous for hardly shows up in the Snowden documents. It's pretty clear that their success against even crappy crypto is fragile at best (RC4), probably non-existent at worst (AES/strong RSA or anything past it). Their botched attempt to back door Dual-EC DRBG smells of desperation. They wouldn't build huge infrastructures for storing and obtaining stolen private keys if they had the mathematical tools to undo modern ciphers. So I suspect there are a lot of mathematicians at the NSA feeling kind of obsolete these days and wondering what they can contribute.

I'd say the only genuinely technically interesting work the FVEY guys are doing is the way they've been combining passive intercept with active, automated exploitation. QUANTUM is a pretty interesting thing and I'm not aware of anyone discussing anything like it before Snowden's leaks. However, it's also now a done deal. Beyond incremental improvements, there don't seem to be any obvious further directions for that project.

So as a programmer, developing hacks and malware can be entertaining for some years, but eventually I think most skilled people will want to flex their muscles in other ways. They will want to build something instead of break something. The best people will have a broad span of interests. In an organisation like Google or Facebook that's OK - you can work security for a few years, do some exploit research, then go on and transfer to some other project. Or leave but keep your work on your resume. At the NSA? There it's more limited. You can't easily leave the classified world because your work experience is a gaping void. They don't do product development. You will never make something that your family uses. You will never even develop the skills needed to do that.

Stories like this give me some hope that despite it's apparently bottomless budget, the NSA can still be beaten technically. They discard most of the qualified people because they aren't US citizens and the ones that are left would be well advised to take a career at a Silicon Valley firm where they can do very similar sorts of work, but for things that are unquestionably useful. If you go do big data analytics or security work in order to fight spam on Gmail (like I did), you don't have to worry about the moral impact of your work - spammers and hackers are unquestionably bad, so booting them off the platform is unquestionably good. If you go do the same work at the NSA you have to worry that the "terrorists" might just be random unlucky guys in Pakistan who were in the wrong place at the wrong time, or that the targets are simply foreign politicians or CEOs .... much murkier stuff.

For the last decade or so, the Trek novel universe has been well-maintained, followed its own continuity, and has featured a lot of very good stories (and a few bad ones, but so it goes with all things Star Trek). If you're a fan that's looking to continue the stories and feel of Star Trek now that it's off the air, look at the novels (and check out http://www.thetrekcollective.c... for a guide to where to start).

Clearly I don't understand capitalism.

Clearly. Geoblocking is at least partially about market segmentation. The EU is so large that it has extremely major disparities in wealth between its member nations. Consider the difference between Sweden and Romania. If you have a movie and charge a single price to stream it across the entire EU then:

a) Some people will find it incredibly cheap and others will find it still too expensive, just pushing them back towards piracy.

b) You end up having to deal with the tax systems of every single EU country anyway due to the retarded VAT changes they introduced this year, so it doesn't help simplify your business at all, and you theoretically aren't allowed to opt out of serving particular regions due to their horrible paperwork requirements, so being able to geoblock unprofitably complicated regions whilst claiming you have some other reason is quite attractive.

Maybe the drones can fly around picking up rubbish. That's one thing the side roads are filled with where I live.

You mean like browsers and Javascript? In that case 99% of the population has lost already. The pwn2own competition results are rather miserable.

I don't think it's so bad. The pwn2own competition is notable primarily for the ridiculous levels of skill required to actually beat modern browser security (note: I do not include the still unsandboxed Firefox in this category).

What's been happening in recent years is that more and more bugs are being found by whitehat hackers first, with the complexity and difficulty of beating them going up radically over time. It used to be that random hackers in their bedrooms could put together browser exploit kits. Nowadays the people being whacked by clicking on "bad links" are mostly people who aren't keeping their software up to date properly or using decent browsers. Remember SQL Slammer and Code Red? It used to be that teenagers could find RCE vulns in Windows. Now it's much harder.

This trend is reflected in the rapidly escalating cost of buying exploits on the black market. There didn't even used to be a market for exploits.

