Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Re:Weirdly Written (Score 1) 82

A lot of the idiosyncratic weirdness is due to the fallout from the Kennesaw incident with the state's voter registration system last year. Among other things, election worker passwords were publicly available. Lawsuits are still in motion, I believe, including one against the SOS, I think. The bill in a lot of respects is an attempt to close the barn door after the horses left a different barn altogether. WABE has a good timeline here:

https://www.wabe.org/two-georg...

Politico has some good info as well here:

https://www.politico.com/magaz...

Otherwise it's the usual shoot-the-messenger stuff governments all over are well known for.

Comment Re: Because in Georgia... (Score 1) 82

We can maybe pin that down a little more. The Secretary of State suffered considerable embarrassment last year after the Kennesaw State "incident" wherein more than one un-contracted security researcher reported non-earthshaking problems with web-facing systems having to do with the State's voter registration system, which only got reported to him after the press got hold of it. We can't really blame the KSU people for keeping it under their hat, given the way the guy in Kemp's office who earlier accidentally sent out voter registration lists to newspapers in the state, the LoWV, and others got thrown under the bus for what was really an honest mistake, but which technically violated SOS IT protocol, but it seems Kemp is apparently the one who pushed for the original SB 315. We can blame them for not fixing the damn problem, though.

The "active defense" amendment is more unclear, and I haven't had time to track it down yet, but my bet is an IT/Security vendor, probably a State and/or Federal contractor, possibly, just possibly, an NSA cutout, given the hacktivity in Augusta, and GSU, and the attempt to tarnish the EFF by association, by way of hacktivity on a church website. Read between the lines of Ms. Smith's report: I'll just note that all this activity is centered around the the Augusta "cybersecurity corridor", which includes the Army Cyber Command, a large NSA SIGINT facility, the new State-owned Hull-McKnight Cyber Center at Augusta State, and various contractors. (I'm not sure if the cybersecurity dept of the CS school at the former Armstrong-Atlantic University in Savannah, now merged with GSU, is still extant, but if it has, it's probably in Statesboro now. Note to self, find out!) Anyway, all the hacked websites were managed by the same Augusta web design firm.

Inside job? Who knows, but it's kinda suspicious to me.

Comment Re: Self defense isn't a 'wrong'. (Score 1) 82

This bill is essentially having you walk through a crowded square, blindfolded, and if someone grabs your butt you're allowed to pull out a pair of uzis and start firing at random.

Reckless endangerment and possible manslaughter for what might even have been accidental, nope, not warranted. Now if someone tries to pen-test your butt, I hope that you can discriminate the real offender and that have good aim. :-)

Yes, I feel that is an accurate description of hacking back against a network of zombie machines owned, often unwittingly, by innocent people around the world.

Oh, I do get your point, but I think the real problem if this bill is signed is that it will be used as cover for deliberate network abuse and break-ins under merely the pretext of "active defense". "Oh, excuse me, I dropped my cell and grabbed your butt trying to catch it."

Comment Re: Self defense isn't a 'wrong'. (Score 1) 82

Mr. Kemp would tell you "make the DNC and a former administration pay for it." ;-)

Look, Georgia Code 16-9-93, which SB 315 modifies, like a far greater percentage of Georgia law than anyone cares to admit, is completely boneheaded to start with. (Not that US law is really any better, and in some cases much worse). Computer security by fiat is a totally asinine concept. It exists simply to pass the buck for suits and good 'ol boys, (sigh, yes, of all genders, races, ethnicities, creeds, etc, not just the Sons of Eugene Talmadge and the Cackling Hen Auxiliary) . The medium is not the message. Extract any actual crimes, ie. theft of confidential information, trade secrets, malicious damage, denial of service, election tampering, so on, and deal with them in the code appropriately, though I'm sure they're mostly already covered. Junk the rest of it. Leave security where it belongs, with IT management, system administrators and network operators, and users, not legislators, lawyers, cops, prosecutors, and clueless reporting.

As for SB 315, I don't have any a priori objection to a little tactical offensive defense, if truly warranted. You better know what the fsck you're doing, though, and if you know what the fsck you're doing with your systems, you will rarely have the need. and if you do actually need it, that knowledge will more than likely fly right over your head. So you should likely be thanking anyone who points it out to you, not shooting the messenger. Look, they're YOUR computers, not the State's. YOU take responsibility for them, or least stop whining about welfare deadbeats looking for gubment cheese. Please.

IANL, but SB 315 looks like bad law regardless. Vague, and seeming to say, "Well, if it's for business, why, that's alright. Go right ahead" Oh, so if you portscan that network in Ukraine that's been running distributed SSH attacks on your hosts for months, just out of idle curiosity, that's sure to trip a wire somewhere. Are you then guilty of "unauthorized access"? After all, the way I read it, I'm in violation even if the target is in another jurisdiction. If so, on all counts, damn the law, I say. Or setup a new corp. A co-op for security researchers, say. Leave no opening for prosecutorial discretion. Use the damned system against itself.

Finally, do you clowns pwning, or claming to pwn, Augusta, GSU, etc. realize you are only being used to scare up support for this idiotic bill? If you don't, please get a damn clue. If you do, well. here's a big FU.

Comment Well meaning, *maybe*, but flawed (Score 1) 91

The pledge really bears commenting on, point by point:

> Net Neutrality
> I will support legislation and measures that ensure the protection of net neutrality principles and that remove any registration or other restrictive
> requirements on the provisioning of Internet content or services.

