Just look at the gem of prose posted by New Ginrich (see [http://edition.cnn.com/2014/12/18/opinion/gingrich-america-lost-cyberwar-sony/ ]) in which mr. Ginrich demonstrates great form in a piece of emotional hyperbole that simultaneously waves the flag, beats the war-drum, disses the current government, advocates piracy, and slyly suggests that national control over the internet is the way to go.

Mr. Gingrich obviously never read Schneier's informative and professional response. Doing things like that would only slow mr. Ginrich down.

No. Mr. Ginrich has made up his mind already and frames as war what is basically a combination of poor security (both protection and response were found to be sub-par), unprofessional conduct (mean-spirited, abusive, and racist comments), user stupidity (entrusting highly personal information to a company email system), and bad luck (being targeted by a persistent and capable attacker).

The only way Mr. Ginrich can achieve his national cyberspace defense "Defending America against foreign enemies is the duty of the United States government." is to monitor all traffic entering and leaving the US plus all internal traffic, and being able to selectively cut any of it off on basis of suspicion alone. To use mr. Ginrich's words: "No one should kid themselves.". This is the only possible outcome if his ideas are adopted.

It's like the NSA's dream come true. Not only will they be allowed to tap into everything, Mr. Ginrich's ideas (if adopted) mean that they will now actually be tasked to do that. Plus they get to design and implement some fine-grained kill-switch. Oh, can encrypted communications by private individuals be tolerated? Risky, that. Any non-government or non-whitelisted corporate entity that uses encryption could be a hostile nation in disguise, eh? best to put a stop to that right now. Or err risk "loosing the cyber war".

What happens if it turns out to be possible to simulate the effect of drugs use through transcranial stimulation?

Or an experience akin to sexual stimulation?

I have no idea is this is possible, but if it is, will there be any realistic prospect of keeping people from indiscriminate use? And will we see significant groups of people become addicts to such stimulation? Students? Schoolchildren? The jobless?

We already have drug addicts and porn addicts. The former seem to have difficulties (depending on the drug) to keep themselves from overdosing on it if provided access to unlimited quantities of their drug. The latter don't seem to be much of a health risk to themselves though, even if people do get fired for watching porn on the job.

So there really do seem to be public health issues at stake here, and I'd like to know more about the whole thing before taking a position. But it looks potentially scary.

a red herring and a dead end.

@Karmashock

Because when everyone starts encrypting everything, law-enforcement officials may just get the authority to demand your encryption keys from you, or alternatively, to oblige you to decrypt the stuff for them. Otherwise they'd be stymied. Australia and the UK already have legislation in place to compel people to decrypt their stuff on demand.

And because it's not practical to encrypt everything on every gadget you own with backdoor-free encryption. It's just too bothersome for a normal person.

And because if you don't "cooperate", police may actively search for anything they might conceivably pin on you, so that you can later be offered a plea-bargain in which you reveal your keys in return for the DA dropping twenty-odd far-fetched charges you'd rather not risk having to defend against (even if you could afford a competent lawyer).

And because once you're registered as someone they have encrypted data on, what's easier than to monitor traffic from and to you for (a) patterns (b) weak encryption and (c) passwords.

And because it is probably only a matter of time (a decade or so) for special-purpose quantum computers to become available that can crack your encryption.

And because we're spending a few billion a year making sure that commercially available encryption has weaknesses or even backdoors that are known to the NSA.

So I don't think it's a good idea to tell yourself you're safe from surveillance behind simple technological measures. If anything, it will only mark you as suspicious thereby warranting more effort.

Your main protection was the law, and that just got moved out of the way.

@ hcs_$reboot

...by Accenture

Stopped there.

Any specific reason for that?

This computer burglary (I refuse to call it a hack) is unfortunate for Sony and its employees.

My condoleances.

