Re: Amazon is keen
"meanwhile those nasty government agents are trying to do nefarious things like uphold the law."
Probably their greatest offence is not offering to pay for access.
16427 posts • joined 16 Jun 2014
"In short, this case will live and die by a strict discussion of the word "authorized" - to be or not to be."
No. It turns on (a) what he was authorised to do and (b) intent. The charge was that he intentionally caused damage without authorisation. If he wants to argue this on contract terms he needs to point to the clause in his contract where, by implication or otherwise, he was authorised to commit damage. Not just access systems or even delete stuff, but commit actual intentional damage. The intent bit comes in when he does an rm -rf * or equivalent in several different places where that's damaging; once might be an accident but repeatedly on the same occasion?
"After reading the comments I am surprised more haven't pointed out that Directors of companies regularly (and these days often) take actions that are damaging to the company."
A number of comments mention this. Irrelevant. That's not a matter before the court in this case.
"intentionally causing damage without authorization , to a protected computer."
How do you parse this?
I can only parse it one way: he did not have authorization to cause damage but he did so and intentionally. Being authorised to access the computer is irrelevant, it was the damage he wasn't authorised to cause. And the additional factor is the intention. We all have the risk of that accidental oops moment which does cause damage but the intention to do so would be lacking.
"the Jury can rule it- an accident, self defense, murder (first, second or third degree)"
Nevertheless, the judge should have explained to the Jury what all these terms mean and what they need to believe about the evidence in order to arrive at one of them. Actually only a coroner's jury would need to arrive at one of the first two decisions, in a criminal trial it would simply be "not guilty".
"If this guy trashed the systems, and stuck around without leaving a note, he would be a-okay according to the law"
I doubt it. As described, it wasn't a single action but a wide-spread trashing of various parts of the infrastructure. It makes it very difficult to believe anything other than intent. To take an analogy, if you damage one piece of kit it might be possible to argue percussive maintenance gone wrong but if you take a sledge hammer to the whole production line it's going to be criminal damage.
"Which would be a civil matter (breach of contract) and not a criminal matter."
If someone were provided with a key to the business's premises (authorised access) and used that to let them in out of hours and then smashed the place up with a hammer it would be prosecuted as criminal damage.
If someone with access to the company's ledgers used that to gain money to which they were not entitled it would be fraud, a criminal offence.
There's nothing novel in the application of criminal law in a case like this.
"He won't. We have juries to even out the edges and maintain the spirit of the law"
This is an appeal. If the US system is anything like the UK it won't be heard by a jury. In fact, it's an argument on a point of law. It's up to the appeal court to decide if it makes sense.
"A simple cookie-ish thing where a user could actually express interest in ads they may find interesting would help make the ads more relevant, and waste advertisers less money."
The simplest thing of all would be to relate the ads to page content and not to the viewer. If the viewer bought a new car last week there's no way that the ad networks can know that and all the effort to sling car ads will be wasted. If he's now browsing garden make-over sites it ought to be a big clue as to what he might respond to now. And for that there's not need to track; in fact the ads could be static in-page. The only downside of that from the ad-networks PoV is that it cuts out their entire business. Isn't that a shame?
"1. Any company ... 2. The business"
A University of College is not a company, neither is it a business in the sense you seem to mean. Putting all the resources into a single IT operation in a college ought to be about as likely an undertaking as herding cats. It's not surprising that there was no effective communication between IT and users as just about every researcher in the place probably has different requirements.
"Businesses arn't normally all that keen to let you take systems down to do this."
With good reason. The downtime is a secondary consideration. The main one is that if you're needing downtime on the live system it means you're doing the test on the live hardware and if the backup/restore fails for any reason you've just blown away the system you were trying to restore. You do not do your restore tests on your live hardware. You rent hardware for that purpose, ideally you have a DR arrangement which includes the facility for periodic tests. That way you can do your testing without any down time and without any time pressure other than the slot allocated. Your first test will be an interesting learning experience.
"Google was the stroppy upstart and innovated and didn't stop innovating."
It's got a hell of a way to innovate before it matches OS standards. If they were really serious about producing good maps why didn't they buy the OS's mapping and add their own interface? If you're serious about maps it's content that matters and Google's mapping content is minimal.
"Google maps was full of ajaxy goodness, with draggable maps and fast response times"
And Streetmap's maps were full of detail. Oddly enough, when I look at a map I want detail, not shiny.
"Google is a damn search engine. If I search for a postcode I want to see a map. Furthermore I want to see the best one."
And if I put a post code into Streetmap I'll see it on a map. Ironically it is actually a full-featured map I'll see it on. If I see it on Google I'll see it on something that's really no more than a street plan.
"can you clarify why Google Maps are not useful?"
