Most of what was in the Patriot Act was already in force under the War on Drugs, for use against Evil Drug Lords - wiretapping, etc. The Patriot Act just expanded those provisions into a much larger portion of society. IIRC, that is.
So this raises the question, "what if I use a VPN just to route around the snooping, domain-snatching, ad-insertion and cookie shenanigans that my ISP is perpetrating?"
That is the essential difference between the Stasi (East German Secret Police) and what some in the NSA want to do. The Stasi had to work with paper and actual human informants.
Hmm. Tests by a Navy cyber defense unit back around 1999 showed that the average cost of getting a poor SOB sysadmin into allowing physical access to a Fortune 500 server room was around $7000. Which ties back to an XKCD cartoon - "Let's use this $5 hammer to beat on his head until he gives us the password." So we convince poor SOB to allow us to put a tiny camera into his glasses to watch while he types.
Jefferson explicitly recommended that the government might need overthrowing occasionally.
Actually the sociopaths tend to go into management, not programming. From my own experience I would say that programmers are very rarely in the psychopathy spectrum, more typically going toward the autism spectrum. I was curious as to what value psychopaths had in an evolutionary sense (both individually and in society), and I learned that they can be valuable. In an experiment with spiders, an equivalent to psychopathy was indicated as a group survival trait, as without it nobody defended the group against external enemies. In society, some level of psychopathy is to my mind almost essential to being a successful politician - imagine a President who could not lie ("No, we have no intentions of invading next week."), and truly did "feel our pain" when he ordered thousands of soldiers to kill, and die. I wouldn't want a surgeon to "feel my pain" either.
Incidents of sociopathy/psychopathy increase from about 1% to 4% as you go up in the corporate (or government) hierarchy. (I would say the incidence among executives of big financial institutions is probably more like 20%, but that's just me.) It's also high among surgeons but not other doctors. Sociopaths are often natural leaders. In fact in that sense it is can be a positive trait. This book was recommended to me, and I coincidentally saw an article also recommending it - written by a neuroscientist who discovered in the course of his research that he had psychopathic traits: The Neuroscientist Who Discovered He Was a Psychopath.
See also The Pros to Being a Psychopath. Quote:
Psychopaths are assertive. Psychopaths don’t procrastinate. Psychopaths tend to focus on the positive. Psychopaths don’t take things personally; they don’t beat themselves up if things go wrong, even if they’re to blame. And they’re pretty cool under pressure. Those kinds of characteristics aren’t just important in the business arena, but also in everyday life.
The key here is keeping it in context. Let’s think of psychopathic traits—ruthlessness, toughness, charm, focus—as the dials on a [recording] studio deck. If you were to turn all of those dials up to max, then you’re going to overload the circuit. You’re going to wind up getting 30 years inside or the electric chair or something like that. But if you have some of them up high and some of them down low, depending on the context, in certain endeavors, certain professions, you are going to be predisposed to great success. The key is to be able to turn them back down again.
So I applied my newfound knowledge to the US Constitution. I realized that, having dealt with royal and other psychopaths and seen both their use and their risk, the founding fathers tried to construct a system that essentially pitted power-seekers (which to me is mostly psychopaths) against each other, allowing the system to make use of their talents competitively while never allowing any single one or group to take complete control - and always have a way for the system to re-stabilize away from any monopoly of power over time. This is an interesting new perspective.
My company doesn't have a strong policy - we all try to keep costs down, but we don't go crazy. There are two primary reasons I won't go to a hotel that blocks my use of my phone +/or ipad as a hotspot:
1) security - this is actually pretty much a company policy. We never use public wifi anywhere except in a few rare cases where there was no choice (typically because the cell signal was too weak). If we had a corporate VPN to run everything through it might be less dangerous.
