hacker news with inline top comments    .. more ..    10 Jun 2013 News
home   ask   best   6 years ago   
1
Has the US become the type of nation from which you have to seek asylum? washingtonpost.com
179 points by Libertatea  1 hour ago   68 comments top 9
1
tpatke 1 hour ago 4 replies      
It is strange that the same country which cherishes its 'right to bear arms' on the grounds that it gives them a level of protection that the government is unable to provide is 'happy' to build the infrastructure which allows the same government to peek into their lives.

On the one hand, we don't trust the government with the basics (physical security). On the other, we trust them with information we don't want our parents to see (facebook profiles, etc). ...strange.

Edit: When I say 'the country' I mean the people in aggregate. Obviously, some people are outraged about this issue, just as some people were outraged when a gunman killed 30 children. Techies seem to be particularly concerned about this issue but, on the whole, most people are indifferent.

2
josephagoss 1 hour ago 11 replies      
Americans might not realise this but we see the USA in the same light as China and Russia when it comes to freedoms. We might be wrong, but thats the perception myself and many other people from outside the USA see the current state of the situation.

To think anyone would feel safe in the USA is ridiculous, the USA is one of the last places anyone should seek refuge in modern times. What scares me most is the United States influence inside Australia.

3
VLM 1 hour ago 1 reply      
The real news is a rare violation of Betteridge's Law Of Headlines was spotted in today's Washington Post, a sight that shocked pundits worldwide.
4
l33tbro 1 hour ago 0 replies      
I think many countries well outside the oecd perimeter would happily grant refugee status for dissidents. The obvious example is Assange. Disgusting how the US has gone from a soft terrorist state (signature drone strikes) to a surveillence state. The national narrative of freedom and liberty has become farcicle
5
youngerdryas 1 hour ago 0 replies      
The problem is Ellsburg released evidence of government officials doing something illegal which meant he was shielded. The NSA story, which is not even fully known yet, though classified is apparently legal and has congressional as well as judicial oversight. The IRS and reporter wire taps are far more likely to take down the presidency.
6
Fuxy 58 minutes ago 2 replies      
I doubt there is a country on this planet the US government can't strike a deal with to get his ass back and into prison.

However we all have to be grateful for what he did regardless I sure it wasn't an easy decision to make.

Good luck Edward and don't make any mistakes.

7
BigBalli 7 minutes ago 0 replies      
yes, and it has been for quite some time.
8
johnnybegoode 52 minutes ago 0 replies      
short answer: YES
9
venomsnake 1 hour ago 7 replies      
There is this obscure document known as the us constitution that defines treason as

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

He is definitely not waging war on the US and is not adhering to any enemy, nor giving them aid and comfort.

Or he is aiding enemy so secret that the government even cannot tell you who it is.

2
Wuala: Dropbox alternative with servers in Europe and data encrypted locally wuala.com
185 points by greyman  4 hours ago   121 comments top 18
1
kijin 53 minutes ago 1 reply      
Seriously? Wuala is a service run by LaCie. LaCie is owned by Seagate, an American corporation. It doesn't matter where the servers are, because all the important decisions will be made in Cupertino, California.

http://www.lacie.com/us/company/news/news.htm?id=10722

Now, client-side encryption is a much more interesting aspect of their service, but is it worth the trouble if Wuala's clunky client takes 100 times longer than Dropbox to sync a file between two devices? Ditto for SpiderOak, JungleDisk, and every other backup/sync solution that I've used so far that boasts client-side encryption. And it wasn't due to Dropbox's deduplication, either. Some of them just talked lazily with the server for several minutes before they even started to upload/download any files.

2
danso 1 hour ago 2 replies      
So honest question, but how is having your data stored in Switzerland (where Wuala is based) any different than having it in the US? Or is it just the promise of local encryption that makes it safer?

Some purported info about data protection for Switzerland:

http://www.dataprotection.ch/en/disclosing-personal-data.asp

> Restrictions on disclosure

The DPA does not permit the disclosure of sensitive data or personality profiles to third parties without lawful justification. The consent of the data subject can constitute a lawful justification. Breach of this prohibition is an offence if knowledge of the sensitive data has been gathered in the course of a professional activity requiring knowledge of such data and can be punished by a fine of up to CHF 10'000.--. If the fine is not paid, it can be replaced by imprisonment for up to 3 months.

And Wuala's own policy: http://www.wuala.com/en/about/privacy

> 6. Disclosure to third parties

Basically, your data is not transmitted to third parties. However, LaCie may release personal data if the law requires it to do so or in the good-faith belief that such action is necessary to comply with any laws or respond to a court order, subpoena, or search warrant or to protect LaCie's rights and interests. Furthermore, you expressly agree that LaCie can disclose personal data to identified third parties (e.g. owners of intellectual property rights) and/or government enforcement bodies in order to enforce the General terms and conditions, particularly in case of founded indications that the laws or the rights of a user or of third parties, particularly copyrights, other industrial property rights or personal rights, have been violated , insofar as such is necessary.

3
gahahaha 2 hours ago 3 replies      
"""Do you plan to open the source code?

Currently not. Opening the source code of Wuala would consume quite some time and effort, and commitment to maintain it. If you are a software engineer and would like to see how Wuala works, feel free to apply for a job at Wuala."""

_ So.. an alternative, but not the solution we need.

4
jellicle 15 minutes ago 0 replies      
For what it's worth, what you need is:

-- a company with no connections to the United States. Ideally, it should be privately owned by a foreign individual known for strong privacy views and who has promised never to sell.

-- local encryption

-- open source ("trust but verify")

-- actually works

Wuala, from the comments here, meets only one of those four requirements.

5
maggit 2 hours ago 14 replies      
I recently tried replacing Dropbox with Wuala because of privacy concerns. I failed, and in the process realized how successful Dropbox has been in creating an awesome user experience!

I'm still looking for a locally encrypted Dropbox-alternative. So if any of you are making one, please speak up :)

(Edit) I should specify that it was the user experience that made me give up on Wuala, and any proper Dropbox alternative would need to offer at least decent user experience. Looking forward to trying the alternatives you are suggesting :)

6
znowi 1 hour ago 1 reply      
Or use BitTorrent Sync instead. I'm quite pleased with it and moved all my data off Dropbox.

http://labs.bittorrent.com/experiments/sync.html

7
adrinavarro 13 minutes ago 0 replies      
Another alternative is hubiC. It's run by OVH, perhaps one of the most "techno-geek" companies in Europe that you can find I don't see them feeding content to governments without any reason.

In fact, they opened a DC in Canada and not the U.S. and one can guess why.

8
sabret00the 2 hours ago 8 replies      
It's from Lacie, so no thank you. I bought a Lacie drive and proceeded to copy all my stuff onto it. Before I could get comfortable with it (so within the first six months of purchase) and before I backed up my stuff, the drive failed. I contacted Lacie about it and they proceeded to try and sell me a service whereby they'd recover my data for 300. That would've brought my total spend on the drive up to around 400. I begged and pleaded with them, pointed out how unsavoury such a business practice was and all to no avail. The drive has just been sitting down since with the data unrecovered. Personal memories, music, films and professional data too. I've tried to recover the data but that didn't work and I honestly feel ripped off. As a result, I've vowed to never do business with Lacie again and to warn everyone of how unscrupulous they are. Beware of Lacie and their subsidiaries.
9
Keyframe 2 hours ago 1 reply      
Company may be in Europe, servers might be in Europe, you might be in Europe. Nothing guarantees you that your data won't be routed through US where it can be tapped into. That's the primary issue for me with the whole PRISM scandal.
10
solnyshok 2 hours ago 0 replies      
I used Wuala for couple of years, when it was free and allowed earning a much larger quota by sharing own drive space to host other user's data. I used it to keep around 100GB of my personal data. Used to be good while it lasted. Encrypted, distributed, redundant. Then LaCie bought it and turned it into a Dropbox clone. Now I use AeroFS, also tried TorrentSync. Both a roughly equal. I just felt lazy changing from already running and tuned AeroFS to anything else. If you have 24x7 homeserver at home it is very hard to justify paying for storage at dropbox or skydrive or google. I built my homeserver on the latest Atom, so it is frugal (~10W) and completely silent (no fan, SSD). It's dualcore 2.1GHz and has enough grunt for simultaneous NAS, torrents, and plays 1080p mkv to the attached TV. No place for Wuala in this arrangement anymore.
11
quchen 3 hours ago 3 replies      
Sounds cool! I've been looking for a trustable Dropbox alternative so I don't have to manually encrypt the contents all the time. I'll download and try it out real q-

> Make sure Java [...] is installed.

:C

12
VuongN 39 minutes ago 0 replies      
The problem here is: the people who has data (Wuala) also determine how the files are encrypted.

No box is ever unbreakable, however, the chance of breaking it is much bigger if you have the locksmith holding on to the box.

I've talked a little bit about this in my humble blog post not too long ago about a simplistic view of security in the cloud: http://vuongnguyen.com/personal-business-cloud-security.html.

-V.

13
OnlyHave2Cores 23 minutes ago 0 replies      
There released an interesting paper regarding their key managment for multiple users, when they were a reserach project at the ETH.

Cryptree: A folder tree structure for cryptographic file systems - http://boga.googlecode.com/svn/trunk/res/Docs/wuala-cryptree...

14
iHypnos 1 hour ago 1 reply      
Hello there, Gianluca from Wuala here.

First, this is how Wuala works: You as an user place a file in the client. The file gets encrypted (including using your password and username) and then gets uploaded and split into different pieces. We are currently using AES-256 for encryption (and RSA 2048 fpr signature and key exchange when sharing a folder and SHA-256 for integrity checks). The password does NOT get transmitted and there is nothing like a master key or similar. That means in worst ever case if someone would have access to our servers somehow, they'd get a piece of encrypted data which is not readable and not decryptable (not even for us as the provider.

Secondly, some people tend to confuse security with anonymity. Wuala is secure, but how about anonymity? We have your email address, your username and we know how much storage space you have. As you see, that is not anonymous, but has nothing to do with the security of your files.

Are we planning to open source the code? Eventually yes, but as we already stated, this takes a lot of time and effort. Oh and yes, we are nice guys. Not because we're Swiss, but in general :)

15
lazyjones 2 hours ago 1 reply      
Wuala is great, but the short summary is a bit misleading. There is a real risk of government agencies forcing LaCie to push you a client update that removes encryption, in an older version of their T&C / product info, this was mentioned explicitly.
16
moystard 2 hours ago 2 replies      
Despite thorough researches and testing, I have never been able to find a good alternative to Dropbox in term of seamless synchronisation of my files, and accessibility across all the platforms I use.

To secure my data, I just use BoxCryptor. It creates an encrypted volume within my Dropbox. It is free for non commercial use.

17
gtt 2 hours ago 0 replies      
I'm not a security expert neither do I understand cryptography hence the question: I assume they are not using the original password to encrypt data. They are generating a symmetric encryption key and encrypt it with the original password, storing it along with the encrypted data on their servers. The question is how secure the encryption on symmetric key? What if it is easily brutfocable?
18
simgidacav 2 hours ago  replies      
Not to be cynic, but what prevents those guys from putting a backdoor as well? Yeah, sure, Swiss guys are good. Are they?

