U.S. Department of Interior Ordered Offline 434
The whole of the U.S. Department of Interior has been forced off of the internet as a result of a court case Cobell v. Babbit. This was the result of compromises with the Microsoft Windows servers. A judge decided to take the whole of the organization down. Should this judge have this much power? Info here on the
indian trust web site. This includes the BLM, USGS and the Park Service. Staggering, really. CD: Hold off on the blaming of MS, it's still not clear.
Makes sense to me (Score:5, Funny)
This would be like the Government sending my tax return in cash -- it's irresposible because anyone could easily open my mailbox and find almost $3 of totally spendible money ready and waiting.
It seems to be that forcing the whole system offline until it's ready for the modern internet was the only responsible course of action here.
Re:Makes sense to me (Score:3, Insightful)
Re:Makes sense to me (Score:5, Insightful)
I agree. Think of it like a bank.
If a bank was FDIC insured, and their physical security was absolutely horrible, then the government would yank the insurance and effectively shut the bank down. Fortunately for the banks, the government isn't competent enough to rate their Internet security as they are the physical and fiscal security.
If no one ever lays the hammer down on something like this, people will never start to equate online security with the physical security they take for granted. And much better for the government to start policing itself before it makes more noises about policing the rest of us.
Re:Makes sense to me (Score:2)
Re:Makes sense to me (Score:3, Interesting)
I used to run an ISP for an indian tribe, and at one point the local BIA office asked us if they could run an Ethernet connection to our hub and use our link.
We made it clear to them that we were providing a link, not security, both before and after the fact, but they nevertheless didn't install any kind of firewall. Their servers had active Guest accounts that could access pretty much all data, and literally EVERY one of their desktops had C: drives shared with no passwords.
Oh, and BTW; they were the folks we were supposed to call if we got hacked and wanted it investigated for prosecution, since the FBI didn't have jurisdiction until brought in by BIA.
You're not that far off . . . (Score:3, Insightful)
> it's irresposible because anyone could easily open my mailbox and find
> almost $3 of totally spendible money ready and waiting.
But that's not too far from how the government has handled these trust funds--assuming, of course, that the government was supposed to have sent you $3 Billion . . .
The history of mismanagement of these moneys, and the sheer volume of missing records (they don't know how much they're supposed to have had, who it belongs, to, etc.) is shocking, even by banana republic standards. The existence of this case should have scared of Norton from *taking* the job as interior secretary . . .
Add to that that the first rule of litigation is, "don't piss of the judge." They've done that in spacdes. And if you *are* going to piss of a judge with misconduct and feigned ignorance, this is the *last* judge in the united states to do that to . . .
hawk, esq.
I have to agree... (Score:5, Insightful)
Comment removed (Score:4, Insightful)
Re:Are you sure it's a MS server? (Score:4, Informative)
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris.
Of course, we don't know whether this was the system which the government investigators broke in, or whether it's something in this domain.
Why bother (Score:2, Redundant)
Just wait until it crashes in a couple of weeks and the problem will be solved.
Re:Why bother (Score:3, Funny)
In a couple of *weeks*?
of course. (Score:5, Insightful)
Re:of course. (Score:4, Interesting)
Re:of course. (Score:3, Insightful)
Some AC made a snide remark about the Indians simply not getting taxpayer money. Wrong, dipshit. This trust is revenue made from management of the lands held in trust for the Indians, after they got kicked off of the original reservations to make way for settlers. The government was supposed to "collect and disburse to the Indians any revenues generated by mining, oil and gas extraction", etc., and return it to the Indians. This is not about welfare, this is about yet another breach of treaty.
Basically, the government professes to have no idea where the money is, how much there is, etc. Racism was responsible for the Indians being booted off their old reservations; most likely the bureaucrats managing the trust decided since it was just a bunch of Indians, no one would care. I can only assume this is what is happening now.
I dislike hearing racism blamed for every problem an ethnic minority may have, but this is a genuinely sickening case. I don't have liberal guilt over how my ancestors profitted from the destruction of the Indians, but this is elitist government at its worst. Norton should resign for her disgraceful conduct in this affair, and some people should face criminal charges.
I recommend the official website for the case [indiantrust.org] to anyone who'd like a more in-depth look.
Where does it say Windows? (Score:2, Interesting)
Re:Where does it say Windows? (Score:5, Informative)
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris
Other sub-domains are Netscape Enterprise on Solaris and Lotus Domino on NT4/98.
wow. (Score:5, Interesting)
whats the problem here? i wish this would happen more often.
Not Soon Enough... (Score:5, Funny)
I managed to get in before it all went down. I am now officially 3/4 Cherokee and the legitimate owner of South Dakota.