2) bandwidth - in the few times I've actually tried to use the hotel's wifi, or a convention center's wifi, the bandwidth was so bad that it was unusable.
and also, 3) they actually charge for this? Every place I've been to in the last year has had free wifi, and in some cases free hardwired ethernet. Hmm. I am a member of Hilton's HHonors, so I get the wifi for free if I want it. I guess they do charge otherwise. HHonors doesn't cost anything so there's no reason I know of not to be a member. Same goes for Marriott, etc.
Your example reminds me of a powerful understanding I came to a while back. Every program we write defines an "application specific language" that is composed of the text, or the actions if a GUI, that the application supports. This linguistic approach to user interfaces can be a very useful viewpoint from which to define how a user interacts with our program. (where "user" may be a device, or software, or actual person, or whatever). We are constructing a language by which that user "talks" to our program.
Funny, back in the 1990s I purposely didn't learn Perl beyond the minimal amount I needed to maintain an early web app. To me it all looked like somebody sneezed on the page. But in the last 1/2 decade or so I've become pretty proficient at PCRE - Perl-Compatible Regular Expressions, the very essence of page-sneezing.
I once idly wondered how hard it would be to build a parser/compiler for another language using PCRE. PCRE-Perl? PCRE-PHP? PCRE-Ruby? Of course, PCRE-C could be the first one, and the others just built running GCC through PCRE-C. I'm a sick puppy!
Yes. For one, the true value of having two different block begin and end tokens is similar to the value of double entry bookkeeping. In Python there is only one "token" denoting a change of block (in this case the token is just the change in number of indent spaces). As a result, ambiguities and outright errors can be impossible for the parser to recognize.
... and slide rules! And use Mayan or Aztec measurements. Although Register Standards would also be acceptable. (actual data starts at about 1:45).
As a long time developer, I would say that nobody should be planning to use C for anything but where it's apparently still considered almost mandatory - kernels, device drivers, maybe compilers & interpreters. Application coders (your "in-between") should almost never waste time and mental effort making up for the lack of memory management and features like bounds checking of more "modern" languages. And I would argue that with most hardware being designed using advanced CAD, the hardware design should be well enough characterized that even device drivers may soon become something that could be almost automatically generated from the hardware specification, eliminating that job.
* footnote: In the 1960s, Burroughs Corporation used Language-directed design for their computers. For at least some of their designs, the entire system was defined and modeled in a high level software language (typically ALGOL) and internal specification language, and then the hardware/software interface was defined according to performance requirements and the hardware was built to implement the originally software-defined low level functionality.
Regardless of other aspects, if you want to learn something new, I would suggest trying one of the functional languages, such as Erlang or Haskell. Not because you actually want to get a job doing that, but because it will rearrange your brain and get you thinking about programs in a different, and I would argue, better way. I have never gotten around to becoming proficient in either one, but the limited effort I made to learn Erlang has greatly changed the way I write in other languages.
Sigh. Maybe we -- or I, at least -- just need a new 'ism.
Your -ism is wrong.
NSA's Information Assurance Division (not the spooks) works hard to help and to convince Big Corp to clean up their act. They recognize that financial IT security is fundamental to national security. Also, the FBI has a group that works to help companies improve security. So you might reach out to one of them.
The fundamental problem is typified by Home Depot's management - as a Redditor noted, when IT asked for budget to implement essential security, their upper management said, "We sell nails and hammers. We don't need that." Now it may well cost them $1 billion.
Here are a couple of rules of thumb you can tell your management. These are straight from web security and biometrics people I work with. A website breach (e.g. Target, Ebay, Home Depot, JPM) costs the company an average of $178 per customer (not website user - _customer_). That is a number that should invoke heart palpitations in the CFO - multiplied by the number of customers, it's probably more than the value of the company.
In the healthcare industry, a single lost or misplaced laptop will cost a minimum of $2.5 million in fines (HIPAA violations), liability, paying for patients to get identity theft insurance, etc. - even if no data is actually compromised and the laptop is recovered! If data actually makes it into the black hat world, the price goes up by multiples.