In the end, IMHO, the only software which can be trusted is the FOSS. From this perspective Dropbox is good: the client is open source. Of course nothing is encrypted in there.

3
Devs, please stop serving .git to the outside world pythonsweetness.tumblr.com
37 points by _wmd  59 minutes ago   9 comments top 6
1
peterjmag 7 minutes ago 0 replies      
For simple static sites, I use a workflow very similar to this one[1]. It takes a minute or two to set up, but once it's all configured, you can deploy to your heart's content without ever worrying about exposing your .git directory to the world.

[1] http://toroid.org/ams/git-website-howto

2
tytso 18 minutes ago 1 reply      
To be clear (it wasn't mentioned explicitly in the blog post), but it's obviously what the author was referring to, this is about people who are deploying web sites with static content which is being managed via git.
3
drdaeman 16 minutes ago 1 reply      
I think there's nothing wrong with this if there aren't (and weren't) any secrets directly embedded in the source code and all configuration files that contain sensitive information are (and always were) properly gitignore'd.

Tech-savvy users can even be encouraged to pull the code and send patches. :)

4
wldlyinaccurate 16 minutes ago 1 reply      
I recently discovered that I had been serving .git on my blog for a couple of years. All it took to fix was a simple rule in my Nginx config:

    # Don't expose hidden files to the web    location ~ /\. {        return 404;    }

5
alcat 14 minutes ago 0 replies      
I make it a habit to put all my public files in directory such as www/, where as .git and other non public but site-related files/directories are contained above this.
6
andyhmltn 24 minutes ago 0 replies      
This is a brilliant post. I was about to deploy a site before I read this. It's so easy just to forget that directory.
4
PRISM? Come to Israel to study our surveillance state 2jk.org
54 points by yuvadam  1 hour ago   24 comments top 8
1
Samuel_Michon 1 hour ago 2 replies      
Valid points, but I dont think its a comparable situation. Israel is constantly being attacked by people living on its own soil. Its fairer to compare US intelligence gathering in Iraq with Israels intelligence gathering within Israel. If Arizonans were to start firing dozens of rockets a day at California, the US government would be way less civil than Israel has been to the Gazans. (And they have been, remember the detainment camps for Japanese Americans?)

NB: I count 3 instances of abhor in the article, none of them used correctly. (The original Hebrew article speaks of , excited.)

2
mortov 36 minutes ago 2 replies      
Frankly the Israeli situation sounds more proportionate and reasonable than many - plus groups are challenging it in court which is always a Good Thing(tm).

If you want to see the REAL masters, look no further than the UK Regulation Of Investigative Powers Act.

That gives (for example) local garbage collectors the legal powers to obtain, say, your medical records - all they need to do is establish they are 'investigating' some garbage related offence and they have access to anything they want so by saying you have disposed of some 'unauthorized' medical waste they are allowed to obtain your medical records to see if you have a genuine medical condition justifying it. It is an offence for the medical staff to refuse or to inform you that they have been handed over.

Want to send your children to your local school ? Expect 24x7 surveillance of you and your children for 3 weeks: http://www.telegraph.co.uk/news/uknews/2248295/Second-counci... [edit: this is a different example of abuse, reply below has the correct link.]

The list is endless with over 500 different 'official' organizations entitled to mount total surveillance and the abuses of the legislation are so egregious that they read like a wild fantasy.

This is the "legal framework" which the UK PM David Cameron is assuring everyone keeps them safe from PRISM and the like.

Absolute power corrupts and this power has long ago corrupted absolutely in the UK.

[edit: originally said months and it is merely weeks, reply below has the link to the correct article. Thanks to Jabbles for pointing out the link was the wrong one.]

3
mtgx 17 minutes ago 1 reply      
Could this be the reason why you've had the same PM for so long? I mean who knows how he used that information on his competitors, or the campaign funders of the competitors.
4
einhverfr 52 minutes ago 2 replies      
The big thing about Israel is that they allow for administrative detention without trial. It's really hard to get worked up about surveillance when they don't even have to file charges to keep you in jail.
5
harel 46 minutes ago 1 reply      
There's also the security card in Israel, which is pulled by the government every time people start to get excited about something. Economy problems? Security! Privacy concerns - shut up - Security! Administrative detention - Secu... you get the picture.
6
thepumpkin1979 42 minutes ago 0 replies      
I didn't knew this about Israel, although the fact that the situation is worse in other parts of the worlds doesn't justify this level of Surveillance in US.
7
LekkoscPiwa 57 minutes ago 1 reply      
Yes, but in the US saying anything that would even remotely criticize Israel is an automatic anti-semitism case. So, don't expect too many comments.

Ah, Land of the Free!

8
tudorconstantin 44 minutes ago 0 replies      
I'd say the best places to learn about surveillance are China and North Korea.

I lived first 7 years of my life under the Romanian communism - they also could teach best practices in surveillance, since my parents were always careful what they said - in an era without too much electronics.

5
Schneier on Security: Government Secrets and the Need for Whistle-blowers schneier.com
44 points by Libertatea  1 hour ago   2 comments top 2
1
carbocation 42 minutes ago 0 replies      
This is a big, bold article worth reading in its entirety. He does not shy away from taking a very strong stance. Here is one paragraph that stood out:

"Whistle-blowing is the moral response to immoral activity by those in power. What's important here are government programs and methods, not data about individuals. I understand I am asking for people to engage in illegal and dangerous behavior. Do it carefully and do it safely, but -- and I am talking directly to you, person working on one of these secret and probably illegal programs -- do it."

2
noerps 56 minutes ago 0 replies      
Even if we are hyping or sensationalizing this topic, current behavior is a very good indicator for future behavior.
6
Apple Events - WWDC 2013 Keynote apple.com
15 points by qnk  25 minutes ago   3 comments top 2
1
soupboy 2 minutes ago 0 replies      
"Live Streaming video requires Safari 4 or later on Mac OS X v10.6 or later; Safari on iOS 4.2 or later. Streaming via Apple TV requires second- or third-generation Apple TV with software 5.0.2 or later."
2
qnk 6 minutes ago 1 reply      

  07:00  Honolulu, Hawaii  10:00  San Francisco, California  13:00  New York, New York  14:00  So Paulo, Brazil  18:00  London, England  19:00  Rome, Italy  20:00  Riyadh, Saudi Arabia  21:00  Moscow, Russia  22:30  New Delhi, India  01:00  Shanghai, China (June 11)  02:00  Tokyo, Japan (June 11)  03:00  Sydney, Australia (June 11)

7
Why we can't go back to business as usual post-PRISM stanford.edu
298 points by nullc  7 hours ago   107 comments top 9
1
b6 6 hours ago 5 replies      
I'm a peaceful person, but this issue has been simmering in my head for years, and I find myself actually looking forward to some kind of meaningful conflict. I'm sick, sick, sick to death of the president issuing denials while they keep building more and more infrastructure against humanity. I think the article is right, that it'll get worse from here, and in a way, I'm glad.
2
bayesianhorse 6 hours ago 5 replies      
For me, this incident is an example where the U.S. democracy failed, pure and simple. Obama made campaign promises to not do surveillance. He was elected and then did it anyway. It's frankly impossible now to change this issue in a democratic fashion.

From the outside it often looks as if American politicians are overly busy with a very expensive "game", rather than using the game for the greater good.

3
fpp 4 hours ago 0 replies      
Also read the reply by Aaron Greenspan in the thread:

https://mailman.stanford.edu/pipermail/liberationtech/2013-J...

4
ericHosick 7 hours ago 2 replies      
This may seem a bit off topic, but I do agree that we can't go back. So, I'm asking here.

We are building out a software development framework "from scratch" and would like to make security a core aspect of the framework.

Where would be a good place to start looking at encryption solutions? For example, would PGP be a good option?

5
Nursie 25 minutes ago 0 replies      
We can't... but we will.

Never underestimate the apathy of the general public, their faith in authority, and their general willingness to write this stuff off as 'stuff that affects someone else'.

Yeah I know, I'm a cynic.

6
raverbashing 5 hours ago 2 replies      
"Why would you use AES/RSA/etc. when the NSA employs more mathematicians than anyone else and may well have cracked them?"

Well, because of everybody else seems to be a good reason.

And one thing a bunch of good mathematicians is not better than is math. And as far as we know, they may still be good systems.

The construct of encryption systems today is so complex I think the last part they would address would be the algorithms themselves (but they certainly can factor the product of two primes in record time)

7
kriro 6 hours ago 2 replies      
I wonder if there will be a bigger outrage if companies like Salesforce and Oracle are involved. Non-US companies might be a tad alarmed if their ERP provider is cooperating with PRISM.

Since Microsoft is explicitly mentioned I wonder if the access includes their SMB-ERP stuff.

8
logn 6 hours ago 0 replies      
The innocent days of building software and having fun are probably over. Let's get our kicks before the whole shithouse goes up in flames. Then we can figure out how to teach the next generation to build software in the brave new world we'll give them.
9
whatevenisthis 7 hours ago  replies      
This whole thing is so bizarre to me. The NSA has been doing this sort of thing since at least the early 90s. Who knows, probably earlier. What exactly did people think the NSA was doing? The only difference is that, before digital cell service, it was more difficult to monitor phones conversations because the infrastructure simply didn't support it.

Everyone's all riled up over a few PowerPoint slides (which may ver well be fake). I don't get. No mainstream company or consumer has ever given two shits about encryption. You send data in plaintext and are surprised that the NSA might be reading/logging it?

The public overwhelmingly supported the PATRIOT Act back when it was passed. Black box rooms in telecom facilities were exposed what, 10 years ago? No one gave a shit.

Why do people seem to suddenly care? You can't say it's because, "We have more information," because we really don't. People suddenly care about privacy?

I do not understand what those who are outraged thought the NSA did. Honestly, how can you be so ignorant?

8
Hong Kong Baffled by Snowdens Hideout Choice - China Real Time Report - WSJ wsj.com
50 points by nir  2 hours ago   21 comments top 11
1
uvdiv 25 minutes ago 0 replies      
This is contradicted somewhat by a different source. This one says Hong Kong is a very good place to seek asylum right now, because there is a moratorium on deporting asylum-seekers:

But there is at least one reason it could be incredibly shrewd: Hong Kong's asylum system is currently stuck in a state of limbo that could allow Snowden to exploit a loophole and buy some valuable time.

Simon Young, director of the Centre for Comparative and Public Law at the University of Hong Kong, told GlobalPost that a decision delivered by Hong Kong's High Court in March of this year required the government to create a new procedure for reviewing asylum applications.

Until the government does this, he said, asylum seekers are allowed to stay in Hong Kong indefinitely.

http://www.globalpost.com/dispatch/news/regions/asia-pacific...

2
barredo 45 minutes ago 1 reply      
Maybe he was ignorant, maybe he was spot on.