Thank you Microsoft.
-Rothfuss
ah (Score:5, Informative)
Re:ah (Score:2)
--Ben
Informative? *sigh* (Score:5, Informative)
This is really causing pandemonium at our workplace. We cannot access our electronic timesheets because the server is external to our network, and as a result, I've just finished filling out my timesheet from home (because otherwise, it's not going to get done.) The silly part of it is that the facility [usgs.gov] that I work at has quite robust security, and yet we were still forced offline. This is not an "intelligent decision." This is a knee-jerk reaction that is going to end up inconveniencing a lot of people that have paid a lot of money for Earth science data. It's going to cost the government (and, as a result, you, the taxpayer) a lot of money.
By the time you read this comment, the whole issue may have been rendered moot; there was some hope that the court order might be rescinded overnight. If the order was rescinded and you are able to connect to the above links, then I'm glad (because I'll be able to do my job tomorrow.) But rest assured that the entire DOI lost network connectivity this afternoon. This is judicial idiocy, plain and simple; there is no more diplomatic way to put it.
Re:Informative? *sigh* (Score:3, Informative)
Re:ah (Score:2)
Which article did you read? I just tried to get to the DOI, BLM and USGS main sites and they are down. The only article I could get to was the one from indianz.com, and AFAICT it didn't say only the accounting systems would be taken down
I just read the article they linked to; it says
If the entire system allows access to individual Indian trust data, then they did the right thing. If the entire system doesn't allow that access, then they just made another boneheaded decision if they brought them all down.
Re:No, your credibility was ruined.... (Score:3, Troll)
Like I said sorry you got caught in the net there but I don't blame the judge. He was lied to repeatedly and people kept disobeying his rulings. If you ask me he should have thrown the entire lot in jail.
Nope, 'fraid he's right. (Score:3, Informative)
If the DOI decided to shut down their entire network instead of taking those machines offline, that was their stupid decision.
On the other hand, if security is as lax as it seems, we all have (illegitimate, potential) access to said data. Maybe we'd better disconnect... ;)
No, you're wrong (Score:2)
Trust me on this one. But if you don't, try to connect to the DOI homepage [doi.gov] if you don't believe me. By the time you read this, connectivity may be restored; we were hoping that the court order might be rescinded overnight. But rest assured that as of right now (12:56 AM Central Time) the entire Department of Interior is offline, regardless of what some article says.
Yes, this is justified ... (Score:5, Insightful)
It may seem a bit extreme to make the ruling so pervasive, but then again that may be the only way to get those brain-dead govt managers to create a real system (like perhaps without MS software to start).
Re:Yes, this is justified ... (Score:2)
The effected system is the one that manages $500 million a year in royalties from land owned by 300,000 American Indians. It is esentially operating like a bank, but hasn't got the level of security that a bank is required to have. This Minneapolis Star Tribune article [startribune.com] has some additional details.
Should this judge have this much power? Yes! (Score:5, Insightful)
Since the Executive and Legislative branches of government routinely ignore the U.S. Constitution, it is extremely important that we can count on the check of the Judiciary.
Re:Should this judge have this much power? Yes! (Score:2, Insightful)
Just as long as we don't hear the President say (also in an Indian-related affair): "Mr. Marshall has made his decision, now let him enforce it." The judiciary is only as much of a check on the Executive as it is allowed to be.
Re:Should this judge have this much power? Yes! (Score:2, Insightful)
Of course, we are talking about the folks who dusted off the Star Chamber and wrapped it in our paranoia. So disregard what I wrote. Time for the aluminum beanies.
You know, (Score:5, Funny)
You'd think they would use apache...
Patrick Cable II
background info (Score:3, Interesting)
Microsoft servers? (Score:5, Informative)
However, I see no mention of the operating/database that was compromised. Following one of the background links there is reference to an IBM mainframe.
Among the facts omitted was the name of the Denver firm that maintains the IBM computer mainframe for the trust system
Just thought that should be pointed out.
Now the webservers may be IIS but the database being hacked was IBM. Most likely just a poor implementation.
The database may be granting access properly... (Score:3, Insightful)
Can't do much about that. I don't perform ANY core business functions on Microsoft server software, their history of getting brutally hacked and denying it is far too pervasive. (Yes, Sun and IBM are terrible too. Frankly, Red Hat and the OpenBSD Project are valuable to me not because they're "perfect", but because they're honest and prompt when they fuck up! I cut both organizations a new check every 6 months of my own free will, NOT because they try and force my company to. The checks come out of my after-tax salary; as far as I know the company has never paid a dime for either project's media.)
