There's this thing called sequestration going on that's disrupting the budgets of all the federal agencies.
The feds are cutting budget for ridiculous things like the blue angels.
But they're totally going to be maintaining the budget for hacker cons in Las Vegas.
This is all about street cred for defcon & nothing to do with "taking a break." Jeff Moss is too sophisticated to be throwing away all those relationships. This is a stunt circle jerk.
After the GSA stunt a few years ago, you bet conference budgets have been cut. Departments are given a set budget for each conference--if I remember right, the DOE allocates $100k max per conference. Sounds like a lot, but then you see what happened to last year's Supercomputing conference. That's a weeklong conference traditionally attended by many of the DOE's large supercomputing community. $100k does not send many people to a week-long conference. This was enough to cause very notable effects on the conference as a whole; outlets such as The Register even commented on it. I've heard rumors that some companies may not be going this year because without the DOE there, it's just not as valuable for HPC vendors.
I have visited Gwern's site a number of times, mainly regarding the anime "Death Note" discussions. I wish I was a few more years further along in my business plan and had the means to offer a consulting gig to him or her. Gwern would keep us honest and weird and brilliant.
Go back to 4chan or reddit please. The law isn't your personal playground to arrest people you don't like. Accessing a public URL isn't a crime. Nor is being an asshole (of which you should be very glad!).
So the authorities should charge him with harrassment, privacy invasion, extortion, copyright infringement (of the photo(s)) whatever is applicable for the things that are described in that article (or anything else) that he has done.
Do not sentence him to 41months for the fact that AT&T breached its customers privacy and Weev let the press know or for accessing unprotected URLs.
Increment in the general sense just means to increase the amount. A more specific meaning is to increase using regular steps, that is, to select the next number in a sequence. The use of the word is not confined to i++ or i=i+1 or ++i.
Luhn is just a check digit, so you could define an increment function that adds one to the base number and then calculates the last digit. Or, you could just iterate over every possible check digit from 0-9.
Mobile operators have to certify devices, even if they don't include them in the portfolio.
This is a consequence of commitments to a country's spectrum management organizations.
If an operator expresses commitment, I would take this is a very important initial step, but not necessarily an indicator of full blown embracement of a platform. Operators will schedule time for a device to go through their certification labs. This means that a device can get approval from the regional spectrum bodies for qualifications that ensure the device doesn't interfere with authorized spectrum devices. Lab certification is not free- the operators are eating a cost. But certainly it's not the same thing as buying pallets of devices and trying to sell them to consumers.
From what I've heard Weev is an Ass and Aaron was a superhero. You don't need to compare them however to see similarities in how they were treated and the problems with the US "Justice" system.
Prosecutorial bullying and overreach is bad whoever it is done to (even if they are an Ass/Hitler).
Do you want 10 years to be the normal sentence (or even the prosecutors threat) for crawling URLs and reporting the privacy breaching results to the news media?
In my view some of the behaviour in the story that you linked to is MORE criminal than the actions against AT&T. If evidence can be found for that I would be fully in favour of that prosecution but the he's done all these horrible things that we can't prove so lets trump up a minor issue we can prove concept doesn't feel like a secure route to freedom and justice for anybody. If the linked information could all be proved in court to be Weev I would be happy for him to get 1-2 years in prison for harassment or longer if it is a pattern of behaviour against other people too but for the AT&T "hack" anything over a month or two would seem excessive to me.
"Do you want 10 years to be the normal sentence (or even the prosecutors threat) for crawling URLs and reporting the privacy breaching results to the news media?"
This is such a sanitized version. I'm open to being corrected here, but afaik the 'crawling' in question was done by a script written and refined for the expressed purpose of harvesting data, with intent to cause material economic harm to AT&T, which they did. They sat on the vulnerability for days while discussing at length how to perform the 'report' in such a way as to cause the most negative effect.
They knew full well what they were doing was illegal and were afraid of being caught and discussed it.
Let's state it again in a less-sanitized fashion: They found a vulnerability, did not report it, exploited the vulnerability and stole data with the stated intent to cause material harm and/or sell said data, and actually brought about said economic harm.
People defending weev are making it sound like some guy tweaked a value in his browser url bar, ran to AT&T and said 'look what I found', and had his home promptly raided. Hence the ridiculous top comment on slashdot, "America has lost its fucking mind."
Let us not, as the hacker community, lose ours over this. What weev did was malicious and illegal and harmful and if we appear to defend him I'm afraid we undermine the cause of Aaron's case and the possibility of curtailing real prosecutorial aggresion. I really don't think it was the case at all with weev.
