Without assigning any kind of reason to his shift in attitudes - it's refreshing to see a privacy officer come out like this. I can't think of a reason any CPOs should act differently.

There's no room for rock stars in my tightly organized classical and jazz ensemble.

I let go of 2 rock star developers in May. Their stars were so bright they did not seem to understand what they were actually being asked to do. I helped them on their way to finding challenges suitable for their skills and have been cleaning up after them ever since.

I completely respect people who take the art of application development seriously and do want to attract that kind of talent. What rock star implies to me is something more than a soloist, it's someone with an almost pathological urge to show off his or her talents by solving challenges. A challenge could be a bug, or an infrastructure issue, or something else, but they have to address it the moment they notice it. Feeding this urge is not quite the same thing as participating in a structured process for delivering solutions to technology challenges.

I have had guys with such talent they could build web applications sophisticated enough to be unrecognizable as web sites and completely unusable in terms of core functions. The code does something interesting in the background, but I really don't care because the project is suddenly 300% over budget and there's no end in site. Their project managers don't always know what's going on because these developers don't actually tell anyone what they are going to do - they do what they feel like and you get to live with it.

Case in point: the 'KC Box'. This name comes from a rock star developer some might think at the level of a Van Halen, with the way he promotes his personal brand. He was the lead developer on a website built for a client using an open source content management system. 9 months into the project, 100% whitescreens, user logins had been shut off, you could not enter new content, etc. Literally nothing worked, but he did get some interesting contributions to a css preprocessor out of it.

This is the kind of thing I eventually end up with from rock star developers. It's not like they are building things that are sustainable or that other people can contribute to, they are building things to satisfy some internal need.

What's more valuable to me is people who can learn to see the goals of the group of people they work with, contribute to it, communicate about the areas where they see issues and put processes in place for how to address them. I don't have some meaningless label for them, I just get better results with structured development processes and people who know how to work in teams.

Is there anything that cannot be justified by appeals over terrorism?

This is just getting ridiculous. I am not used to politicans from the UK making no sense, even Thatcher was usually coherent.

But this... is just plain absurd.

It will go well with my HD TV windshield and the Beats by Dre headphones I wear whenever I drive.

I employ about 20 people.

About 70% of the time, when people quit my company without notice, they are leaving with business. A client talked them into contracting with them directly at a higher rate, or another company made them an offer based on walking with a project.

It's a free market and people are supposed to do what makes them happy and all, but shady is shady. I check people's references before making them an offer and never hire people who have left a job without notice. I don't take on projects people bring with them unless they have been away from their former employer for a long, long time. I am not making assumptions about someone's reasons for quitting without notice - in fact, I usually give people a chance to explain themselves, and I would be open to hearing reasonable explanations.

The thing is they never do. I hear a lot of grousing about how work was part of their last job, he / she "just couldn't take" some aspect about it any more, or how there was this bull and it had horns and those horns needed to be seized. But no one has ever pointed to legitimate factors such as an abusive workplace, not being paid on time, not receiving fair / just compensation, or the like.

(Well, to be honest, that's not true. There was one time that someone left a job in protest after management refused to put in assistive devices to help with his handicap. I could understand this. But he was not being honest about his experience and lost out on that factor.)

I don't know if I am the only employer who is like this, but I suspect there are more people who do things this way than you might expect. Seriously, I just want to know when I invest in training people up, having them travel the world with me, setting them up as a thought leader, listen endlessly to their stories about kids and dogs and things they want to buy and their colds and everything else, they are going to at least have the courtesy not to vanish on their way out.

OMG that's so funny. Porn filters blocking great literature.

What would the bard say?

"With this bit I damn thee..."

"She censored well but not wisely"

"O, reason not the need!"

"Art made tongue-tied by authority." (had to look this one up)

I think I know the origin of this tax bill and what it is intended for.