The consultants were probably lazy too, but don't get too overzealous to defend the most probable point of entry. I am somewhat less than surprised that a large gov't agency would screw up like this, although most of the dep'ts I work with at least have the sense to retain solid IT security consultants (I've met some very competent Lockheed employees, for example; I have no idea who was at fault in this incident).
Re:Microsoft servers? (Score:2)
inside, he found no firewalls, numerous missing passwords and no system to detect intruders. He had unfettered access to the Indians' accounts and once even set up a fake account in Balaran's name."
It doesn't sound like it had anything to do with what software they were running, database or otherwise. Bad admin, pure and simple.
To me it sounds like lax security standards enforcement, lax security standards, or lack of knolege and/or ability on the admin's part. All deserve sanctions. Security is mandatory if your systems are connected to the internet.
Re:Microsoft servers? (Score:2)
Management is usually to blame for lax security policies and lax enforcement there of. Not the admins. If management dosen't make it a priority, then it usually dosen't get done. Another area where management can fsck things up is by not backing up the admins on security issues. I've run into both problems ant many companies. The admins knew good security was needed, but management consistanly undermined them.
Indian Trust: Cobell v. Norton (Score:5, Interesting)
Of particular interest is this document [indiantrust.com], which more fully explains why the judge ordered all Internet access to the Department of Interior. Apparently, court investigators were able to break in and modify lots of important information without any response from the DoI.
Seems like this sets a legal precendence for locking down an entire business, organization, or corporation involved in a legal situation. If it can be demonstrated that it would be possible for an outside entity to modify data crucial to the proceeding of the case (such data would be subpeonaed), the judge can order all external access to that data cut off.
Since simply running a some Microsoft software makes it possible for a large number of outside entities to modify such data without difficulty, and to know that doing so is possible without having to figure it out, I could see this becoming a problem for businesses and organizations that run said Microsoft software.
However, it also means that lax UNIX administrators could have their systems' access cut off if court investigators demonstrate that they are able to get in. Sounds like Mac OS 9 is the best protection against this now.
Re:Indian Trust: Cobell v. Norton (Score:2)
I was under the impression that the DoI did more than maintain a website, and this shutdown likely has little effect on most of it's missions. I know this is a nerd community, but lets keep things in perspective, ok?
Judges are known for their technical prowess? (Score:2, Interesting)
Okay, the dept of interior has leaky systems. That is bad. Very bad. Maybe forcing all their systems offline is the right answer. I don't know.
A judge becoming your CTO at the behest of people making claims against you smells pretty stinky. From what I read, the complainants' investigators claimed to have edited trust records through the Internet. The interior department denied this happened. Who is right?
From now on if a group claims that their personal information is at risk that organization can be forced go entirely offline?
Scary because most judges are not technically competent nore do they have advisors technically competent enough to know who is making sense and who is just talking slick.
Re:Judges are known for their technical prowess? (Score:2)
Re:Judges are known for their technical prowess? (Score:2)
Sounds like witch-hunt logic to me.
Did they break in? Probably, and I say that only because I'm sure their systems suck.
I just don't like the idea that someone can claim to have broken into your system and you have to take all your systems offline. There has to be a pretty high standard for a claim like that to stand. I think right now everything is up to the judge's discretion.
Whoa! (Score:5, Informative)
Entering via the Internet, the "hackers" found they could break many of the passwords protecting accounts, using a tool called a "cracker." Many of the passwords, according to the report, were easy to guess, particularly one -- "passwd" -- which was frequently used.
This had nothing to do with the fact that they were running IIS, Apache, Joe's Web Server, etc. The issue was weak database passwords.
Re:Whoa! (Score:2, Insightful)
It is not the sites that have security problems, it is this "cracker" program. Maybe they should find the author of "cracker" and charge him/her with creating terrorist tools!
netcraft (Score:5, Informative)
For example :
The site doi.gov is running Lotus-Domino/5.0.8 on NT4/Windows 98.
The site www.den.doi.gov is running Netscape-Enterprise/4.0 on Solaris 8.
The site www.ios.doi.gov is running Apache/1.3.12 (Unix) on unknown.
The site www.doi.gov is running Apache/1.3.12 (Unix) on Solaris
I couldn't spot a document on indiantrust.org which went into technical details either
weakest link, M$ dissapears in a puff of logic. (Score:2)
Security does not end on the server platform! It needs to be everwhere, and so there is no place for M$.
Blame the admin and the luser is not going to work here. Others may be slow to cast blame, but I'm willing to bet good money the company with the poorest security record and the biggest ugly mouth is responsible for this mess. Let's hope this display of Federal common sense is catching. I'm really sick of all the BS, "that patch has been available for months", and "lazy sysadmins", and "stupid user should not have double clicked this or that". The judge seems to have seen the results and cared less about why.
