Comment An AMAZING number of flaws (Score 4, Insightful) 71
Submission + - How Microsoft's "Little Workaround" Created a Major Pentagon Threat (propublica.org)
The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.
Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
National security and cybersecurity experts in the Trump administration contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.
Microsoft uses the escort system to handle the government’s most sensitive information that falls below “classified.” According to the government, this “high impact level” category includes “data that involves the protection of life and financial ruin.” The “loss of confidentiality, integrity, or availability” of this information “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as “Impact Level” 4 and 5 and includes materials that directly support military operations.
“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the “scope of systems they could disrupt” is limited.
In an emailed statement, the Defense Information Systems Agency said that cloud service providers “are required to establish and maintain controls for vetting and using qualified specialists,” but the agency did not respond to ProPublica’s questions regarding the digital escorts’ qualifications.
It’s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.
A spokesperson for the inspector general — whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse — told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.
Comment Organiztions do what they are paid to do (Score 0) 70
The Wall Street Journal used to be a very good newspaper with a moderately conservative viewpoint and an extreme (some would say nutty) Radical Right editorial page. Now it just exists to provide a veneer of respectability to whatever scheme the hard Radical Right has cooked up to demonize a new Other (or resurrect the demonization of a previous Other) and hoover more money out of the pockets of the median Citizen.
Comment Re: Respecting copyright is an important part of F (Score 1) 109
Good point!
Comment Re:Respecting copyright is an important part of FO (Score 1) 109
Darl McBride used to refer to the "spiffy agent technology" that was going to find the allegedly infringing code, so that particular grift is nothing new.
Comment Re:Oh, right! (Score 2) 74
I am old and my sight grows dim, but I am pretty sure this all happened before the first 0.01 version of Linux was released.
Comment Unfortunately (Score 4, Insightful) 183
"If you must write a check, he said, try to deliver it in person or take it inside a post office to mail rather than relying on your own mailbox or public drop boxes. "
That was the neighborhood advice going around our area 1-2 years ago. I myself was skeptical that mail theft was going on as I had dealt with the Postal Police when managing an e-commerce site and I knew they are very good at finding things like this. Unfortunately it turned out (1) I was wrong: there was mail theft going on in our neighborhood but (2) everyone else was wrong too: the mail wasn't being stolen from blue boxes; it was being lifted from the bins behind the slot in our postal service center. The perps were eventually caught but it took far longer than I would have thought.
Comment Re:Would a Spar be Repairable? (Score 1) 61
Woah... Dumb question, but would a wing spar be repairable or replaceable?
Coward said, because when the wing falls off at 30,000 feet, rest assured - it's okay, because Airbus has good documentation. All fixed.
No, of course a broken spar is A Very Bad Thing when it happens in midair.
Is this changing-the-timing-chains-in-an-Audi difficult, or is this replacing-your-spinal-cord-without-killing-you impossible?
Are these planes repairable? I think it's a reasonable question.
(Of course, with the Audi, if has anything more than a loose gas cap it's not economically feasible to repair, but that's what you get with European engineering.)
Submission + - Feds Want to Drop Requirement for Autonomous Cars to Have a Brake Pedal (caranddriver.com)
Braking distance regulations would stick around, but the physical pedals would no longer be required for cars designed to be exclusively autonomous.
I would want any autonomous car to have emergency brake and/or shutoff.
Comment Would a Spar be Repairable? (Score 3, Interesting) 61
Submission + - Europe: The World's Fastest-warming Continent (barrons.com)
Britain, France, Italy and Spain have issued red alerts and health warnings for much of their territory this week as the region endures its second heat episode since May.
Submission + - Helion says the 1st fusion power plant is coming soon. A cofounder isn't so sure (scientificamerican.com)
But one of its founders—the plasma scientist whose research inspired its reactor design—has serious doubts.
Submission + - Bypass the polirical parties, add a new feedback to Congress (taxnvote.org)
Tax N Vote (TNV) is a proposal to add a new feedback channel to the federal budget process. At tax filing each year, every taxpayer optionally submits a Tax Dollar — one person, one allocation. The IRS anonymizes submissions; the Census Bureau processes and stores them (where you can verify your own); the CBO aggregates one-person-one-vote between April 16 and May 1 and publishes "The People's Budget." A third reference point alongside the two party platforms — measurable, granular, and updated annually. Congress is not bound by it; what changes is that deviations from constituent preferences become documented, attributable, and electorally citable. The argument is system-dynamics, not partisan: changing the color of the players doesn't change the system. A simulation of the mechanism shows convergence toward whatever the People's Budget turns out to be, in both ideological directions tested. There will be a talk on the model at ISDC 2026 in Delft.
The Government-side processing of Tax Dollar documents is written in Rust — memory safety and predictable performance for government data handling. The browser-side allocation engine is a Rust WASM module inside a Vue frontend, so the math you see in the app is the same math the aggregator uses. Processing is divided across agencies that already exist; marginal cost to the government is less than renaming the Department of War.
Open source end to end. The Tax Dollar format is open, the reference implementation is at github.com/greenpdx/TaxNVote26, and anyone can build their own client, audit the aggregator, or publish pre-filled template budgets that citizens adopt with one click. Go build a budget: TaxNVote.org.
Submission + - Alan Turing developed a portable voice encryption device (popularmechanics.com)
“Weighing just 39 kg, including its power pack,” Copeland summarizes, “Delilah would be at home in a truck, a trench, or a large backpack.”
Turing’s work at Bletchley Park actually informed the Delilah experimentation he was doing at Hanslope Park, and not just because he used Red Forms, the Army-issue sheets Hanslope staffers were meant to use to alert Bletchley staffers to enemy signals, as his personal scrap paper for Delilah experiments. He drew inspiration from one of the German cipher machines they had decoded at Bletchley; not the famed Enigma machine, but rather the SZ42. While the former relied on Morse Code, the latter utilized a 5-bit telegraph code, which Copeland notes “was a forerunner of ASCII and Unicode and is still used by some ham radio operators.”
The SZ42 produced an obscuring key of telegraph characters, with an identical key produced to both the sender and receiver. If it could be done for text, Turing reasoned it could be done for sound as well.
This is the part of the story where one might say “Well, I’ve never heard of Alan Turing’s voice encoder, so the experiments must have failed.” But remarkably, they didn’t. Turing and Bayley actually did create their Delilah, and even demonstrated it using a recording of a Winston Churchill speech, “successfully encrypting, transmitting, and decrypting it.”
Instead, the reason Delilah fell to the wayside of history isn’t because it was a failure, but rather because it simply wasn’t needed anymore. By the time Turing had built and demonstrated his device, the war was over. What good was a portable voice encryptor if you had no major enemies trying to intercept your calls, the government reasoned. So funding for the project stopped, and Turing’s two-year experiment ended with a whimper. Turing’s time as an electrical engineer at Hanslope Park became a footnote in his story, if even that.