Maybe his hypothetical extradition will cause a sort-of diplomatic "mess" between Beijing and Honk Kong, leaving him a limbo where neither HK nor China will grant him total asylum but wont extradite him either

3
mikegioia 51 minutes ago 0 replies      
I would guess that he's not even in Hong Kong anymore, nor at the time of his interview.
4
AhtiK 16 minutes ago 1 reply      
Isn't a luxury hotel the worst place to hide?

I'm sure there are cameras and one is easily recognized when getting out of the room.

Or is this just a 48h maneuver to clear up the political situation and then if needed move to one of the embassies in HK that is more supportive?

5
cryptokill 1 hour ago 0 replies      
This stuff proves to me that these programs have no value in stopping things that have not yet happened. Like the boston bombings and this guy, I sure there was a huge trail of evidence that didn't get identified in time to stop the actual act.
6
tomelders 23 minutes ago 1 reply      
> Hong Kong is the worst place in the world for any person to avoid extradition, with the possible exception of the United Kingdom

I'm British, and this both saddens and angers me. It's time for a change.

7
uvdiv 57 minutes ago 1 reply      
Then again, if Snowden were hypothetically spying for the PRC, Hong Kong would be the most logical place to seek protection. In this scenario the PRC would credibly protect him from the US, and European liberal democracies would not.
8
JonnieCache 15 minutes ago 0 replies      
Maybe he knows something we don't? Just a guess.
9
kombine 30 minutes ago 0 replies      
So why didn't he go to Iceland in the first place? And would Hong Kong let him out if he decides to leave right now, before the US issued any warrant?
10
kghose 44 minutes ago 1 reply      
Who is funding him?
11
joeco 23 minutes ago 0 replies      
Too many batman movies
9
obamaischeckingyouremail.tumblr.com obamaischeckingyouremail.tumblr.com
215 points by patkbriggs  4 hours ago   18 comments top 10
1
angersock 2 hours ago 0 replies      
This shouldn't be half as funny as it is. It shouldn't be funny at all.

Then again, a little bit of gallows humor is always in order when facing these things.

2
znowi 4 hours ago 0 replies      
This is one of those times when it's both funny and makes you cry
4
return0 4 hours ago 0 replies      
"Yo guys, i really like snooping on emails lately, can you bring me some more emails to read? kthxbye"

NSA: We 'll do our best Mr. President

5
logn 4 hours ago 1 reply      
Finally. Something funny. Ok, now I feel like I can get back to programming... something I've been putting off all day. The world is fubar, but it's still alright.
6
ck2 1 hour ago 0 replies      
This is disarming the seriousness of the government recording all your internet activity.

Too soon.

7
Aldipower 3 hours ago 3 replies      
Posting this link on Facebook forces me to answer a captcha, what I have never seen before at this point.Then trying to follow the link, the FB-redirect produces an Internal Server Error, so the link to the Tumblr page isn't working. Haha, 500 Code on an simple link, while other links are working.

There must be the NSA behind it! :-D

8
Ihmahr 4 hours ago 0 replies      
Just like the 'kim-jong il looking at things'! :)
9
bifrost 4 hours ago 1 reply      
Hillariously, previously submitted -> https://news.ycombinator.com/item?id=5851063

Can't say I mind seeing this multiple times :)

10
noerps 4 hours ago 0 replies      
A picture says more than 1024 words, and its funny, thanks a lot.
10
[python] Flask NSA Backdoor github.com
139 points by andyhmltn  5 hours ago   18 comments top 10
1
ck2 15 minutes ago 0 replies      
According to Snowden the NSA is very good at MITM attacks.

No parody needed to something that alarming.

And joking about it only dilutes an extremely serious concern.

2
uvdiv 5 hours ago 2 replies      
This isn't about a backdoor in NSA's Flask (SELinux). This title will be misunderstood. Add [python] or [parody] or something.
3
austengary 4 hours ago 1 reply      
Alternatively, a more popular version for Rails: https://github.com/goshakkk/nsa_panel
4
gsibble 5 hours ago 0 replies      
Looks like a fairly useful admin console actually. Time to fork it!
5
seanp2k2 2 hours ago 0 replies      
I still feel that this title is misleading, since I understood it to mean "there is a backdoor in Flask, and here is the evidence" before I clicked through.
6
leoc 2 hours ago 0 replies      
I think this is actually not as funny as the real thing. As far as I can gather, FISA 702 orders http://www.govtrack.us/congress/bills/110/hr6304/text , used to target non-resident aliens, don't require the NSA to state that "I think they are a terrorist" or give any reason or justification at all for wanting all your data to the FISC court, let alone to the website operators.
7
sigzero 1 hour ago 0 replies      
Shouldn't the NSA image say "Verizon" and not "AT&T"?
8
ryanisnan 5 hours ago 0 replies      
Little bobby tables is at it again...
9
don_draper 3 hours ago 0 replies      
Why not code it in Clojure or Lisp?
10
dplomas 3 hours ago 2 replies      
NSA Backdoor as a Service a.k.a NSA BS
11
Did Obama Just Destroy the U.S. Internet Industry? linkedin.com
415 points by lukejduncan  11 hours ago   233 comments top 3
1
zmmmmm 8 hours ago 13 replies      
One of the rather interesting side issues in this whole debate has been how casually the rights of foreigners are tossed aside as secondary to those of american citizens. There is intense debate about whether US citizens rights are being violated, but almost nobody questions whether there's any moral or ethical issue with completely unrestrained spying on everybody else.

While I understand that this is largely because the legality of the spying hinges on whether US citizens are subject to it, I still find it a rather fascinating aspect.

2
jval 9 hours ago 9 replies      
This is a huge deal. I live in Australia and I have been running businesses on the cloud for the last 3 years or so. I have rarely heard the issue of the PATRIOT Act raised and in spite of there being laws banning the transfer of personal data outside Australia, most people are quite lax about the issue and take the view that the risks are too small to be counted.

Those days are most certainly over. This stuff will affect companies like AWS and Rackspace the most, given that they are competing for contracts with companies who are seriously concerned about who can get at their data. I imagine nobody will flaunt the laws in Australia regarding international data transfers in future, and that countries where no such laws exist will enact some very quickly.

Any cloud based software company in the US which holds large amounts of data that could in any way be deemed to be sensitive is going to have a much harder time pitching to clients overseas who will increasingly opt for a decent local alternative over a foreign one should the option exist. The only thing that American companies can hope for otherwise is that there is no foreign alternative.

The world is not going to come to an end but for a lot of people, their jobs are about to get much harder and the government should be worried about this.

3
raganwald 10 hours ago  replies      
It's odd, I hear people saying, "no big deal, nothing will change." But then I wonder, if you're saying it's no big deal, are you an American or not?

The point of this pst is that foreign business will be affected, AFAICT, Europeans have always held the Internet to a stricter standard than Americans and have passed stricter laws around everything from what data can be retained to the behaviour of tracking cookies.

If you've posted a "no big deal" comment, can you please go back and tell us whether you are an American or not.

12
LocalBitcoins.com bank account frozen and unfrozen localbitcoins.blogspot.fi
26 points by miohtama  1 hour ago   2 comments top
1
jyu 31 minutes ago 1 reply      
The attacking group exploited a vulnerability in the banking system that they did not account for. Bank transfers can also be reversed in certain circumstances. To deal with these edge cases, instead of relying on other parties, I think LocalBitcoins needs to proactively add some procedures to avoid getting robbed.

I'm not a securities person, but there are a few common sense things they could change to avoid getting exploited. Their trust model seems based on total number of transactions, and not transaction volume. Just because someone successfully transacts $10 for several transactions, does not mean they should be cleared for their next $10,000 transaction. They could use rate limiting.

Ex: New account max is $100. After hitting $100 in bitcoin transactions, raise the limit to $200, etc. You'd need to look at your transaction logs to determine what the specific rate limits should be, but it's not more than a few SQL queries to figure it out.

I'm not sure if LocalBitcoins is collecting identification, or are even required to, but they might start considering it. MtGox has started requiring identification for opening new accounts. Adding this routine requires adding tech, operations, and customer service overhead.

Alternatively, LocalBitcoins could purposely keep really low amounts in their hot bitcoin wallet.

    if @transaction.amount > hot_wallet.amount {       alert operations      show pending transaction message    }
This is done at CoinBase: http://blog.coinbase.com/post/33197656699/coinbase-now-stori...

13
Response to NSA PRISM - Tools For Protecting Your Privacy Online compylr.com
18 points by andrewsass  1 hour ago   2 comments top 2
1
spindritf 38 minutes ago 0 replies      
> Internet Relay Chat (IRC) can be set up to encrypt all messages

Wouldn't SILC[1] be more appropriate than IRC? IRC can be made secure with OTR or FiSH but it's very much insecure by default.

Also, you're probably much safer with Tails[2] than with a manually configured Tor instance.

[1] http://en.wikipedia.org/wiki/SILC_%28protocol%29

[2] https://tails.boum.org/

2
nolite 41 minutes ago 0 replies      
Half of these services are run or maintained by private companies... This is fundamentally something that we can't trust.. trusting our security and privacy to an opaque organization. Any tool needs to be open source and transparent
14
Sweden warrantlessly wiretaps all Internet traffic crossing its borders wikipedia.org
193 points by Sami_Lehtinen  7 hours ago   45 comments top 15
1
belorn 1 hour ago 1 reply      
The Wikipedia article is quite focused on the discussion before the law was made into effect, and are thus missing how the focus on terrorism was changed before even a year had passed.

Before the law was voted in, political leaders and columnist promised high and low that FRA would never be used for anything other than counter terrorism. Anyone who said otherwise was a tinfoil hat, and just didn't understand the issue. The law was about preventing terrorists from killing our children and nothing more!

A little less than a year after the law was passed, and the secret police got access to the collected data. Soon after, the legislative assembly and diplomats. After that, the police wanted in and was also granted access.

Today, go to their website and they talk very little about terrorism. The focus currently is on it-threats, malware and pen-testing[1], and thus calling out how great help they are currently providing in connection with the regular police and secret-police[2]. The "mission" description sounds more like the slogan of a pen-test company than that of counter-terrorism, mostly noticeable because the word terrorism is not even mentioned most of the time, and on the list of services, the word "terrorism" is demoted to the bottom part of a bullet point list.[3]

The last attempt to expand the "goal" of FRA was when the Swedish version of IRS asked for access. I don't know if they were granted, and the media don't care much anymore.

[1]http://www.fra.se/verksamhet/informationssakerhet/regeringsu...

[2]http://www.fra.se/verksamhet/informationssakerhet/tjanster.7...

[3]http://www.fra.se/verksamhet/signalunderrattelseverksamhet.6...

* Correction *

The IRS has not asked yet for FRA data. They have asked ISP's and webhosting providers for customers data, but not from FRA. There have been speculation on where the FRA scope would go next after that the police got access, but from what I can find, nothing official.

2
sebcat 5 hours ago 2 replies      
Just want to emphasize the difference between the FRA law and what's happening in the U.S. right now: FRA (swedish agency doing SIGINT) don't need a warrant. This is all supported by law.