I said crawling URLs not tweaking address bars (implying scripted mass process). The other point is that the sentence in this case whether reasonable for other reasons or not will be a reference point for future prosecutions against less unlikeable people.
Legally in the US there seems to be very little protection for privacy (unlike copyright) whereas in the UK Sony has just been fined £250K for failing to adequately secure personal data (PSN hack).
Should this person have collected more than 100K email addresses? - NO.
Should they have blown the whistle or reported it straight away? - YES
Were they criminal? Probably just about.
Does what they joked about matter? No unless they actually tried to do it.
Does the fact that they wanted to harm AT&T matter? Not much for me, AT&T harmed themselves and while discoverers of the flaw could mitigate AT&T's harm and these guys chose not to for me that doesn't turn it into a crime although possible does suggest additional sentencing is appropriate.
Is 10 years an appropriate sentence for accessing information that legally had less legal protection than copyright works? Definitely not in my view.
It's 10 years max, and no that doesn't seem disproportionate to me at all, given that you have stated malicious intent and actual material harm. I can think of white-collar crimes that have similar effect (dumping stock, insider info) that carry bigger max sentences.
I also completely disagree that AT&T 'harmed themselves'. This to me is grey-hat rationalizing/hand-washing. "It's not my fault that your security sucks. I just, you know, exploited it, harvested hundreds of thousands of emails, highlighted the most important executive and government official emails and released them in as public a manner as possible, potentially causing hundreds of thousands or even millions of dollars worth of economic damage and loss of reputation."
Sorry, to me a max 10 years is light, compared to the kinds of white-collar sentences we've seen for stuff like insider trading. They stole the data. They sat on it. They tried to release it in such a way as to cause harm, and the potential dollar-value risk for AT&T and all their employees was huge. Think of the massive hit RSA took when their data was stolen. It doesn't matter how "easy" the hack was: what matters is intent, action and effect. All three, to me, are clear-cut here. I don't see how weev could expect any different outcome.
Something I didn't understand at 18 (that I do at 35) is that your 'enemies' may be dealing with things you simply cannot understand.
If a coworker is belligerent to an 18 year old, they are assholes. To a 35 year old (at least to me), the first thing I think of is that I have no idea what their home life is like.
People endure crazy life experiences. I am working with them on a problem that results in revenue for both of us. Just because we're making money, doesn't mean that they're dealing with problems of personal identity, cancer, financial ruin, etc.
Age matters, kid. It fucking sucks. It's cool that you're punk rock about this. But you will achieve more & achieve faster when you realize that age really does matter.
(p.s.- age is not a way to measure wisdom, but it is a wisdom indicator)
> If a coworker is belligerent to an 18 year old, they are assholes. To a 35 year old (at least to me), the first thing I think of is that I have no idea what their home life is like.
I'm sorry, but I don't care what your home life is when you're at work. You're there to do your job, and communicating with your coworkers without being an ass is part of that. It sucks that <insert bad thing here>, but your job should not be affected by that.
If we're out at a pub in a non-professional setting, that's different; feel free to pour out your soul. But when we're on the clock, just do your job.
I say this having had a very, very close friend die on the morning of my first real world product launch. I had been up all night hammering out every last detail when I got the call from my mom, around 7am. At that moment I knew that the right thing to do was to finish what I had to do, and go home and mourn on my own time; it was what was fair to my coworkers, working right along with me, and to myself. It wasn't their problem, and if I had lashed out at them it would've done nothing but impede our progress. Sometimes you have to step up and do what needs to be done.
I'm from the UK, I know all about stiff-upper-lip but even to me this seems like unnecessary martyrdom.
I would feel that I had failed my staff if any of them thought that our product was so fragile that delaying launch by a week so they could mourn would cause irrevocable damage.
It is good that you can separate the two so well. Depending on where you work you may find out very quickly that a LOT of people can't... they consciously or sub-consciously take their problems with them. And I think the older you get, the more "self-righteous" you are about it, as in more likely to not care just as much and turn your bad feelings out instead of keeping them in and being a good soldier.
I've not yet heard of an instance where rms has allegedly sexually assaulted anyone or said anything that could be seen as blatantly sexist or misogynist. He may be awkward around women, I'd also argue he can be awkward around everyone - the man is not renown for having the best social skills.
There's this thing called sequestration going on that's disrupting the budgets of all the federal agencies.
The feds are cutting budget for ridiculous things like the blue angels.
But they're totally going to be maintaining the budget for hacker cons in Las Vegas.
This is all about street cred for defcon & nothing to do with "taking a break." Jeff Moss is too sophisticated to be throwing away all those relationships. This is a stunt circle jerk.