Now, this is a fine-sounding statement, and it's something that even the top execs at the biggest ISPs could support sincerely, without so much as a twinge of conscience, or concern for the next stockholder's meeting. It is also meaningless without a concrete definition. The FCC attempt in 2015 to define net neutrality was less about ensuring competition and free access than entrenching monopolies, mediating corporate turf wars, advancing censorship, and establishing a new bureaucracy for the new era upon us wherein everything, including POTS, is digital. If that's really what anyone wants, get Congress to have the balls to make it law instead of passing the buck. It could, of course, be that this pledge is intended to filter up to that level and provide our selfless, noble legislators with the cover they need to regulate content, ie. speech, or to import concepts like "social credit" to promote political hygiene, but it still doesn't define anything in any way that anyone could be held to.

> Ethical Campaign Donations
> I will never accept campaign contributions from any company or individual that has lobbied for the removal of net neutrality regulations or for
> restrictions on municipalities to create broadband networks.

Oh, this is choice. Conflating ethics with politics. Why not add "I will never pander to a constituency" while you're at it. By the way, do you really think Big Telecom, Big Cable, or Big Content, were any of them actually AGAINST "Net Neutrality". Well, think again. At most, their bases are covered both ways.

> Municipal Broadband
> I will support legislation and measures to create publicly-owned and managed municipal fiber networks, built to serve the residents and businesses
> of my community.

Why, who could be against serving residents and businesses of the community? That is the main excuse...er, reason, for our municipal charter, to begin with. Why, we could even support legislation and measures to eventually ensure that all housing and all food production is publicly owned and managed too, while we're at it.

Look, if you really want socialism, please just do a Bernie and come out and say it. On the other hand, you want the city to be a business, why not be honest, issue voting shares, and be done with the pretense of government as opposed to management of a corporate monopoly. It might be easier to follow the money at least, and maybe get dividends from all the tax-farming.

> Government Transparency
> I will support legislation and measures that promote the availability of government data to residents, as well as the usage of open formats and open
> standards in government.

This sounds good, and it should be common sense, but realize that the same manager or purchasing agent that owes his or her job to industry trade councils behind the municipal government associations and suchlike that provide template ordinances for such things, recommended bidding practices, IT guidance, etc. is not particularly likely to go beyond them, and especially not against them, if it impedes getting their job done, whatever the high-sounding, but essentially meaningless platitudes that are espoused. And like all politicians, mayors and council members are past masters at saying one thing but doing another.

Or is this a setup for the template providers to circulate an official approved policy on this matter, that otherwise might be a hard sell, like the model zoning ordinances that expand city rights on private property? I really do wonder.

> Open Access To Knowledge
> I will advocate for freedom of communication and access to knowledge, and I will support initiatives to ensure that publicly-funded intellectual property > is made available in the public domain.

As long as it doesn't violate GDPR ;-) Removing tongue from cheek, remember that publicly funded frequently still means privately contracted, and even the government has to abide by its own idiotic IP laws. Good luck with that. It's a good idea and already more widely implemented that seems to be given credit for here, but again, good luck.

>Freedom from Surveillance
>I will not support any proposal for storage or surveillance of communications data that has not been subjected to credible, independent assessment for >necessity and proportionality or that is not subject to regular review to ensure compliance with these criteria.

Oh, you mean, like a FISA court? *chortle* All you're doing here is asking municipalities to endorse the whole concept of massive government surveillance. As if they need any encouragement.

> User Privacy and Data Protection
> I will support legislation and measures that promote and protect the fundamental right of individuals to privacy and data protection, and the use of
> encryption and other privacy-enhancing technologies.

Read that: I support the right of government to oversee and/or administrate the collection and distribution of private and personal data under the guise of protecting a non-existent right. How about pushing for your municipality to respect the US 4th amendment, and having its state officially, explicitly amend its constitution to include the Bill of Rights, instead.

But I get the feeling that's really not the agenda that's being pushed behind all the mom and apple pie here. People, you're being used.

Comment Follow the money. (Score 1) 144

There would sufficiently little incentive enough to preclude the use of bots to spread news, fake, real, or otherwise if it weren't for the prevailing ad-based revenue model of web publishing that panders to fear, greed, desire, and lowest common denominators in the attempt to push buttons to generate a profit or gain an electoral victory, regardless of cost. This is a broader problem than whether it's fake or not, or by whose standards. I'm afraid the MIT study, however informative, will likely be used to further the agenda for more centralized control of web publishing, totally at odds both with web history and freedom of speech. I'll bet my bottom dollar some Senate or Congressional staffer is preparing a bill right now. Yeah, they got yer network neutrality for you. The network will be so controlled you won't care any more. Click that bait. Yeah. Forget the 1st Amendment. MIght as well move to China.

.

Comment Re:Interesing... (Score 2) 394

"PKB", I think, is the term you are looking for here.

Obviously, all private funding for science should be required to be funneled throught Lessig's superpac to be vetted and pasteurized for social responsibility, political correctness, and overall greenness. I nominate Hugh for the job. ;-)

Funding is less of an issue to me than the allegations of fraud on both sides of this "debate".

Comment Re:Give me a damn web browser (Score 1) 157

No, ultimately, it's so you will be able to put one Android phone in 7 bars on Tybee and 1 in a mortuary in Port Wentworth and end up with an 8-line distributed Cnet Amiga cluster to play spot the Fed on. ;-) Bonus karma if it's FTSC compliant.

Thanks and a tip 'o the hat to Don Murray and the old Night Owl BBS crowd.

Slashdot Top Deals

If I set here and stare at nothing long enough, people might think I'm an engineer working on something. -- S.R. McElroy

Working...