Acquia - http://www.acquia.com/ - is a large firm that specializes in Drupal. A lot of the work they do is around setting up, configuring and maintaining Drupal websites.

While they don't produce the majority of the code that is in Drupal, they do provide a lot of services around it to consumers and other businesses. This is really a tax on VARs and other people who implement Drupal using their services.

I am sure there are a lot of other companies that operate in a similar space. While I don't like it, I can see the potential revenues to be drawn in through such a tax.

I think Jeff is a sincere fellow who seeks to have a nice conference and avoid issues that could be tough on either the Fed side or the Hacker community side.

I don't take his request as retaliation over government policies, and mroe as recognition that the community coming out to DefCon is very different from the one that will be attending BlackHat.

The point of the conference, regardless of anything anyone wants to say, is to have fun. My take is that he is trying to preserve that spirit for the conference.

It just occurred to me, one of the researchers pulling out was slated to give a presentation on how to hack sharepoint.

While it would be an enormous loss for the community not to have the opportunity to learn more about the specific ways this guy attacks M$'s premium CMS ... ... how much effort would it really take for a bunch of Defcon attendees to put together a session with equally useful information about hacking sharepoint to replace it?

Were it not for the fact I don't believe there is any anonymity in the world anymore, I would agree with you and say something even more cavalier. But I don't, and like to be thought of as a nice person.

I can't speak for the people who have chosen not to participate or their reasons for doing so.

I am sure it will be a loss for the event, but not as much as the one that comes from the lack of a public dialogue about the government's actions and activities tracking internet traffic.

Saying that Defcon fosters an open community where there are no sides is a little misleading. The government has it's own reasons for showing up and they are not all related to sharing ideas, learning and having a good time. It's just the other people who really lack an agenda.

I know people who are not going to Blackhat because the NSA is giving the keynote. What kind of strange alternate future is it we live in where this even happens?

I have never really been comfortable with having the Feds in there in the first place. Anyone in government can potentially serve in a prosecutorial role, and the government has demonstrated over the years they are perfectly willing to demonize hackers if it serves a need. Thinking about Mitnick, Gonzales, and a bunch of other guys who got railroaded here, along with 2600 meetings where we would get interrogated just for showing up to have coffee.

It's a little like inviting the fox into the henhouse to have these guys around. Pretending that they care about the hacker community is a little hard for me to do.

I don't replace HDs with services that provide the government with access to my files. I eliminate those services like the bugs they are.

The question is what you can do to prevent it, not whether or not Snowden is a hero.

It's an interesting problem on it's own. Imagine the situation in reverse - someone working in IT for an aid organization, beset by government hackers looking for information about political opponents who would kill them. How do you prevent someone from leaking information of a completely non-criminal nature to forces who mean to do them harm?

One of the problems with disclosures, and why they are so divisive, is that they expose people's relative values. For everyone who thinks Snowden is a hero, there is someone who things he broke an oath and the government is being completely reasonable.

It's not worthwhile to judge situations the same way you judge individuals. I work with a lot of NGO where people would get killed if information about their operations is exposed, and one of the big threats is someone handing over documents under duress.

I agree with this point. It's not impossible to stop leaks, but organizations can change to mitigate the impact one individual can have.

The thing that is most interesting to me about the Snowden case, as well as the Manning case, is the level of access intelligence communities give to these people. I mean, Manning was able to dump years of diplomatic cables, and Snowden has been able to detail a worldwide architecture of network ops.

Did they really need to have this much access to information? If their roles were more compartmentalized, these situations would be different.

I feel the problem with these leaks is a management issue moreso than the acts of individuals. Taking young, principled, intelligent guys and giving them the keys to a trove of information about questionable activities is just not the way to run an organization. The people he reported to should be the ones being indicted over this.

A solution (without knowing the particulars) would be to spread out access across a range of individuals with specific skill sets in their area and that's it. If you want to train people to be hackers, focus their development on one level of infrastructure and make it impossible for one guy to do this all on his own.