On the other hand, it's very beneficial for our society that this sort of data now becomes a matter of public record simply because I'm pretty sure that the extent of data that is collected on employees hasn't been documented quite so clearly and unequivocally before.

Besides which, it's well-documented that law-makers and public opinion generally aren't pro-active on basis of insight, intelligence, or commonsense. No, it always requires one or two actual cases of things going totally wrong to get people's attention. And even then it takes a couple of repeats before the shoot-the-messenger reflex can be bypassed and the underlying issues addressed.

In addition, the release of business information gives a valuable historical reference on how the corporate world works in a way that transcends books and even court records (which are usually sealed anyway where commercial interests are concerned).

So, in this respect, society as a whole benefits from this example of computer-burglary. Now if we could only make the data available in its entirety, or at least in coherent chunks ...

@spire3661

So what you're saying is: you have no quarrel with the article as such, but you only think Slashdot's editors are at fault for putting it in here because it's too simple? Is that it?

If so perhaps it's good that it was placed on slashdot so as to show us an example of how a train of thought has to be shortened to be suitable for the mainstream media.

Just so that you know ... people who think at the level of this article are the voters who ultimately determine whether and to what extent measures will be taken to address the problem. Not us.

On the whole I'd say it's a good idea to drive that point home to Slashdotters once in a while.

@Spire3663

Nice snarky comment, but not helpful.

What you seem to forget is that the current trend in development (buzzworded 'Internet of Things") is about to make the infrastructure that is open to unauthorised access a million times more pervasive, and the real-world impact of such unauthorised access a thousand times more severe. As in people getting killed.

This article is one of the first (more or less mainstream) articles where the danger is recognised, named, and presented in a way even Joe Sixpack can wrap his grey matter round.

Please bear in mind that whether *you* realise something is dangerous doesn't matter one way or another because you have zero impact on the trend. You don't matter (and neither do I or any other geek for that matter).

It's only when mainstream media get hold of the idea, the public learns from them, and politicians start worrying because it's what their voters worry about that you'll see any potential for serious adjustment.

So, if you think about it for a few minutes, you ought to be glad that this article is written and you'll see how unhelpful your comment really is.

I've recently had good experiences with running SQL queries on fairly large (# records: 200 mln. plus) databases on a Teradata machine in a corporate environment. I wasn't involved in any sysadmin work, just the statistical modeling / analysis side of things.

The company I consulted for uses SAS (on the mainframe, AIX boxes, and PC's) for almost all of its dataprocessing needs, including ETL work. Now they're looking at "Big Data" and discovered they need parallel processing to make it cost-effective (outperforms the mainframe, no per CPU-second charges, ability to let analysts work on AIX boxes or PC's etc.).

I was able to show significant cost and performance savings in SQL queries over the mainframe (and AIX boxes). Interestingly substantial (50%-100%) speedups were also possible by accessing the Teradata machine in its native SQL (bypassing the SAS "in-database" Teradata support).

The interesting thing about Teradata is that they offer genuine parallel processing (like Hadoop), but offer it as an end-user ready SQL interface to a database engine (you still need sysadmins though). Contrast this to Hadoop where the Hadoop layer is basically the start of the road and you usually have to worry about hardware issues and software architecture issues (such as which database engine to choose) as well. Sometimes you have to take the custom-made route (e.g. Wall-street firms doing automated trading) but sometimes it's an outright liability in a DIY-hostile environment (e.g. in large corporations).

The teradata machine I worked with supports SQL, SAS, and R (which competes with SAS of course, and usually out-competes it when it comes to advanced statistics if you know what you're doing but we had to use SAS exclusively, by order) and could easily handle terabytes of data.

So my suggestion is to take a look at it.

It's not Open Source (although it does support R), and it's less fun for tinkerers, and it's harder to custom-parallise your own algorithms on (I hear, I never tried). On the other hand it does provide a ready-to-run parallelised SQL database and lots of storage. It's not cheap though, but in a corporate environment that's usually not the first consideration.