"Nothing to hide" dominated the pro-debate for this. Only populist representatives like Fredrick Federley and Annie Lf voiced their discontent with the proposed changes in law, and they happily agreed to it while some minor things where changed. Common people just didn't care. Still don't.

3
effn 5 hours ago 2 replies      
It's worth noting that Facebook's European datacenter is in Sweden so a large part of Facebook traffic passes Swedish borders.
4
tommis 7 hours ago 3 replies      
This is actually old news, but what is interesting is that recently Finlands gov. approved plans to layout new cable to the sea, so that internet traffic can be routed from Finland to Germany, bypassing Sweden all together...

http://yle.fi/uutiset/suomi_haluaa_oman_tietoliikennereitin_...

Picture from the article shows how the connection towards Europe/US goes trough Germany and the connections towards Asia will be directed trough nothern part of Finland, trough Norway - instead of Sweden:

http://yle.fi/uutiset/kotimaa/article6559090.ece/ALTERNATES/...

5
m_eiman 7 hours ago 1 reply      
It's widely known and acknowledged that the information gathered this way is used not only by Swedish agencies, but also traded with foreign agencies in exchange for information gathered in whatever way is possible to them. In effect it means that communication that crosses any border is likely collected, analyzed and available to all western intelligence agencies. Good luck trying to hide.
6
znowi 5 hours ago 0 replies      
Well, this is getting really grim. There seems to be no safe place left.

Although, this is to be expected. The US is a common trend-maker and the world is looking up to them. Of course who can sit this one out when the US itself is at full speed spearheading it. And very likely gently forcing to abide.

We're all at fault in what is happening.

7
NicoJuicy 4 hours ago 1 reply      
Sweden used to be the most open country for internet access.

Since America threatened it with economic sanctions (because of the piratebay, sweden was sued by America and their entertainment industry), Sweden has changed a lot.

A pitty America has to threaten every other country in the world... :-) .

8
plainhold 35 minutes ago 0 replies      
What should be noted is that before Sweden gave FRA authority to increase it's surveillance the swedish public was well awere of what was happening. There was a public debate, the adversaries would say it was only for the curtains, but the people still had a chance to rally up against it before the legislatures reached their decision. But the public majority didnt care that much.
9
venomsnake 3 hours ago 0 replies      
That is not such a big problem. When a government does something like that in the open you can use appropriate protection if you feel you need it. There is not information asymmetry. You just remove all sweden related certificates from the CA bundle and use VPN to other country.

If tomorrow the US says openly - we collect all data you send to Apple,Facebook,Google and Yahoo although stupid you can use or not them depending on how you feel about it.

10
jonke 6 hours ago 1 reply      
overall moral: even if your own country don't collected your internet traffic, always assume that another country does.
11
mercurial 4 hours ago 0 replies      
It's reassuring to see how "terrorism" is still the magic word to pass all manners of freedom-trampling laws.
12
Legogris 3 hours ago 0 replies      
Not that it gives Sweden any real excuse here, but I believe most countries do SIGINT at least on a level comparable to that enabled by the FRA law already. That we did already have a law disabling the government to do so legally was mostly percieved as an inconvenience that had to be "fixed".The real issue here should not be the miltary SIGINT that is performed today, but what will happen years from now when these possibilities might be used for gradually varying purposes.
13
Murk 4 hours ago 0 replies      
I expect most countries either monitor traffic endpoints or capture data. I know the one one in which I live does.
14
parski 5 hours ago 1 reply      
I'm fine with traffic going in and out being tappable. As long as they have good reason I have trust in the FRA.
15
sandstrom 6 hours ago 3 replies      
I think the Swedish wiretapping is wrong and that the law should be torn up.

That said, in practice it's less intrusive than the recently revealed US wiretapping-programs. Since more or less all software encrypt their traffic, the FRA-wiretapping is pretty useless.

15
Why is elliptic curve cryptography not widely used, compared to RSA? stackexchange.com
53 points by ColinWright  3 hours ago   9 comments top 5
1
onedognight 2 hours ago 0 replies      
RedHat/Fedora[1] do not enable elliptic curves in their openssl for "legal" reasons.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=319901

2
VLM 1 hour ago 2 replies      
I thought the most interesting thing in the stack overflow was the complete lack of systems analysis.

99% of people who need encryption already have it, and they probably use RSA or at least a non-EC system. So almost by definition you're talking about converting an entire system, not just linking in a new library or CSS file...

The question is really, "Why aren't people replacing their entire SSL cert system and all their SSH shared keys just for fun?". Or maybe "Why is gradual generational turnover rate in security systems so slow?". Combining the two questions is strangely reminiscent of why does it take forever to roll out ipv6 and sunset ipv4?

Its possible for new stuff I'd evaluate the field and possibly an E.C. tech might win. But if turnover is perhaps 1% annually, its going to take a century unless theres a "crisis" or major revolutionary kick to the system.

3
S4M 2 hours ago 2 replies      
Wow, I always thought that elliptic curves were an algorithm to break cryptography like RSA.If I remember well, RSA is based on the fact that Z/pZ is a group when p is prime (for those who don't know, it's about taking the addition and multiplications for the numbers in [0..p-1] and taking the result modulo p), and elliptic curves offer a more generic framework for that...
4
shin_lao 1 hour ago 0 replies      
And there's also the thing that many EC parameters are patented.
5
noerps 1 hour ago 0 replies      
Since RSA patents expired, it's available, easier to comprehend and good enough until 2020 when the ECC patents expire.
16
Google Says It Can Predict Which Films Will Be Huge Box-Office Hits businessinsider.com
12 points by givan  53 minutes ago   5 comments top 4
1
smackfu 0 minutes ago 0 replies      
This is essentially just Google using their search data to replace the tracking polls that movie studios do already.
2
ambiate 3 minutes ago 0 replies      
IBM has made a similar claim using Twitter's Firehose and natural language processing to determine a general overview of people's feelings towards a film. The solution was to tell the film advertisers to toss out more engaging trailers. It all seemed somewhat odd. Pay IBM tons of bucks just to be told you should probably make more trailers (which would most likely fail too.)
3
evolve2k 3 minutes ago 0 replies      
This is a resubmission of this: https://news.ycombinator.com/item?id=5838570
4
smountcastle 17 minutes ago 1 reply      
Based on this, why aren't movie studios creating trailers based on minimal treatments, releasing them with dates a year or two in the future and then only creating the movie if the data shows that it'd be a blockbuster? Basically Lean development for movies.

Granted, I think we'd miss out on potentially great movies, but it seems like a way for the studios to further reduce their risk, so I think they'd be all over this. Perhaps they're already doing it and I'm just unaware.

17
The most incredible thing you'll watch today is this video of sand io9.com
24 points by vilda  1 hour ago   3 comments top 3
1
Jabbles 9 minutes ago 0 replies      
It is interesting, but it's a standard way of demonstrating normal modes, or the applications of eigenvectors. I would think most physics and engineering undergraduates have studied this.

That's not to say you shouldn't watch it, but just to put it in perspective - this is a topic studied in the 1st/2nd year of university, not a poorly-understood topic for research.

https://en.wikipedia.org/wiki/Normal_mode

2
joeblau 13 minutes ago 0 replies      
They have this at the Exploratorium! Definitely cool to play with.
3
TheRubyist 18 minutes ago 0 replies      
No.
18
India copies the US: To setup a national cyber snooping agency thehindu.com
34 points by shared4you  2 hours ago   4 comments top 3
1
angersock 1 hour ago 0 replies      
Out of a sort of morbid curiosity...

...whom would the presumed civilian contractors on this outsource to?

2
camus 52 minutes ago 0 replies      
Well isnt USA the "beacon of democracy on earth"? so let's make sure every nation takes exemple on USA,in every way.
3
aangjie 2 hours ago 1 reply      
Indian Government is not known for strong IT security on it's servers. I have a strong suspicion, this data would be brought out very easily.
19
22 American nuclear bombs are stored in The Netherlands dutchnews.nl
69 points by dutchbrit  4 hours ago   42 comments top 12
1
digitalengineer 3 hours ago 1 reply      
Silly bombs. Not like the Russians invade our Dutch (European) air space every other month or so... Oh, wait they do! Russian nuclear bombers (TU-95) do in fact invade our airspace on a regular basis. I can hear the F-16 Quick Reaction Force scramble every now and then.

http://www.defensie.nl/actueel/nieuws/2013/03/21/46204057/f_...

2
bobsy 1 hour ago 3 replies      
On the topic of nukes. What is the point of them...

Conventional warfare.. you cannot send in nukes before your troops to soften up the enemy. Assuming you lose an invasion you cannot send them in after you pull your troops out.

You cannot use them for precision strikes.

You cannot use them over your own country should it get invaded.

Apparently they are a deterrent from getting nuked yourself. Are they though? Nukes blow up civilians. Civilians do not press the big red button. Crack pot lunatics do from some deep underground bunker. Would you really launch a counter-strike killing potentially millions of civilians. I wouldn't. You don't answer genocide with genocide.

The only use I can see is a small tactical nuke which could be used to blow up an enemy fleet at sea. Even then, launching the nuke in way that it wouldn't get intercepted I guess would be difficult. The implications for such a use would also be pretty profound.

In the UK the Government want to / will renew trident. The UK nuke system. I don't really understand why. The cost is in the billions. The weapon is unsafe, as well as expensive to protect and maintain.

I don't know what the current state of the UN is right now is but it seems to me a better solution would be to give the UN 50 nukes or whatever. The UN then becomes the deterrent. Pass a resolution. 'Those who use Nuclear weapons will be counter-nuked.' Other nations can then give them up.

The only danger with nukes is that only one country has them. They can then threaten others 'Do as I say or be obliterated.' Realistically though so many countries know how to make nukes I can't imagine it would take too long to rearm in this scenario.

3
VLM 1 hour ago 1 reply      
I'm confused, probably intentionally, about who owns what where (merely the basic task of journalism)

What I do know is there's a report of some bombs at Volkel field. And the US Air Force 52nd fighter wing has a MUNSS unit based on that field. So if the MUNSS isn't hovering over bombs like a hen hatching its eggs, what exactly are they doing?

It would be extremely interesting to see the terms of the lease. For example my swinging bachelor pad lease specifically contained a "no dogs" clause so in a similar way, what if any written rules they have about B61s and the like. If the lease permits it, it doesn't seem to be much of a story. If the lease specifically bans them, then the question is will the landlord kick them out and/or keep the security deposit?

4
dirktheman 23 minutes ago 0 replies      
Oh please. It's common knowledge these things have been stored here, as well as other parts of the world. They're cold war relics, stored near the borders of the former cold war countries.

I mean, they had a complete air base (Soesterberg) here in the Netherlands, which was actually part of US territory. Complete with border crossings! They left the base in 2008, it makes for a pretty good museum about aviation history now.