Take an example. Look up Hardknott Pass on Google and streetmap.co.uk. What does Google tell you about the steepness of the road and the terrain in general? Now what does the OS map on Streetmap tell you? In case you're not used to reading maps I'll tell you that the OS's little chevrons on the road mean "steep" when single and "bloody steep" when doubled (1 in 7 to 1 in 5 and more than in in 5 respectively). What does Google tell you about the features you'd see from the road? What does the OS map tell you?
As I've written in other comments, Google maps are really just street maps, the OS maps streetmap.co.uk uses are real maps.
"Obviously, looking at Bing's use of OS maps, whilst they have a better zoom"
Bing also swap between different scaled OS maps but they also zoom to different magnifications of these so you have a choice of too small to be legible, legible and jaggies. I find the zoom painful to watch and unnecessary as only one magnification is really usable. OTOH Bing has better scrolling. If Streetmap were to disappear I suppose I'd have to use Bing but it would be an unpleasant experience.
One issue common to Streetmap and Bing is the search: they only seem able to find place names starting from the first word; if, for example, you search for Nibley their choices will include a couple of villages called Nibley, Nibley Lane, etc. but miss North Nibley. Google has the edge in this.
"Streetmap doesn't make their own maps."
No. They use OS maps instead.
Somehow Google never seem to get round to little details like contouring and such like. The irony of all this is that Google's maps really are just street maps. Streetmap's maps are maps of the terrain. No contest in my view.
"the global economic crash was caused by the exposure of the long-running subprime mortgage racket in the US in 2007 and the subsequent collapse of Lehman Brothers in 2008, not by the economic policies of Gordon Brown."
Which in turn was driven by low interest rates which made mortgages appear affordable. An Brown was a part of the low interest movement. His giving the BoE responsibility for interest rates with an inflation target that ignored housing costs led to a housing bubble here, leading to the problems with Northern Rock, HBOS/Lloyds & RBS. Instead of being responding to the bubble by changing tack he, as chancellor, went about lecturing Germany el al about how they should adopt UK/US policy on interest rates. He might not have been able to check what the US was doing but he could have minimised the impact here.
Were you referring to this statement:
"the most popular graph DBMS by some magnitudes is Neo4j, followed by OrientDB and Aurelius's TitanDB graph databases"?
If so let me repeat it again with one word emphasised:
"the most popular graph DBMS by some magnitudes is Neo4j, followed by OrientDB and Aurelius's TitanDB graph databases"
"I think the defense attorney could have spun this as a non-authorized penetration test"
Indeed, a defence lawyer's job is to spin any defence that offers itself. There's not guarantee it will be accepted and if that one succeeded the court would need to provide a runway for the pigs.
Thanks for that. It means that if this system issues debt letters solely on this basis it's not fit for purpose. As I explained in a comment above the acceptable rate for false positives is zero and what you describe cannot avoid false positives.
In a human-operated system a case would be built by one team, e.g. police, and passed to a second, DPP, CPS or whatever for review before it gets to court. The second team and the court itself should act primarily as checks on the first team's work, not as an excuse for the first team to get away with sloppy work.
In the system you describe the output should be no more than a list of cases to be checked against the original fortnightly data. It should not be possible to issue debt letters which do not give the dates and figures for the incorrect payments.
"Whether 99% accuracy is a good result or not depends very much on the split between false positives, false negatives AND the underlying base rate "
Where the decision leads to legal action the acceptable error rate for false positives is zero. If you were accused of some offence of which you were innocent would you consider it OK to be found guilty and incarcerated providing the false positive rate was considered acceptable?
False negatives are trickier. A false negative can also lead to injustice* beyond the occasional guilty party escaping on grounds of reasonable doubt.
Such high standards makes criminal investigation a stressful occupation for anyone taking it sufficiently seriously.
*A complainant of assault being wrongly disbelieved could come into this category.
"common-or-garden SQL database?"
They were solving that even before relational databases were a glint in Ted Codd's eye. They were solving it in the days of tape-to-tape. They were solving it in the days of mechanical accounting machines. They were solving it the days of quill pens & paper. It all goes to show that if you want to fail really badly, use a computer.
Pleas hack his "smart" phone, install keyloggers and crack his twitter account... install some voice capturing software that is permanently on
What makes you think that hasn't already happened?
send some nice postings like "I am so soryy, Hillary" or better "Hi Mexicans, I luv u all!"
That's just skiddie stuff.
"Here the government is the best customer you can have if you want your invoices paid on time."
One client of mine doing work for HMG billed one of their clients by EDI. The client's EDI server had been down for a few weeks before they got round to telling them. I also spent a long time analysing the far from clear self-billing of another of their clients, trying to reconcile it with work done for them.
Biting the hand that feeds IT © 1998–2019