@Weilawei

So do I, but the mainstream seems to be moving towards something very different.

As in: the majority of consumers seems to want maximum "comfort" (read: "ease of use and no hassle", a.k.a. "I'm lazy and dumb so I need smart appliances"), and that's what industry will provide (on pain of being marginalised and ultimately disappearing).

And guess what? Ease of use and "no hassle" means offloading lots of detailed control decisions to the manufacturer. And that means that said manufacturer has got to distinguish themselves by offering comfort and taking away decisions and cares from home-owners.

It is understood that home-owners are willing to pay for that and that manufacturers incur no penalties by offering dumb gear and putting the "intelligence" on their servers. Those decisions (blinds closed or open, heating higher or lower, anticipating the home-owner's homecoming, level of lighting, when to switch on the air conditioning, burglar alarms, suppressing false alarms cause e.g. by pets etc. etc.), still have to be taken of course. Just not by the home-owner.

Taken together this means a big fat premium on supplying dumb, (but sensor-rich) proprietary hardware, collecting as much data as possible on the habits and preferences of the home-owner, his/her family, children, pets, neighbours etc.etc., storing and analysing all that on the company's servers, and selling the resulting control information to the home-owner as a service. Look for upcoming legislation that not only allows but also compels "domestic service" companies to "share" their information with everyone from law-enforcement, insurance companies (think fire insurance, burglary insurance, health insurance (!)), medical care providing companies (think monitoring of elderly people), market research companies, advertising companies and any other interested party you can think of.

I'm pessimistic about being able to opt out, let alone to stop this kind of thing. For one thing, mass-production will drive down the price of the "mainstream" systems (whatever form they will take), thus marginalising any non-mainstream hardware. Of course manufacturers have zero interest in supplying hardware that will work without their (or another company's) service package so stand-alone or "user-controlled" hardware will come at a premium. In addition you may find that your insurance premiums are higher than without "smart home" automation.

All in all, the stable market situation will probably be a load black-box hardware that needs daily updates and tuning by proprietary off-site control software that eats your privacy for breakfast (on an ongoing daily basis).

Put this way, I agree with you.

My comment was posted before I'd thought things through. The Slashdot virus must have infected me.

First we pass a law that is an open invitation to unintended use (like this seizure law) because it conveniently neglects to mention where it is to be applied and where it isn't.

Then we come over all indignant when that law (which is "on the books") is used outside its originally intended area of application.

Am I the only one who thinks that Congress is to blame here (for passing sloppy legislation), not the IRS or The Government?

Might it not be a good idea to work harder to phrase legislation in such a way that it's difficult to abuse? Or would that cramp the style of "tough-on-crime" politicians?

@Globaljustin

IMHO your "opinion" is very very humble indeed and belongs in the category of "uneducated careless speculation with a sensationalist bent".

It may have escaped your notice, but doctors who help out in West-African hospitals come into close contact with a constant stream of very ill people who are in the stadium where they really are contagious, every day for months at a stretch.

Their protective clothing prevents transmission in the vast majority (say 99,9%) of cases (something you can tell by the fact that we still have doctors left treating Ebola patients). The real danger comes when you take off your protective suit. That has to be done carefully so as not to touch the splatters of blood, muckus, tears, sweat etcetera that very ill patients secrete and if possible it has to be decontaminated first.

Now I'm sure your "humble" and uneducated opinion never has been schooled in elementary probability so you wouldn't understand things like P(contagion_after_100_days) = 1 - [P(no_contagion_after_1_day)]^100, but try it this way.

Playing the lottery every day makes it unlikely that you won't win a single prize.

And so it is with medical personnel who treat Ebola patient for months. They run a risk.

So it's no conspiracy (I can feel your incredulity and disappointment) and no case of "fsking idiots" (a term which I'd like to reserve for you personally).

It's easy to shout your (thoroughly humble) head off about stuff you don't understand, but it's not helping anybody and it stands in the way of a rational attitude towards Ebola.