5
runarb 25 minutes ago 1 reply      
> Experts told the Telegraaf the bombs are B61 nuclear weapons and up to four

> times as powerful as the bombs used on Hiroshima and Nagasaki during World War II.

Som expert. The Hiroshima bomb was 16 kilotons and Nagasaki was 21 kilotons. The B61 on the other hand is up to 340 kilotons, or up to 21 times as powerful as the Hiroshima bomb.

Why can't journalist newer understand that the Hiroshima and Nagasaki bombs was relatively small compared to the thermonuclear weapons we have today.

6
dm2 1 hour ago 0 replies      
There are also hundreds of nuclear missiles and thousands of nuclear warheads stored in the oceans all around the world.

http://en.wikipedia.org/wiki/Submarine-launched_ballistic_mi...

http://en.wikipedia.org/wiki/Trident_missile

This part is VERY interesting http://en.wikipedia.org/wiki/Trident_missile#Conventional_Tr...

http://en.wikipedia.org/wiki/Nuclear_weapons_and_the_United_...

Wow, in 1967 the US had 31,000 nuclear warheads.

7
Samuel_Michon 1 hour ago 0 replies      
I dont think the title is accurate. Former prime minister Ruud Lubbers told National Geographic that nuclear bombs were stored at Volkel Air Base in the past. However, he said that only parts of those bombs are still present at the site. Also, theyre decades old, so fairly outdated. Because of their limited purpose, Lubbers said the remaining parts should be done away with.

http://translate.google.com/translate?sl=auto&tl=en&js=n&pre...

8
Mvandenbergh 3 hours ago 2 replies      
Not really a surprise, given the role of nuclear deterrence in NATO strategy.
9
config_yml 3 hours ago 3 replies      
I think this is part of NATO weapons sharing. Italy and Germany (and possibly other NATO states) store them as well.
11
pr0filer__ 3 hours ago 0 replies      
I would have been startled if they didn't keep any. Also Dutch/NL here.
12
switch33 4 hours ago 1 reply      
Less liability if the blow up prematurely on site. lol?
20
I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum forbes.com
336 points by llambda  12 hours ago   35 comments top 9
1
lawnchair_larry 10 hours ago 1 reply      
Birgitta Jonsdottir, member of parliament in Iceland and the woman extending this offer (edit: she doesn't have authority to offer asylum, so reaching out to offer assistance is more accurate), was previously the subject of these secret orders, which were served on all of the major tech companies. The only reason she knows is because Twitter actually challenged the gag order and managed to get it unsealed (MAJOR respect to twitter, they deserve credit for this), which is the only time that has happened. Several others who were supporters of Wikileaks had these served as well.

"The information demanded by the DOJ is sweeping in scope. It includes all mailing addresses and billing information known for the user, all connection records and session times, all IP addresses used to access Twitter, all known email accounts, as well as the "means and source of payment," including banking records and credit cards. It seeks all of that information for the period beginning November 1, 2009, through the present"

This is why the "protecting the country from terrorists" rhetoric is bullshit and should be ignored. They'll sweep up anything from anyone who has any success in opposing or embarrassing them. That's why this cannot be allowed to happen in secret. Once they have your entire life, it doesn't matter who you are, they'll find something. If not, they'll harass you for years.

While only five people were individually named, according to lawyer Mark Stephens the order effectively entailed the collection in relation to criminal prosecution of the personal identifying information of over six hundred thousand Twitter users, namely those who were "followers" of WikiLeaks.

They claim this type of activity is only for specific, targeted individuals, but apparently to them, that means things like "anyone following @wikileaks on twitter".

2
ck2 10 hours ago 2 replies      
The problem is people always screw up and a decade later they think it's okay to visit the US for a conference or something and don't realize they will never see the light of day again once they step into that airport.

Or some country wants a political favor from the current US president so they turn him over.

Very brave dude but his life is just about as over as Bradley Manning.

3
beggi 7 hours ago 1 reply      
FYI: Birgitta is in a minority opposition party (The Icelandic pirate party) with 3 representatives out of 63. Given the ruling government's track record, both regarding refugees seeking asylum as well as a strong will to have good relations with the U.S., I find it highly unlikely he will be given asylum in Iceland. Now, Bobby Fischer was given an asylum in Iceland in 2006 in a unanimous parliament vote - but that was without great objections from the U.S. This is (obviously) a completely different thing.
4
untog 10 hours ago 6 replies      
Slightly off-topic question, but why did he not just go to Iceland in the first place? Hong Kong does not seem like the best destination here.
5
znowi 5 hours ago 0 replies      
This is very nice of Jonsdottir, but given the current conservative government in Iceland, I doubt it is a safe place for Snowden.

In fact, given how widespread the American influence is, I can't think of a safe country for him. Apart from Ecuadorian embassy-like hideouts.

6
ekr 4 hours ago 0 replies      
On an unrelated note, there's this petition on the White House website, in need of signatures : https://petitions.whitehouse.gov/petition/pardon-edward-snow...
7
pvnick 11 hours ago 1 reply      
The memo claims they're trying to reach out to Snowden to verify his intentions to seek asylum. I wonder how they do that?
8
jlgreco 10 hours ago 0 replies      
I don't even care if she straight up runs a "gay conversion therapy" business if she does the right thing in this situation. I cannot object to a bad politician doing the right thing (though of course that does not mean I would vote for them).
9
tagabek 8 hours ago 0 replies      
Mildly off topic question: How common are asylum applications submitted? How often are they accepted?
21
Playing notes with the Web Audio API: Polyphonic Synthesis chrislowis.co.uk
10 points by chrislo  55 minutes ago   1 comment top
1
luxpir 44 minutes ago 0 replies      
That was very interesting - thanks for sharing. Browser-based DAW, here we come?
22
Why didn't tech company leaders blow the whistle? stanford.edu
427 points by ot  13 hours ago   65 comments top 15
1
magicalist 12 hours ago 5 replies      
Blow the whistle on what? The problem with the "conversation" going on in these threads is that no one is defining that first.

If we're talking about the first leaked version of PRISM, we still don't even know if it exists or how it works. Subsequent revisions have made it seem that if the NSA doesn't have the immediate ability to query the companies' backends, then they have some kind of carte blanche ability to ask for data and immediately receive it. If either of these are true, then certainly, where are the whistleblowers? If not, and there's a very real chance that neither of these are true, then the question doesn't make sense.

If instead we're talking about FISA orders, there's nothing secret to blow the whistle on. Everyone knew what they would allow. Congress was briefed on what they actually have allowed. The EFF has been in court for years (7 and 5 on different cases) to try to just figure out if their clients have standing to sue over FISA. Many of the companies on that PRISM list now have transparency reports that tell you exactly how they disclose data and provide numbers for requests (other than FISA, which you're not allowed to do). There's been tech blog coverage for years by sites like Ars Technica that discuss everything from the flawed ECPA to the attempts by the Obama administration to use national security as a guise to subvert all attempts to find out what these intelligence programs even do, let alone who they do them to. So, what did you expect them to blow a whistle on?

For instance, Google and Microsoft are both now reporting ranges of the NSLs they receive; in effect, a kind of whistleblowing, albeit a legal and vetted one. NSLs are very much like FISA orders, in that they contain gag orders and have minimal oversight (and no public oversight) for their approval. Where's the indignation and action over those?

If we're going for hindsight here, the real question is where the hell were the major news outlets and where the hell were the American people? Or why has Congress been willing to approve this program on multiple occasions? Assuming incompetence in all three of those groups, the usual response to those questions, is not an acceptable answer.

If instead we're actually looking to the future, we need to ask how we're going to hold the Obama administration and Congress's feet to the fire to make sure that this ends, and that any real search beyond basic information (in a very narrow scope!) requires probable cause demonstrated before a judge, and that notification of a warrant can't be gag-ordered and withheld indefinitely.

2
dylangs1030 12 hours ago 1 reply      
There are several valid reasons why they didn't blow the whistle:

1. As the NYTimes article leaks[1], the leaders of these tech companies may not actually know the extent of FISA and PRISM within their servers - employees cooperating with the NSA would be forbidden from sharing this even with the CEOs.

2. What are they blowing the whistle on? There are a flurry of competing facts and fragmented stories. It came out afterwards that the NSA may not actually have as incredible access as they originally claimed. All they had to go on was the original Guardian article, which merely states "direct access" - everything else is, as the CEOs stated, covered under FISA laws.

3. Speaking of FISA laws, it's a violation of national security to even acknowledge the existence of FISA requests. PRISM is justified through section 702 of FISA. They wouldn't risk treason. This is reasonable. Are you on such a high horse as to say you would do differently?

[1]: http://www.nytimes.com/2013/06/08/technology/tech-companies-...

3
betterunix 13 hours ago 2 replies      
In all likelihood, because they need the government to work with them. Google, Facebook, Microsoft -- all companies that must deal with regulations and shareholders who care more about profits than morals. The last thing any of them need is for the government to retaliate with stricter enforcement of those regulations, which might hurt their profits. The FBI's latest push for backdoors sends these companies a clear message: standing up to the government is bad for business.

Or, if we want to be optimistic, maybe they had no idea what their companies were participating in. Maybe the NSA people they met with were lying about their plans or purposes. It is a classified system, so maybe they felt compelled to leave out details that would otherwise have had the CEOs fighting back.

4
hga 13 hours ago 0 replies      
"In this case a corrupt federal prosecutor (is there anyother kind?)...."

According to superstar trial lawyer Gerry Spence (http://en.wikipedia.org/wiki/Gerry_Spence), as of when he wrote his book on Ruby Ridge, in an aside WRT serious prosecutor misconduct in that case, he has never tried a case against a Federal prosecutor in which there wasn't egregious misconduct. Come to think of it, his skill in finding that probably helps his near perfect success rate, and especially his signature tactic of resting without presenting a defense.

5
scythe 9 hours ago 4 replies      
It might be wishful thinking, but part of me wonders if Steve Jobs might have actually been able to push back a little and prevented Apple from joining the program at the same time as Microsoft/Google et al. Apple isn't known for being outspoken about privacy, but Jobs is a formidable character to deal with and, well, if anyone had the balls to say 'no', he did.

Apple wasn't added until after Jobs died, years after other major players:

http://en.wikipedia.org/wiki/File:Prism_slide_5.jpg

6
rdl 12 hours ago 1 reply      
It's simple. Verizon, Qwest, etc. are not tech companies. They are telecommunications carriers, regulated utilities, who are close to an extension of the government.

The implausible part of the worst PRISM allegations was that Google/Facebook/etc. behaved like that, but telcos have acted as extensions of spy agencies for as long as they've been around -- back to the "Black Chambers".

7
known_unknowns 12 hours ago 0 replies      
Everyone here seems to be assuming that tech company leaders actually knew the whole picture, but that isn't necessarily the case.

Think about it: Let's say you're the CEO of any of these companies. If someone from the NSA or the FBI serves a top secret FISA order on some poor SRE in your datacenter, do you even qualify as one of "those persons to whom disclosure is necessary to comply with such Order", or an attorney?