Also look at the escalating difficulty of jailbreaking iPhones and Xboxes. The defenders learn from each successful attack and each time they fall, they get back up stronger than before. And that's despite the fact that there's hardly any money in writing secure software. Many customers will be happy if you simply patch holes that are reported to you, with few people choosing which product to use on the basis of a good security track record.

So it seems like things are getting better and the game is rapidly moving beyond many attackers abilities, the age of the script kiddie is largely coming to an end when it comes to attacking user endpoints. Instead a new game is starting, one where professional teams of government sponsored hackers fight against professional teams of private-sector sponsored defenders. We can claim this isn't progress of a sort, but without the previous hardening efforts, the industry would be tackling both types of attackers at once ...

I'm a firefighter, we already have infrared heads up displays. If the smoke is that thick, some windows are going to have to be broken or a hole cut in the roof so that the room can be ventilated. This adds oxygen to the fire, but it allows us to see the fire so that you can put it out. If the room is really really hot, then people don't need to be in there; and at that point you are probably only rescuing a body. Early detection and fast response are a key to controlling a fire.

DMCA Takedown Notice in 5 .. 4 .. 3 .. 2 .. 1 ..

Also there is no boss at the top of the mountain.

That's precisely his point. If you were a rich person, you would have access to investment vehicles with a larger return than 2%, and access to credit lines at lower rates.

Because then everyone dies when the computer fails. Autopilots regularly fail and expect the pilot to take over

I think this depends on your definition of "fail". As far as I know true computer failures where the machine just goes crazy and tries to crash the plane are non-existent. What happens more regularly is the autopilot sees that something weird is happening and chooses to disengage itself - presumably an autopilot program could be written that never disengages and always does the best it can to fly the plane, unless deliberately disengaged.

This is particularly problematic when sensors fail, as they did in AF447, and the computer doesn't know what's going on any more.

No, this is irrelevant. If the planes sensors completely fail then the pilot doesn't know what's going on either, and the plane is probably doomed no matter what. In normal operation these planes are flying in a very small speed corridor between disintegration and stalling. If you don't know how fast your going a stall or overspeed is pretty much inevitable, and if you don't know how high you are even basic visibility problems can cause a crash into the surface. Neither human nor computer can succeed in such a situation.

So you'll send your kid to a school, spending who knows how much money and time in the process, based on one site?
I stand by my assertion.

without further fact checking, is a complete idiot.
Or as Ronald Reagan once said, "Trust, but verify."

As you say it was stable under the Ottoman empire, because they took over and kept it, America needs to do the same thing. The US, Canada, Australia, NZ were all British colonies, but the difference is the white people never left, so they remain beacons of progress. Hate to sound all racist here, but there is a strong correlation between those and African, Middle Eastern states that were given back.

I think you should probably read a good history of the British empire, followed by 20th century history, before posting nonsense like this.

The causes of problems in the middle east have a lot to do with the long term history of the "beacons of progress" fucking with the region. Specifically when the Ottoman Empire collapsed the colonialists divided the region up along entirely arbitrary borders that often drew straight lines right through native tribes and populations, then appointed flunkies to rule these new countries. There was zero attempt to make something that worked for the people who lived there. This caused serious long term resentment.

Have you ever watched the ISIS video of them blowing up border posts? The ISIS soldiers keep talking about the end of Sykes-Picot. Even though I actually have read a history of the British Empire, I still had to look that one up. It turns out to be the British-French treaty that created the borders of Iraq. Families in different villages were suddenly divided from each other, etc. The people who live there apparently still hate Sykes-Picot to this day.

Plus, when countries in the region got leaders the western powers didn't like, there were interventions (e.g. Iran). There were invasions. Not to mention the gaping wound that is Israel and the absolutist support for it from the US.

There hasn't ever really been a time when more powerful militaries weren't fucking with people who live in the middle east. Religion certainly plays a part, but the USA is a lot more religious than other western developed countries and it doesn't seem to hurt them much ....