I'm happy. The more the merrier. People who grew up in the Microsoft-dominated era of personal computing don't remember how much fun it was to have many PC choices. The phone market is like that now.

I resemble this remark. Same here. Made it through high school with a GPA of 3.5 without much effort. Barely succeeded at college with a GPA of 2.6 because of it.

I kept thinking "There must be some way to use computer memory instead of human memory for this stuff". Today, I think I'd be recording lectures on my smart phone and listening to them at night when I'm asleep on loop.

This. Having said this, however, my software engineering program had a 75% drop out rate- within the first three terms. This was back when they were telling EVERYBODY that programming was the career of the future (they lied) and that it was easy. C and Advanced C at OIT were *all* visual/tangible results within two weeks- short two week programming projects that introduced basic concepts such as looping and data structures.

There was a backup degree called "Management in Information Systems", we had a saying by the time I graduated "God Bless those little MIS students, they interview for the same jobs we do and make us look good".

Read between the lines: "We can replace all of them with immigrants, but only if we can prove there's nobody who can fill the position. I know! Let's draft the requirements so they're impossible to fill, then hire the same person we would have anyway at half the price because we had to 'settle'. Brilliant!"

[lots and lots of citations needed]

They don't even have the common decency to at least choose a password that isn't already in every rainbow table on the planet.

If I were to make a back door system, I'd make sure customers knew about it. I'd make it so that a physical switch had to be activated on the device itself in order for the back door to be used. Activating the switch would be plainly obvious, with both physical indicators on the device and in management software, with auditing and warnings that the back door has been activated - and detailed logging of that account logging in. I'd use a 30-character randomly-generated password at least, if not some kind of public-key system, to authenticate the back door login.

If having to go to the physical device is a pain for you the customer, you can always just leave the switch always activated - you'd still be better off than those badg3r5 at HP.

That's because they don't appreciate just how predictable and inevitable those consequences really are.

I'm curious how you read what I wrote and think that is what I am suggesting. I double-checked and I just can't find anyplace where I said we should throw the baby out with the bathwater.

The problem, as I identified it, is that this government does not seem interested in re-establishing mutual trust between itself and the citizenry. If it were interested in that, it could start by increasing transparency and accountability. If it *really* wanted to do that, it could reduce its own size and power (yeah I know, keep dreaming ...) and return to having most governance come from the states.

It's a big issue now because mainstream, average people either didn't know about it, or were in denial about it and preferred to ignore those who tried to bring this to their attention. Or they branded them with labels like "tin-foil hatter" or "conspiracy nut" and the like. It's the standard procedure for how small-minded people treat those who have clearer vision than themselves (they can't just disagree, or be skeptical, they have to denigrate).

Now they can't do that anymore so it's finally getting the attention it deserves.

If you thought your one-liner taught me a valuable life lesson, your smug expectations deserve to be disappointed. What you think you're point out is trivial, obvious, and only a moment's thought reveals why it's wrong.

Characterizing a government is not a "sweeping generalization" like, say, characterizing a race or ethnic group. A government includes those at the top who make the important decisions and those who have chosen to carry out those decisions. This is not a "community", it's a voluntary organization. No one is making any of them behave the way they do. "Just following orders" didn't work at Nuremberg and it doesn't work here, either.

What you seldom or never see is "the wrongdoings of some members" being investigated and prosecuted by the other members. What you often see is that life suddenly gets very difficult and unpleasant for whistleblowers. People choose to work in these positions and to carry out these activities because they believe in and support them.

I'm sorry but portraying corrupt officials and the silent consent of their lackeys, massive unconstitutional abuses such as the NSA spying, and a long list of other scandals that usually result in a resignation at the very worst, as "mean ol Causality picking on poor helpless extremely powerful people" is so goddamned naive.

If by "never" you mean "widely used", then I'm going to go with... nope. Here's the thing -- corporations are what buy most software. Corporations are willing to spend large piles of money on software. And corporations don't want security that cannot be defeated because a malicious person (or a perfectly ordinary employee with an asshole manager they want to get revenge on!) could disable it in a way it cannot be recovered from.

They pay massive amounts of money for support contracts that demand minimal downtime. There's nothing in that contract, or even a single fuck given, to security -- which is why you get convenient fast-recovery options like this... that have the "small" side effect of having giant unpatchable security holes in it. The worst of it is, the patch will probably take some custom (weak) hashing function that generates a unique password based on the serial number of the device... like so many other first responses many other vendors over the years have implimented... and then someone will figure out the hashing function and you'll have to run a 'keygen' then and probe the SNMP interface before doing the exact. same. goddamned. thing.

The balance between security and convenience has always slanted heavily towards convenience. Saying "proprietary software" is to blame for this is disengenuous at best. Open source software tends to be used by people who give at least half a fuck about security -- but look at the projects that have gone mainstream. Firefox, for example, and it's attaching NTFS AD streams to downloaded files (just like internet explorer!) and integration with internet options (just like internet explorer!) control panel... all to please their corporate overlords. Oh, and bonus -- you can't override it. So if your corporate overlords screw up, Firefox is just another target waiting to be exploited. And the list goes on. The reason why open source appears more secure is because the people who use it are somewhat more experienced. It has nothing to do with open source itself -- it is purely the people who are using it that have created a (albeit imperfect) culture of security around the products.

Well, I know what this poster was thinking: "Quick! First post it, before someone else who can type faster than 9 words a minute writes an insightful and informative post giving away the secret sauce!"

Non-bullshit, redacted by lawyers version:

Anyone with access to the NAS over the network and an SSH client can enter a username and password, gain elevated privileges to the cluster, and while not allowing access to the data directly from that interface, access can disable the cluster or delete all the data within it, as well as wiping out partition information, etc.

The password you're looking for is badg3r5. So there. Go forth, my minions! In other news, Slashdot's corporate overlords apparently no longer believe in full disclosure, as it had in the past, and now omit critical information probably because their lawyers have more say in the editorial process than the submitter, editors, or anyone with a clue to spare. :(

Then they really don't understand how police and federal agents think.

These aren't people who intend to prevent a confrontation or back down from one for the sake of getting along. These are people who want a confrontation because they want an excuse to use force, look good before their bosses, and justify their existence and performance to the media. Confrontation is what they train for and overwhelming force that cannot be resisted is their method (but they'll happily charge someone for trying - if they survive).

Asking these people not to show up under these circumstances is absurd. It only makes them more interesting in attending. Racking up arrests and filing charges is how these people show their bosses that they are doing their jobs. That can be done by finding criminals and it can also be done by making criminals.