P.S. there is absolutely nothing "insightful" about your post. On the other hand it's revealing. Revealing of a mindset that couples a penchant for conspiracy theories with a complete lack of understanding of risk and a disdain for plain ordinary everyday scientific commonsense that seems to have whizzed over your (so very humble) head.

is that the Government is actually doing something sensible.

Like airing the vulnerability, launching an investigation, and giving off a signal that the *manufacturers* should pay attention to security and at least make a reasonable effort to make their kit tamper-resistant

It would be in total accordance with a certain political outlook to suppress the news, pose as being "tough on crime" by imposing ridiculous penalties on offences that could be construed as breaking into medical equipment, and criminalising research into and publications of weaknesses.

Perhaps I'm being optimistic ... perhaps this will still happen. That "certain political outlook" I mentioned could be a bit behind the tech news on this issue. We can still hope though.

You argue that "capital" and "labor" are essentially equal to the identity of an enterprise.

I really didn't: when I said "bundle" I left the relative proportions unspecified. But I agree with you in that the relative importance of people's identity varies sharply with the scarcity of people's skills and that depends on the setting.

We agree that in a environment where people do routine work, so many people share the required skill that identity of who provides this skill no longer matters. And that's where vast majority of the working population is employed.

Of course there are settings where individual skills matter to a greater degree. One can think of e.g. professional sportspeople, scientists, lawyers, entrepreneurs, politicians, artists, inventors.

But their numbers are small compared to "ordinary" workers, so that by and large I think the proposition holds. Yes, there are exceptions, but 99% of the working population is rather un-exceptional.

I fear that the negative reactions here indicate (once again) that Slashdot readership consists mainly of techies. And such people often have difficulties understanding understanding how society works (even if they tend to have vocal opinions on any subject that comes along). Let me try to bring some perspective into the discussion.

Lest somebody misunderstand, the very essence of an enterprise (any enterprise) is that it is a bundle of labour and capital whose essential structure and identity is independent of and more persistent than the labour it employs. The identity behind its labour component is no more important than the identity of its capital component.

It is for this reason that any contemporary HR policy is aimed at (and this is important) divorcing the work from specific individuals.

What this means is that all and any employees must (and this is essential) be plug-replaceable as a matter of policy. Those that aren't should either be unique individuals like Steve Jobs, Bill Gates, the actual owners of the company, or leaving.

That is one of the drivers (not the only one of course) behind the desire for standardisation of work procedures and documentation of ideas and knowledge.

The result of careful execution of such policy is a situation in which personnel really is replaceable. Even when it concerns 10%-30% of the employees. Which is what we are now seeing illustrated at Cisco.

So there's no need to be surprised. And no need to be disgruntled. It's simply the consequence of a certain feature of our society we collectively decided we want and actively maintain. And it has truly served us well for the past century and a half and its end-result is the envy of our neigbours.

Unfortunately the current economic tide makes the downsides (for such they are) of this state of affairs more visible: i.e. employees are just another commodity and any successful enterprise will treat them as such. . As a result, employees can get a rough deal (if they get any deal at all, i.e. if they are employed). Let's be clear about this: I don't know how to make those downsides go away without wrecking the competitiveness of enterprises. But I suspect it will involve a realignment in the balance of power between labour and capital.

One way of achieving this is through the use of force. Also known as "legislation". Fortunately we have a mechanism in place for effecting change. It's called Politics. But what actual policy should be enacted through Politics? If knew (and could prove it) I'd tell you, but I don't.

One of the problems is the constraints imposed on all of us through competition. I.e. if the policy we adopt is too disadvantagous for enterprises, they will simply take their capital, set up shop elsewhere, and drive the disadvantaged enterprises off the market.

So it's up for debate really, and this isn't a new debate. It's a debate about a basic balance in our society that needs to be realigned from time to time.