So I have my attack drones land in the forest and wait 24 hours, then swarm attack the Kremlin. Or I use a link that doesn't involve the cellular network. Or I make the thing autonomous. Or I buy Russian SIM cards and install them in the drones.

Seriously, how incompetent is the Russian government? They seriously need to lay off the vodka.

Gentlemen, we can rebuild him. We have the technology. We have the capability to make the world's first bionic man. Steve Austin will be that man. Better than he was before. Better. Stronger. Faster.

Why the hell would someone go open a terminal window and paste random shit in from a web page?

There's a major grocery store chain in Texas called H-E-B. They've got facial recognition running at the entrances and exits. They want to make sure everyone knows it. Walk by and you might get some random red box around your face for no obvious reason. It looks like the equipment they have only identifies one face at a time, though. Either way, I can't see how it serves any real purpose.

Can they get a dolphin and name him Darwin for this moon pool?

i doubt that it had anything to do with that, because there was absolutely no way for parents to access it. It was only accessible from within the hospital network. There might have been some gateway to the global Internet, but I did not find that. I did find a couple CT scanners accessible from the global Internet when I ran them into SHODAN.

Almost as good as when I was telling people where to go to get gas during Hurricane Harvey because all these stations left the meters on their gas pumps open to the Internet for no reason. "Hey, fuck the line! The guys down on x pedro have xxx gallons of whatever." This IoT thing is pathetic to the max.

This load of horseshit was actually in Texas.

Of course. The problem was that because I'd previously brought some of the problems to their attention, they would have known it was me. Aside from them probably accusing me of "hacking" (what a joke), they probably would have sued me. And while a lawsuit like that would ultimately be unsuccessful, it would have tied me up and buried me in legal fees. Then it probably would have made me completely unemployable. When you have professional licenses and the job market already sucks, you don't want to have that kind of albatross hanging over you.

Theoretically, the hospital was on the hook for up to $250,000 per record and as a whistleblower I would have been rewarded some of that. The reality is that it was a regional public hospital, they couldn't afford it, the government wouldn't have imposed the fines anyway, they would have come up with some excuse for me not to get the reward, and I would be unemployable after I'm slathered all over the news media.

I just left in utter disgust. That's the worst case of incompetence I've ever seen. Well, there was the place in Ohio that had their access control system for the nursery controlled by an old garage door opener. Flipper Zero anyone? (FZero wasn't around then, though.)

Back about ten years ago I was working at a regional hospital. I've told this story before on Slashdot, but it is relevant here.

I start working there and one of the first red flags was that these idiots didn't have individual user accounts set up. The entire system was based on Windows. They had a general account that everybody from the doctors to the janitors used, and it had a simple five letter password that everybody knew. So, well, basically useless. They had this idea that this made them comply with HIPAA. Uh, no. And their entry code to the ER ambulance entrance was 911. (That is not uncommon.) But it gets better.

They had a global Windows share drive that was a dumping ground for... everything. So this thing had everything from patient information to employee lists to social security number lists for employees to recipes (I kid you not) crappy soup in the hospital kitchen. It was insane. I warned them about it in the first two days or so that I was there and, of course, was ignored.

Predictably, they were shut down with ransomware in the middle of the night. Someone had infected a random computer and it hit that network drive, crippling the hospital. I was working at two in the morning and immediately knew what happened. So I called the IT emergency number and got some tech, who was clearly drunk off his ass. I was literally sitting there walking this guy through logging in on the phone. And knowing the basics of their network topology, I even told him the most obvious way to identify where it was introduced: It encrypted everything it saw, which included the network drive, but you just have to find the computer that has all its local stuff infected. Oh, and by the way, from the language of the ransom note, it was clearly someone from Eastern Europe or Russia. And so on. Eventually they fixed it but it took them about 12 hours.

Well, it gets even better. The morons had all the security cameras accessible on their local network. No VLAN, nothing. And they had a very predictable IP assignment for it. I think it was something like the floor and a camera number. So like 192.45.1.5 for camera 5 on the first floor. That really isn't so bad, except that it shouldn't be globally accessible from any computer in the fucking city. But wait! When you connect to it using a web browser, it squirts out the model number of the camera. And, as you can guess... No, they never set passwords on the damned things, and used the default password. We're talking literally Googling the model of the camera and finding out it was "admin" or something like that.

So I discover this when I'm bored one night on a 24 hour shift. So I'm flipping through cameras, and there were cameras in pretty weird places. Like the playroom for the children in pediatrics. Really, I don't want to know. There was also one on the roof that was a movable camera. I reported it and was ignored. A couple of weeks later, I turned the camera into a tree. When I came back two weeks later, it was still looking at the tree, so obviously nobody was looking at these things.