Now, maybe your General Counsel knows what's going on, or maybe the knowledge is scattered throughout your legal team. Your lawyers, who are supposed to be representing your interests, are now bound to keep these secrets from you, and possibly even from each other. This is something that affects millions of people, and you can't do anything to fight it, because you aren't necessarily allowed to know what's going on in your own company. The only sign might be that a few previously-happy key employees suddenly seem stressed and quit for no apparent reason.

Freedom of speech is such a basic assumption in our society that we struggle to understand the full implications of what can happen when it's taken away.

8
yekko 12 hours ago 0 replies      
Because they didn't get rich blowing whistles, or by biting the hand that feeds them.
9
dm2 9 hours ago 0 replies      
Because treason and national security are taken very seriously.

It's well known that there is a "secret" interpretation of the PATRIOT Act and FISA revisions that basically allow unlimited loopholes for accessing any data. Going up against what is arguably the most powerful organization in the world and the most powerful government in the world, while you have a nice cushy tech job, would be dumb.

Besides that, not many engineers employees for private companies have a firm grasp on all of the details of the law. How many people can say for certainty that it is even illegal for the NSA to do broad data-mining of US citizens?

10
paul_f 1 hour ago 0 replies      
This is a difficult thing to wrap your head around. My assumption is that the vast majority of people haven't formed an opinion yet. And many others don't have a problem with what the NSA is doing.
11
zzbzq 12 hours ago 1 reply      
For the post linked in the headline, those seem like shocking accusations, but the kind I'm now accustomed to taking with a grain of salt. It seems perfectly plausible that the guy legitimately deserves a 6 year sentence for reasons unrelated to any of this.

As for the subject/headline, which I'm not sure is related to the particular post linked, it seems pretty simple. Tech companies would probably see PRISM with much more perspective than the internet's knee-jerk reaction. After all, these are companies who have that information at their finger tips 24/7, who can invade all kinds of privacy without any oversight or checks and balances and nobody would even know to get outraged. The media companies, particularly Google, are companies that regularly collect and profile that information anyway for the expressed purpose of profiling people in order to maximize their ability to manipulate the public. As far as tech leaders are concerned, the NSA is the first party to suggest doing something non-evil or selfish with all that data.

So for things like listening to phone conversations, there's still an argument and some outrage to be had. But I think for a lot of the companies, the leaders would have to sooner blow the whistle on themselves than the NSA. The whistle blowing would have to come from where it apparently did--an ideologue who has a fetish-ized view of the public sector as something evil and invasive even as the private sector pours over all the same information unimpeded for selfish ends.

12
pvdm 12 hours ago 0 replies      
"Do no evil" but do something much worst.
13
mmastrac 11 hours ago 0 replies      
?
14
helloamar 12 hours ago 0 replies      
Everyone falls for the MONEY
15
Grovara123 12 hours ago 0 replies      
This article is crap - Joseph P. Nacchio is serving 6 years for Insider Trading.
23
11 Non-Scientific Reasons To Do A PhD In The Netherlands nextscientist.com
10 points by jaap_w  1 hour ago   discuss
24
Obama's NSA Defense: Congress Can Raise Objections It Can't Actually Raise theatlanticwire.com
105 points by known_unknowns  7 hours ago   20 comments top 8
1
DanielBMarkham 36 minutes ago 0 replies      
I have no problem with politicians, well, being politicians. Spin me, bullshit me, tell me the sky is green and the grass is blue. This is all in a day's work for those guys.

But Obama is crossing a line here. Yes, Congress in the aggregate could do a hell of a lot of things, but not in some generic sense. It's not like one of them could go out and start making press releases.

Intelligence committee members and their staff are the only folks that are supposed to know about intelligence matters. Not "every member of Congress". And they are thoroughly briefed NOT to disclose any information that comes their way. In fact, there are clear penalties for doing so. Releasing unauthorized data is a felony, and felons go to jail, Congressman or not. (And no, Article 1, Section 6 specifically does not cover felonies)

Even then, the intelligence community doesn't brief the intelligence committees on everything -- they've found out from painful experience that somehow or another anything really juicy they tell them always gets out. So with some of this stuff, the only people that were briefed were the majority/minority leaders and the chairmen of the committees. Not "every member of Congress" Not even the people supposedly overseeing intelligence matters.

I think it's one thing to go about bullshitting when it comes to public policy, or any other thing the nation does. But when the government purposely keeps secrets from us, they take on the responsibility to at least honestly explain to us how the system works so that we can address the problem. Not continue to spin us as if this were just some proposed employment law or something. You can't keep it secret and then also lie to us about what we need to do to fix it. For Congress to again be a player here, it would need to pass some major legislation -- and the president would need to sign it. Let's with what that legislation would look like, which the president would be the best person to say (since the executive branch knows all the secrets anyway), and go from there. I'm happy to call up my Congressguy and give him hell -- but not in order to be some kind of pawn in a PR war about whom to blame.

2
bo1024 6 hours ago 0 replies      
"They don't have to show us Catch-22," the old woman answered. "The law says they don't have to."

"What law says they don't have to?"

"Catch-22."

3
wycats 6 hours ago 2 replies      
Article 1, Section 6: "They shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses, and in going to and returning from the same; and for any Speech or Debate in either House, they shall not be questioned in any other Place"
4
jmadsen 7 hours ago 1 reply      
This.

Was a point I raised here just yesterday - glad to see I was on the mark.

This is why we are now in an Orwellian state, rather that one with necessary secrecy but checks and balances.

When Congress can say, "We are reviewing National Security measures to be sure they comply with the law & Constitution, but we can't go into details" - that's the latter.

When Congress is under threat of penalty for even saying that we HAVE National Security measures, that is Orwellian.

5
ck2 5 hours ago 0 replies      
Congress would have rubberstamped "defense paranoia" anyway, doesn't matter.

What I am curious about is the next presidential race and what the candidates are going to promise, because Obama basically played a huge word game.

He said he was against illegal spying on the country, so what he did was just make it legal to spy on the country instead of stopping spying on the country! I mean come on, that's bullsh*t.

6
pfortuny 6 hours ago 1 reply      
Remember: the great excuse is that the US is at war (albeit not against a country, but "terrorism".) Hence, treason comes very much into place here.

Handling intel to "the enemy"...

7
venomsnake 5 hours ago 0 replies      
Maybe lawmakes should have immunity about the things they say while in office. This way the executive branch will have to ask for silence instead of demanding it. And they will be free to leak something that is outrageous.
8
ccarter84 7 hours ago 0 replies      
POTUS v leakers & press.

Infants in Congress.

Finally have legit gripes

25
Create Something Every Day medium.com
21 points by ntlk  2 hours ago   1 comment top
1
_glass 57 minutes ago 0 replies      
I can very much relate to this text as I also studied CS as a save choice and rebooted my creativity after the time-consuming beginnings, which is quite hard, because I noticed in the SAP sector creativity is rare.

But I'd like to add something to the mantra: Creativity should be not measured by pure outcome. One should be more observant of one's own ability of interaction and choice. When I try to simply produce something everyday, I see myself restricted to the easy, the obvious choice, and I am oh so curious in pushing something to the net, and be happy. But if I take care to paint, maybe not everyday, maybe sometimes the whole day, the outcome has much more to say than just an objectified output of a basic human condition, namely to create art.

26
The secret of Costcos success revealed (hint: no MBAs need apply) washingtonmonthly.com
73 points by chrismealy  6 hours ago   30 comments top 15
1
yummyfajitas 1 hour ago 3 replies      
Yeah, the secret of Costco is that they don't hire MBAs.

If you actually want to go learn Costco's "secrets" of their basic business model, inventory management and staffing, go read Megan Mcardle's article comparing them to walmart:

http://www.thedailybeast.com/articles/2012/11/26/why-can-t-w...

Sadly, the "secret" of $SUCCESSFUL_COMPANY is almost always far more boring than we'd like. I really wish there was a news source that would actually write articles like this which discuss staffing levels, supply chain management and the like.

2
salimmadjd 5 hours ago 0 replies      
My first real start-up job was at the end of 1999 and start of 2000. The company was founded by a few Ivy League MBAs and they hired a bunch more. I found them intimidating a bit and they made sure the relationship stayed that way.

We had a lot of meetings with a lot of SATish words thrown back and forth. We had meetings about how to have meetings and on and on...

Fast forward the Internet bubble burst, we were ruining out of cash fast and had to downsize. One-by-one the MBAs left and we got more creative, more nimble. I went from a snobed -out engineer (it had a non-leadership connotation at that place) to running engineering and then the product team. We sold the company (not a huge exit but everyone got something) and stayed a year until got fed-up with the labyrinth of our parent company (ran with bunch of sales and MBAs).

Here's what I learned from my experience. Many MBAs make good consultants. They can analyze and write a report for you. They're mostly not creative nor can creat anything (or they'd be doing that instead of spending $100,000 in school ). Because they can't creat anything, they have to show their value. Which means a lot of analysis, meetings and meetings about meetings. Resulting in slowdown, reduced innovation and increase in politics.

3
jedc 4 hours ago 0 replies      
Obligatory post to what I consider the best framing of MBAs: "It's fine to get an MBA but don't BE an MBA" by Hunter Walk.

http://www.hunterwalk.com/2011/12/its-fine-to-get-mba-but-do...

4
jmduke 28 minutes ago 0 replies      
Show HN: Look, I found an article that disparages MBAs!
5
mattdeboard 1 hour ago 1 reply      
You know what Costco really needs? A fucking engineer to design a milk jug that is efficiently stored in bulk and doesn't spill milk all over the damn place when I'm trying to make oatmeal.

Source: I Just spilled half the jug all over the damn place.

6
einhverfr 3 hours ago 2 replies      
One of the obvious benefits to promoting floor workers which is not covered in the article is that the former floor workers know the work realities. One of the biggest sins of hiring MBA's for management is that they don't know the floor realities and therefore they get an analytical view of the business which is simplified in the wrong ways.

One solution might be to hire MBA's as floor workers for a minimum of a year before promoting them to management. However, with student loans being what they are, that is not feasible today.

7
sethammons 13 minutes ago 0 replies      
I'm not informed on customer demographic differences between Costco and Walmart, but I'd think that a poor economy will disproportionately affect Walmart due to economically disadvantaged people won't be shopping at Costco in the first place and they tend to be the ones hurt the most in economic downturns. So "better" customers could be leading to better financials on the part of Costco, not just some anti MBA culture that resonates with the HN crowd.
8
cicloid 5 hours ago 0 replies      
Even in Mexico, there is a stark contrast between the feeling in the stores and employees treatment from a Costco vs Sam's Club. Also the quality of products sold is very noticeable
9
eli_gottlieb 1 hour ago 1 reply      
Actually, if I had to guess, I'd say it's domain expertise. A lack of MBAs is good, because MBAs turn your company away from getting good at what it actually does/sells and towards generic "being a good company" stuff.
10
sergiosgc 4 hours ago 1 reply      
An MBA is a powerful tool. It gives you an analytical view on business, coupled with at least introductory understanding of the full range of business activities.

