He's so wrong on so many levels: see PopeHat.
He's so wrong on so many levels: see PopeHat.
Oddly, a movie is actually accurate in some degree. It was even named after the program.
In a nutshell, Navy and Air Force drew different conclusions from the horrible aircraft loss rate during Rolling Thunder, and both were right. And, as usual with actually sensible programs in the military, funding was crappy at best in the beginning.
Seriously. Binary might be faster, and that's cool: when it comes to sending / receiving data, compressed forms are awesome.
But yes, if there's an error...or if something doesn't work as expected, your choices may be a special tool to read the data stream, or trying to read it manually (which can, lacking practice, take a lot more of the developer's time).
Personally, I'd do what I normally do with other forms of storage: develop in human-readable, push to production in binary; boolean switch / comparable classes in the original code to swap back if / when some horrible error appears (and no one knows what it means, or why it's happening).
Dude, it depends if things are an employer's market, or an employee's market. If the US government needs a cracker that can slice through security like a hot knife through butter, and their choices are John Convict, or Joe Non-Convict, with the former being capable, and the latter not so much...well, would you prefer an employee that can perform the job, or not?
Of course, this sidesteps the entire issue of whether we should be engaging in such things to begin with. Nations spying on other nations has occurred since the beginning of civilization...and there's no reason for them to do otherwise (well, from their viewpoint, anyways; perhaps, if one pauses, and relfects that all nations who have engaged in this kind of warfare (and it is) have fallen, one would not be in such a hurry to emulate their possible mistakes).
Lol. I'd just synthesize a camera from available parts...and go the microfiche route (store the film inside the suit I'm wearing...do it right, it's flexible, and who is going to rip open the shoulder pads / inner lining of a $2000 suit? If they're wrong, that's $2K from the security budget.) Meh...actually, if I used cellphone filters / trickery, I could collapse the data somewhat holographically...maybe (who is going to question the use of a cellphone wrapper on your person if you bring in / acquire some candy with the right characteristics? Red, blue, yellow, green, etc. on a piece of film...extraction via Photoshop later on.).
But then, who wants to wander into the lion's den to get what you want, when you can just chill outside? I imagine that the security reports they are using to build their zero-day database are coming to them via emails, or phone calls, or even from the vendors themselves. Why take on the castle (a secure installation), when the tavern is more surmountable (the vendors themselves)?
But then, this entire thing is a distraction. Let's be honest...going this route is filled with fail.
By definition they are not. Because you would have to come up with every possible scenario that the enemy could design to outsmart your drones. Remember the V1, the first "drone", so to speak? English pilots came up with a clever (albeit quite dangerous) maneuver that could easily down them.
In Vietnam, the US made the mistake to only prepare for the "big war" against the USSR, ignoring minor conflicts that might appear. Planes didn't get guns anymore because "modern air combat will be fought beyond visual range. Then politicians came up with the stupidity that enemy planes first have to be visually identified. Not to mention that the long range air-to-air missiles of the time were unreliable at best and required an active lock (yeah, it's a really bright idea to fly straight towards and enemy plane coming at you with its weapons pointed your way...). In a nutshell, the USA relied on technology that was simply not ready to fill the role it should, coupled with political stupidity of epic dimensions.
I'd fear that this is heading towards the opposite. We're just preparing for an asymmetric war, ignoring the possibility that we might have to face an enemy of equal technological level. And while it is quite unlikely that there will be a full blown war between the USA and, say, China (just to name one country that might be some sort of threat, replace with your favorite boogeyman at leisure), if the past half century taught us anything then that proxy wars where one side is the US and the other side gets top level equipment from a "partner" are by no means far fetched.
Oh, like those are the only methods for getting things out. It exists, therefore a leak of it will exist somewhere.
I'm not saying the contractor is at fault per se, I'm just saying that the premium on their services is amazing. They were hired January 30th, and let's assume that, worst case, they were looking for infections through May 15th. That's 4 and a half months of work looking for infections. 4 and a half months of, what, running various malware scanners? What if your boss came to you and said that he wanted you to determine if there were any infected machines on the company network, and you gave him a timeline of 18 weeks to finish that job? Would you still have a job? Assuming they are working full-time weeks those 18 weeks, then that comes out to 720 hours per person, or $1143 per hour. That's a serious hourly wage, even if they divide that up between 5 people (and then you have 5 people spending 18 weeks scanning for malware?). It just doesn't really make sense what that contractor was doing in order to bill them for $823k.
But wait, there's more! There was another contractor (maybe the same one), hired to provide "assistance for a long-term recovery solution." So we're talking about designing a system where everything is backed up, relatively easy to recover if necessary, presumably with capabilities to save and push out disk images in the case an entire re-image is necessary. The cost for that one? $688,000.
$1.5 million dollars spent on contractors to do virus scanning and recovery assistance. Like I said, I'm in the wrong business.
Had they just walked away, do you think they would ever get hired again?
How about if they get their requirements, respond with what they can and cannot do, do what they can do in an efficient way, and bill for a reasonable amount? Is that really too much to ask of a contractor? If they get asked to prove that it is not possible for a system to be infected, and they can't prove that, they can only prove that it is not currently infected, then state that, do the job, and move on. Don't sit there for 18 weeks doing nothing to justify your $823k bill for taxpayer money. And how about next time they put out bids for a long-term recovery solution, and let's see if they end up taking the bid that costs $688k (not for the equipment - just the recommendations) or if competition brings that price down one or two orders of magnitude.
At least until a manager gets wind of it. Then he will want to multiply that team's power by splitting them up and making every single one of them a team leader of a group of people.
Ignoring the fact that these 6-10 people were the ONLY ones that work like this within the 100 miles radius and the fact that people who rely on and thrive in a cooperative environment are crippled when facing teams that go by the German definition of team, i.e. "Toll, Ein Anderer Macht's" (which means "Great, someone else is doing it").
The contractor did not tell them to do that. The contractor found exactly 6 machines, which they recommended by re-imaged.
... and then billed them for $823k? Holy gooseshit, I'm in the wrong industry. I need to be a government security contractor. Obviously this is a job that I am already qualified for.
This stupidity was not the contractors fault.
That's true, but the contractor sure as hell doesn't care about taking hundreds of thousands of taxpayer dollars, do they?
Hmm... considering there ain't much worth importing from the US, not even tariffs would mean a thing... 'tis really hard, how to you punish a country that you don't wanna deal with in the first place?
That's nice until some software on your XP machine needs to connect to a server with its database.
You just explained to me something that I was wondering for quite a while. Who'd have thought reading
If it's any like L4D2, they can keep it. Seriously, a horror shooter was replaced by yet another splatter shooter. What are they supposed for L4D3? Why not make it a rail shooter where all you do is keep that left mouse button pressed and rack up a few thousand kills?
It can work, but in my experience, two things determine whether it's possible: Group size and what kind of people you deal with.
Group size is WAY smaller than 150. IMO, I'd say closer to 6-10 people. Anything bigger and invariably sub-groups will form. And second you need people who want to work in a team, whose focus is the project and not their own agenda.
Since such people are quite rare, assembling a group of more than 6 to 10 of them is a feat by itself...
"Free markets select for winning solutions." -- Eric S. Raymond