I won't even get into the shit that happened when they had a bomb threat from some asshat and their incredibly incompetent response to it. They demanded that everybody turn their cell phones off because... reasons I still don't understand. (The real reason was that they wanted a communications blackout.) But it was "Oh my god, if you use your cell phone it might detonate da bomb!" Sure. Well, when they locked down the place my cell phone was in my call room in the middles of the hospital. The local PD obviously had some kind of scanner they were using, because they kept circling around the closet I had to sleep in trying to find the phone. Being idiots, they never found it. In the middle of all this, because they had to have communications, they bring out cell phones the hospital had and start handing them out to critical personnel: Apparently their cell phones won't "set us up the bomb."

Oh, and while they were trying to tell everyone not to use cell phones (and I guarantee the patients and families who were oblivious to all this were using theirs) they left the facility public WiFi on. So, well, hell, nobody could possibly use a text message or something over WiFi and trigger something, right?

Oh, and it gets even BETTER. Their entire electronic health record that they used for the ER was all nice and password protected. The problem was that they had a hidden Windows share drive that exposed the backend of their ER system. Once you opened that, everything was unprotected and plaintext. There were thousands and thousands of records that were accessible. I mean, you could pull up document images that had been scanned in. I estimated about 750,000 records going back about eight years.

But wait! There's more! On ANOTHER "hidden" share drive there was the dumping ground that the IT department used. The most interesting thing on that was a Powerpoint presentation someone had made detailing some of their security vulnerabilities and laying out a two year plan to address it... dated about a year prior.

This happened and I was only there SIX MONTHS. I wasn't trying to do anything specific. This was all completely natural. Kind of like "What happens if I type \\Alpha"? Needless to say, I got the fuck out of this hell hole as quickly as humanly possible. My contract ended and I ran like hell.

So it really doesn't surprise me that the Louve did this, or that one of Hillary Clinton's campaign officials had the password "password".

+1.

I've had to be fingerprinted so many times and provide photos that I've lost count. Every time I apply for a state professional license, I'm fingerprinted, undergo an FBI background check, my picture is submitted, and I'm another entry in a database. Passport? Same thing. Driver's license? Almost as bad but no fingerprints. When I go to the grocery store around here I'm on security cameras and they are very upfront and in-your-face about making sure you know that they're using facial recognition. Ever go to a bank (or Vegas for that matter)? Facial recognition. My spending is tracked by the banks. Having a lot of cash on you is enough for the authorities to suspect you of some wrong-doing. Anything you earn is reported to the IRS. The NSA records everything and dumps it in a data center, presumably that thing in Utah. And on and on.

The cat is out of the bag, and we now have a Neal Stephenson style technological dystopia.

It doesn't end there in medicine either. The American Board of Medical Specialties has basically set up an illegal guild in this country. After you finish residency and get licensed, every state in the Union recognizes that you are fit to practice. But the ABMS wormed its way into all sorts of organizations and basically acts as the mob of the medical world. You have to jump through their hoops, buy their material for thousands of dollars, take a test the one time a year they give it and pay even more thousands of dollars, and when you walk in to take the test you have to sign a nondisclosure agreement and another contract acknowledging that passing or failing the test doesn't demonstrate competence.

If you pass, you get to pay them ongoing protection money and do other busywork bullshit. If you fail, you take it again, but then they put a time limit on it after which you lose your eligibility to take the test and have to go through what amounts to a reeducation program. Last I checked, one involved a nonrefundable $12,500 application fee, a mandatory trip across the country for some kind of in-person medical exam or something, and then the doctor had to find his own "preceptor" for six months of nonsense.

Anyone who holds the certification has to "maintain" it by spending ongoing thousands of dollars every year.

These vampires wormed their way into the American medical system such that if you don't pay them the protection money, they effectively stop you from practicing. They wormed their way into hospital bylaws, for example. And that isn't counting the numerous organizations that won't hire anyone who isn't "board certified" but they don't care what you're "board certified" in. (In other words, they don't care if you're certified in Family Practice, Pediatrics, Dermatology, or Left Toe Specialty.)

Unions can be great if they are handled. But we have to be careful that the unions don't get out of control and effectively turn against the people they're supposedly protecting.

By the way, though it isn't a union, did you know that the American Medical Association only represents 12-15% of practicing doctors in the United States? They inflate their numbers by giving away free memberships to medical students and residents. They also engage in some grimy behaviors such as sending unmarked envelopes to what they think is your practice address and having the membership dues look like it's a bill even if you've never been a member. I guess they hope that your office manager will get it and just pay it.

I prefer my caffeine intranasal, transcutaneous, or in the form of concentrated 300mg cans that I can chug.

Martha Stewart bakes bread...on Mars!

Do those even exist anymore?