However, as with many things in life, a little knowledge is more dangerous than no knowledge. Couple little knowledge with the feeling of self entitlement and you get a recipe for disaster.

My main message: Don't go discarding all MBAs just yet. Many are excellent people and magnificent professionals.

11
davidw 4 hours ago 1 reply      
Interesting; Sol Price is mentioned in quite positive terms in this book (at least up to the point where I've read): http://www.amazon.com/dp/B008ZPG704/?tag=dedasys-20 - Sam Walton's autobiography.
12
victorology 4 hours ago 1 reply      
I don't think it's that Costco has a problem with MBA's. I think if you get on the management track at the company, they will sponsor you through business school.

"Costco does not hire business school graduatesthanks to another idiosyncrasy meant to preserve its distinct company culture. It cultivates employees who work the floor in its warehouses and sponsors them through graduate school."

It seems like they just want people with experience working at its warehouses so they can get a perspective on how the day to day business operates.

13
kfk 2 hours ago 1 reply      
There are 25 theories because each one works on a different set of assumptions. As economists can't work with lab experiments, they have to go with lots assumptions using complicated statistical tools.

They can't ask businesses because if you go that deep you can't abstract away any useful info. You will get very detailed stuff that nobody will care about. Most of the times people want a petty theory that can be summarized in 10 words (read all the keynesian BS on this).

As for the MBA's. Start ups are picky, very picky. They want you to have a github profile, to have a phd, to be a god in what you do. This is mainly resource driven, but that's the fact. Thus, don't come telling me that start up culture is closer to workers because I will call 100 times BS on this. I have never seen a start up giving chances to somebody that does not have god skills, or somebody with a profile that does not involve years of coding or CS. On the other hand, my company took me straight from business school and is giving me the chance to grow from almost nothing (as I did not study finance).

Let's not generalize.

14
codeonfire 3 hours ago 1 reply      
I highly doubt anyone is trying to earn an MBA because they can't wait to get into retail ops and work in a warehouse.
15
seivan 2 hours ago 0 replies      
Love this. I have nothing but utter hate for MBA's.
27
Rewarding Edward Snowden's Courage crowdtilt.com
246 points by jjb123  12 hours ago   102 comments top 20
1
DanielBMarkham 11 hours ago 5 replies      
I am a patriot, a former service member, and I love my country. As much as I love talking about politics, I have never taken an active protest role in my life. I'm middle-aged, completly non-violent, and I live in a rural area. I am literally the last person in the world you would expect of being a political activist.

Hell, I'm even in favor of some SIGINT, as long as we are talking simple node-to-node analysis. But that's not what happened. What happened was a vaccum cleaner. They're sucking up every piece of meta-data they can get their hands on. And it's not because of some cost-benefit equation that the public was shown. It's simply because they can.

As a patriot, I feel that the only patriotic thing to do for all other patriots is to come out, rally and support Snowden. The government has stepped over the line here, and we all need to clearly let them know that this needs to be fixed.

And no, this case is not the same as Manning. Snowden saw one thing that he was willing to take the penalty for. He released data on one thing. Now, as the natural legislative body of the state, the people can make a choice whether to support him or not based on this one issue. I can support that kind of behavior. Manning betrayed his country by releasing everything he could get his hands on. He is truly an enemy of the system itself. Different thing entirely.

2
u2328 11 hours ago 2 replies      
Snowden clearly indicated that he did not want this controversy to become about him, and he indicated that he only came out to vindicate the Guardian story from being discredited.

Nobody knows his current financial situation. I think we can all appreciate the ideal, but at this point, it's probably better to donate to the EFF, EPIC and the ACLU. Not to mention, maybe even get a subscription to the Guardian US in support of investigative journalism.

3
downandout 11 hours ago 5 replies      
The fact that money is trickling into this campaign, while campaigns such as one to send a heckled school bus driver on vacation explode with hundreds of thousands of dollars, shows our society's ignorance. This man is a hero, and is likely to be cannon fodder for the US Justice system.

John Mccain went on CNN this morning and said that this whole thing isn't a big issue in the minds of most Americans and there won't be much if any political fallout. I am sure he is saying that with polling numbers in hand. Mark Udall, who has been trying to warn Americans about this for years, also appeared and was made to look like an overaggressive alarmist. They may as well have superimposed a tinfoil hat on him.

This whole thing gives us a very scary glimpse into how pliable the populace is. Many assumed that the NSA was doing this, but not so obvious until this incident was the depth of ambivalence Americans have toward their rights. The stage is now set for a remakably dark future, and by the time the populace finally has enough, they will no longer have the power to stop it.

4
blhack 12 hours ago 8 replies      
Wow, I would tread incredibly lightly here. In the eyes of the US government, this person could be considered an enemy of the state...and you're literally giving them aid.

That's probably a pretty serious crime. I support this person as well, but there is something to be said about living to fight another day. Directly giving money to [possible] enemies of the state might not be the greatest idea.

5
mpyne 11 hours ago 0 replies      
Guys, hyperbole is not necessary here.

The last "spy" that the U.S. caught was not designated an "enemy of the state" or anything nearly so extreme, so at least wait for Obama to put on the anti-Christ mask before you start freaking out please. Pretty soon I'll literally be able to see out the back of my head.

Likewise, treason has a specific Constitutional definition, both on actions that constitute treason and the witnesses required to prove it.

As a civilian (contractor no less, not even a Government employee!) Snowden does not fall under UCMJ so all this crap about "Aiding the Enemy" is crap as well. You should be worried about Espionage Act, not UCMJ.

Likewise, giving "aid and comfort" to someone accused of a crime would fall under the same rules as any other person accused of a crime. If there ends up being a valid warrant for his arrest then you should not help him evade arrest. You should not help him commit further crimes or cover up evidence of previous ones. But certainly you can contribute to his legal defense fund (though be careful that those evil Fed prosecutors don't freeze those assets :P). Those cautions are nothing special about this case, it's always been a bad idea (legally speaking) to aid and abet crime. If you feel your morals will outweigh that then bon voyage, but go in forewarned.

Also, yes, it's possible your actions will be more closely scrutinized in the future if you aid Snowden, but things that are worth doing are not typically easy, otherwise they'd already be done.

I would be more worried about ensuring that you don't end up crowdsourcing or kickstarting some con man's bank account instead of Snowden's legal defense fund, but then again I've always been sort of a pessimist...

6
dllthomas 28 minutes ago 0 replies      
If you do this, know that (in my estimation - IANAL) you're likely doing something illegal. Imagine the same situation for any other crime: "You killed someone I don't like; here's $10k".

If you choose to do it as an act of civil disobedience itself, more power to you, but it should be deliberate.

7
rdl 12 hours ago 1 reply      
This technically exposes him to somewhat more liability than he had before, right? "Financially benefits from his crime"
8
runn1ng 11 hours ago 0 replies      
ummm.... where will my money actually go?

The campaign is very light on details. I will not give them money just because they used his picture in a header. I will rather post the money to EFF

9
yuvadam 7 hours ago 1 reply      
Seriously, 'murica? One of the most important heroes of our time blows the whistle on the largest spying industry the world has ever known, and you pay him back with cash?

Edward Snowden has done the world and the US a huge deal by sacrificing everything and letting you know just how fucked up things are.

Use that knowledge, be inspired by his courage, and tear apart this messed up system of surveillance and oppression.

10
kohanz 12 hours ago 1 reply      
This seems a bit strange to me. Snowden was very well compensated for his work (articles mention a $200k salary) as a young man and despite this he still did the right thing and followed his conscience. My bet is he would be the first to tell you that the real reward for him is the weight off of his shoulders. Rewarding such a brave act with a "cash prize" doesn't seem appropriate.
11
buro9 6 hours ago 0 replies      
There's no way Edward put himself on the line for money.

But... how long do you think he can access funds in his name? And how long do you think he will have to stay in hotels and temporary accommodation that he will have to fund?

He will need help, the hardest bit isn't even summoning the help, it will be getting it to him.

12
dodyg 5 hours ago 0 replies      
Nominate him for Nobel Peace Prize for this year. It will offer him a better political protection against the current US government and will make him one of the better winners of prize in this decade.
13
bluetooth 12 hours ago 2 replies      
Two issues I can see arising from this:

1. You're funding someone who the government most likely has labelled a terrorist. I don't think the government will take too kindly to such a thing.

2. Snowden is in hiding. Not only might it be hard to come into contact with him, but how can we be sure our money will reach him?

I think #1 is not too difficult to solve via ways of bitcoin, but #2 is still a blocker.

14
dale386 12 hours ago 2 replies      
This will be cute until donors start being investigated for funding terrorism.
15
LoganCale 12 hours ago 2 replies      
Some would probably argue that contributing to this is treason. Providing material aid to an enemy of the United States.
16
jbranchaud 11 hours ago 0 replies      
This is to completely miss the point [1]. Not everything is about compensation or reward. There are things worth doing that have nothing to do with money. To try to strap a reward onto this or some similar situation is to diminish it.

If you feel compelled to give money, give it to an organization that can effect meaningful change for those that may need it. Based on [1], it doesn't seem that Snowden is one that needs it.

1. http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-n...

17
dw5ight 12 hours ago 0 replies      
damn stoked to help Snowden out after the service he's done us all, at significant risk to his own career and liberty
18
gizzlon 5 hours ago 0 replies      
With Crowdit being a US company, what do you think the chance of any substantial funds ever reaching Snowden is?

(and that's ignoring all the other obvious problems with this scheme)

19
llamataboot 12 hours ago 2 replies      
How are you going to get him the money? My guess is he'd rather the money go in his name to the EFF/etc.
20
brilee 12 hours ago  replies      
He didn't do this for the money...

I've been offered minor cash gifts for significant volunteer work that I've done previously, and it's usually sort of offensive - nowhere near large enough to compensate for my time, and I didn't do it for money.

The right way to go about this is probably to find a way to get meals continually delivered to him in his hotel after his credit card is inevitably cancelled.

28
If the NSA Trusted Edward Snowden With Our Data, Why Should We Trust the NSA? slate.com
201 points by reaganing  12 hours ago   74 comments top 24
1
gkoberger 10 hours ago 1 reply      
I don't think Slate is trying to crucify Edward Snowden. I think it was more "If a high school dropout with basic computer skills can win this contract, imagine what a talented hacker with malicious intentions could do", and just happened to attack Snowden a bit too much.
2
ritchiea 10 hours ago 2 replies      
All of the comments taking umbrage that the article isn't celebrating Snowden's character are missing the point. While it is entirely possible that he was qualified or even overqualified for the position he had at Booz Allen Hamilton, nothing in his resume suggests that which raises the question who else has access to sensitive data and secrets? The answer could be that Snowden was an exceptional individual and that's how he got to where he was, but it could also be that the government is terrible at hiring and granting security clearance and there are a lot of terrible individuals with access to secrets & sensitive data and Snowden just happened to be a standout.
3
SeanDav 11 hours ago 1 reply      
So now lack of a degree means you cannot be trusted with sensitive data - wtf?

I understand the guy is emphasizing these things to make his point but still, wtf.

What about his morals? What about his courage? I would most definitely trust my data to a guy that was and is prepared to go to jail for his beliefs that my data should be treated with respect and within the law.

4
jongraehl 10 hours ago 4 replies      
The author is full of stupid snark. Clearly Snowden is an exceptional individual; learning that he used to be a janitor, or whatever, shouldn't cause us to throw away all the evidence we have about him and double-take "they promoted a janitor?".

Perhaps the quality of his work matched his obviously high character, regardless of his initial lack of formal credential. This is IT we're talking about - classes are a joke.

5
mtgx 7 hours ago 0 replies      
Has the destroying of his credibility already started? What's next? An uncovered rape case from his past?
6
adventured 11 hours ago 2 replies      
And so it begins, the assault on Snowden, his character, his qualifications, etc.
7
malandrew 10 hours ago 0 replies      
I expect this from some news sources such as CNN, but not from Slate and definitely not from Farhad Manjoo.

Why can't we celebrate him for having the moral character to have done the right thing instead of assault his character.

A college dropout that did the right thing by whistleblowing is 1000x better to have in this World than an MIT, Stanford or Harvard graduate who is working at the NSA or CIA being enabling or at least complicit in programs.

8
thret 11 hours ago 1 reply      
I wouldn't be surprised if the #1 criteria for NSA grunt employees is patriotism. If he's prepared to sacrifice everything for his country than he seems to be the perfect candidate to me.
9
randomfool 8 hours ago 0 replies      
He comes off as a fairly intelligent person in the interview.

The tech community should be the most understanding when it comes to overlooked people who kick ass on the job. Too many tech companies today are focusing on university names, this isn't the way it always was.

Is being nice to Edward Snowden considered aiding a terrorist? The NSA probably just fired off a warrant for the rest of my communications.

10
georgemcbay 10 hours ago 1 reply      
Not a big fan of the reasons we are supposedly not supposed to trust Snowden specifically, but the question remains a powerful one in the sense that if you can't ensure that the data and systems you're using for something this powerful can remain secure from the actions of any single person, then you have a huge problem.

I've worked at companies where the secrets behind our app signing key are held to a higher standard than being entrusted to the care of any single entity. Even ignoring how you feel about whether the PRISM system is good or bad, shouldn't we expect the NSA to have better security policies, given the huge scope of abuse these systems could allow?

11
Zak 9 hours ago 0 replies      
http://paulgraham.com/credentials.html

It seems unlikely Snowden was in a high-paid and important position without having demonstrated some kind of aptitude. I have the impression he was highly skilled.

12
gridmaths 10 hours ago 1 reply      
Wrong Question. A better Question is :

If the Government trusted the NSA with our every phone call and email, why should we trust the Government?

13
tzs 7 hours ago 0 replies      
> He was accorded the NSAs top security clearance, which allowed him to see and to download the agencys most sensitive documents.

Document control works on two dimensions: clearance level and need to know. You need to both have the requisite clearance level and a need to know to be approved for access to a given document. Having a top clearance doesn't mean you get to freely look at whatever you want, although the press and general public seems to think it does.

14
soup10 5 hours ago 0 replies      
The very fact that Edward has the integrity to risk his life in the name of public interest means that he's exactly the kind of person the NSA should be trusting with our data. It's probably his combination of integrity and competence that let him get the access he did in the first place.
15
mikejholly 11 hours ago 1 reply      
I'm not sure that the author understands what a sysadmin is. Even a junior sysadmin could cripple most services based on their level of access.
16
dnautics 11 hours ago 5 replies      
EXACTLY.

Not just this guy, but a contracting firm (BAH) in general? How did they get that bid?

17
codex 11 hours ago 1 reply      
Having access to a PowerPoint about a system ("metadata") is not exactly the same as having access to the data itself.
18
cdooh 4 hours ago 0 replies      
Please. This is not about can we trust them because someone leaked, any civic-minded person would have done what he did if they had big enough balls. Are we trying to say that out of the thousands of employees the NSA has no one else but this one guy felt there was something wrong with this program?
19
brady747 10 hours ago 0 replies      
'If Slate trusts Farhad Manjoo with their Op/Ed writing and critical thinking, why should we trust Slate with their journalism?'

//insert crappy article

I mean, why should we give interviews at all? Obviously someone's resume and a class they didn't complete is all we need to know about them.

20
codezero 9 hours ago 0 replies      
It seems like hiring someone who isn't a tech genius (assuming Snowden isn't one, but it doesn't matter) is exactly what the NSA should want, the less technically advanced their employees, the less likely they are to be aware of the wrongness of what they are doing, especially if they are given simple tools that do all the work for them and mask the technical guts behind a point and click interface that "anyone" can operate.
21
burnstek 8 hours ago 0 replies      
In my university, we had a computer security program where computer scientists were heavily recruited to work for the DoD for a few years in exchange for a scholarship. One of the students I knew who ended up at the NSA was a standout, but the many others I knew were of average intellect and in many cases were below average computer scientists. These are not the level of people you want involved in mass surveillance programs.

What matters most to the NSA is your ability to pass a polygraph - not your engineering skills.

22
ccarter84 12 hours ago 1 reply      
But...but they're helping us secure our home networks!

"The Information Assurance Directorate (IAD) at NSA recently released a new technical guide entitled Best Practices for Securing a Home Network." - http://www.nsa.gov/ia/index.shtml

23
thehar 8 hours ago 0 replies      
Obviously slate.com's journalist doesn't understand how most of Silicon Valley works with recruiting these days and those "top companies" contributing to PRISM's dataset.
24
freepipi 9 hours ago 0 replies      
Great article, the awareness of security is terribly bad
29
Bradley Manning Trial: Is Our Future an Orwellian Nightmare Or Info Anarchy? policymic.com
89 points by gridscomputing  8 hours ago   7 comments top 3
1
mpyne 8 hours ago 3 replies      
The "Obama Administration" isn't prosecuting Manning, except insofar as has hasn't ordered the Commanding General at Ft. Meade sacked (which would be a much different kind of legal system interference).

Likewise, (and I hate to sound like the ski instructor) if Manning hadn't wanted his trial to be "shrouded in secrecy" then he shouldn't have leaked classified information while under arms. Closing a trial is something that can be done in a court-martial, and that was true since far before Manning had raised his right hand to fight the war in Iraq and signed his DD-4.

Even with the secrecy though, the article itself answers the question of how Manning might be sentenced to life imprisonment: The charge of "aiding the enemy" requires only that Manning knowingly leak the information knowing that it could be directly or indirectly provided to the enemy.

If even one page of that had ended up in any AQ or Taliban hands that would seal the deal. As it turns out a bunch was found in Osama bin Laden's possession. Case closed, as far as that goes.

I think it's important to note again that Snowden was quite clear in his initial interview that his actions were materially different from Manning's. He went so far as to note that he leaked only a few specific issues, and not just anything that he could grab, which he certainly could have done had he wished.

2
mtgx 5 hours ago 0 replies      
I think the future should and will be more "open" and more "transparent", whether the people in power like it or not.
3
contingencies 7 hours ago 0 replies      
False dichotomy.
30
Treaty gives Hong Kong option to reject Snowden extradition to the US scmp.com
96 points by gridscomputing  9 hours ago   35 comments top 9
1
einhverfr 5 hours ago 1 reply      
He probably did his research, looked at court systems etc. He probably expects to spend some time fighting over extradition. Its not really a bad call (Hong Kong). The question is, where do you want to fight? What battlefield do you want to choose?

I don't know. It is probably better than many other choices. One major problem with choosing Ecuador is that if Ecuador is involved in both Snowden and Assange there are potentially large problems for them. I don't doubt for a moment that Correa would love the fight, but I do doubt that it would last past one administration.

He's the underdog. Wherever he chooses, he bears a huge level of risk. There is a lot to recommend HongKong.

But in addition, the fact that it poses important options for resisting extradition provides another way of fighting. If the Obama Administration wants this to go quietly they do not want a long extradition fight showing up in papers followed by a long court trial.

2
uvdiv 9 hours ago 0 replies      
The article is confusing. More clearly: both Hong Kong and the PRC (mainland) can deny extraditions from HK to the US.

Beijing, which gave its consent for Hong Kong to sign the agreement, also has a right of veto if it believes the surrender of a fugitive would harm the "defence, foreign affairs or essential public interest or policy'' of the People's Republic of China. In short, the treaty makes Snowden's fate a matter of political expediency not just in Hong Kong but in Beijing.

http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-h...

3
quackerhacker 8 hours ago 1 reply      
Given Snowden's background in intel and the information exposed, I think he calculated his decision correctly. Even though other countries (like Iceland) are offering asylum, I really do believe Snowden choose a formidable country that opposes western views...anyone recall Hilary Clinton addressing China's firewall, or Google pulling out?
4
bitserf 9 hours ago 2 replies      
I don't see a downside for Hong Kong/China in rejecting an extradition request.

Cynically, it's leverage and they'll have the moral high ground in the eyes of the world.

5
jenandre 6 hours ago 4 replies      
Sorry, but I don't buy this guy's story. Something is just incredibly fishy.

I don't buy this guy's argument for going to Hong Kong, e.g. that has a history of free speech, and its supposed autonomy from the mainland -- even after all of these years, Chinese pressure prevents Taiwan from international recognition. You think they are just letting Hong Kong do its own thing? He seems intelligent and must be aware of this, especially having worked in the intelligence world. The Chinese firewall is the most renowned internet chokehold in the world. The Chinese are known for hacking Google to spy on their own citizens.

I just have to think of it if I were in his situation. If I were a freedom-loving individual looking to seek asylum, I'd probably first look at countries that granted asylum in similar cases that weren't internationally renowned for suppressing freedom of speech. Assange has asylum with Ecuador, why not go there first? China is just such a weird choice for someone who is purportedly morally driven to his actions by privacy violations.

Not only that, this situation has nothing but upsides for the Chinese. It looks great for them to expose another world power is spying on their own citizens (and weakens any diplomatic arguments the US has when pressuring them to open up free speech and the internet). It's also a nice thorn to retort after all of the recent hubbub about Chinese government hackers. If he wasn't an active spy in the traditional definition feeding the Chinese information, he is certainly an asset by circumstance -- why wouldn't they manipulate him to their benefit?

Now, that's not saying the US did the right thing -- we kind of fucked ourselves here having PRISM in place first of all -- but I am not sure this guy is the lone ranger whistleblower hero is painting himself to be.

6
adamnemecek 7 hours ago 1 reply      
I wonder whether the HK government perceives him as an asset or liability.
7
_rush 4 hours ago 0 replies      
why everybody thinks he's realy in hongkong?at his place I'd say I'm in any place but real location.
8
anonymous 6 hours ago 1 reply      
So that's where the Snowdens of yesteryear are.
9
bifrost 6 hours ago 0 replies      
Snowden is probably already a PRC citizen, he doesn't have much to worry about.
       cached 10 June 2013 13:02:01 GMT