Pulling a Clinton (Score:5, Troll)
But not Pulling an Ashcroft (Score:4, Informative)
Today, before the Senate, John Aschroft, the Attorney General of the United States, stated in plain terms that any criticism of Ashcroft's policies of extrajudicial military tribunals and other suspensions of civil and human rights will help terrorism. (LINK) [nytimes.com].
More disproving of the initial story? (NPS online) (Score:3, Informative)
.. why let the facts hamper you?
-'fester
This is a solved problem (Score:3, Informative)
Insurance companies do this. I know, because I helped enable one. When you have low-volume, high importance data (like the personal records of Native Americans!!) this approach is justified. I'm not surprised in the least, however, that our underfunded park service wasn't able to hire a government contractor that would take security seriously. We can be as condescending as we like (and we usually are) but if you've ever tried to work through federal procurement procedures, you understand you're dealing with a very limited talent pool.
Re:This is a solved problem (Score:2)
Yes, but... (Score:2)
Re:This is a solved problem (Score:2)
"Custom software"? More like a custom protocol stack! IP simply cannot work without both send and receive capability; without ARP, it wouldn't be able to even figure out the hardware address of an intended recipient. Is this data critical? You can forget about Quality of Service; TCP requires ACK packets to come back for every data packet sent. The only thing the receiving end can do is drop the data if the CRC doesn't check out... but there's no way of informing the sender of the need to retransmit!
Having a Tx-only setup is not feasible for any transmission of important data.
Remember... encryption is the backbone of network security.
Re:This is a solved problem (Score:2)
I'm not very knowledgeable about IP, but wouldn't UDP with a checksum work just fine? Just send regular updates and have the recipient machine notify the admin if more than three or so timed updates didn't show up or were corrupted.
Re:This is a solved problem (Score:2)
Umm. doi.gov is a solaris box (Score:5, Insightful)
The site www.blm.gov is running Apache/1.3.22 (Unix) PHP/4.0.6 on unknown. [netcraft.com]
The site www.nps.gov is running Netscape-Enterprise/4.1 on Solaris. [netcraft.com]
Oh, and nps [nps.gov] is still up....
I read the penetration protion of the report p 133 (Score:5, Informative)
Predictive (the security company) broke in and documented abysmal security -- no firwalls, blank administrator passwords, other stuff that would make any script kiddie drool. The response of the B. of Indian Affairs was "naw, it's not that bad; you cheated".
So Predictive did it again. Got basically the same results. So after the
In classic Dilbertesque style, the Gov blames the messenger, says it's not really that bad (again) and promises to do a whole lot of nothing -- just like it has been doing for 10 years according to the special master's report you can click on here:
http://www.indiantrust.org/documents.cfm
This is bad. Real bad. Sad to say this judicial action was necessary. Sad.
Fraud & Incompetence (Score:2)
why the link? (Score:4, Funny)
Re:why the link? (Score:5, Funny)
This judge is one smart cookie, I tell ya.
Specific info on systems/applications compromised (Score:5, Informative)
With permission from U.S. District Judge Royce Lamberth, the special master's team logged onto computer servers, accessed databases, broke into Interior and Bureau of Indian Affairs networks, discovered they could modify and erase sensitive data and even created an Individual Indian Money (IIM) trust account in Balaran's name. All of these breaches occured repeatedly and with ease -- and all without being noticed, or even tracked, by the Interior's own computer officials.
Here's a rundown of how it happened.
Predictive originally planned a two-phase test of the Interior's computer infrastructure. First, it would try to access the system from the public Internet; and second, it would test the network from within.
However, the company soon found it could scrap the second phase because protections were non-existent.
"Early on in the testing it became apparent that it was possible to access the sensitive internal data from the Internet and that the internal on-site testing phase was not needed due to the lack of overall perimeter security," Predictive wrote in August after a first round of hacking.
Using widely available, and free, tools employed by hackers all over the world, Predictive tapped into a number of systems the Interior deemed "critical" to bringing its trust duties into the 21st century. These systems included:
Predictive was able to break into a TAAMS server because it had "no password." As a result, the firm could perform administrative, high-level functions typically not available to low-level users.
Also, Predictive could access TAAMS because the BIANET, a BIA network accessible via the Internet, had "blank" passwords. Through this vulnerability, the firm gained administrative powers that allowed it to access data stored in a TAAMS database.
TAAMS is housed on two AS/400 servers, made by IBM, in Addison, Texas. The servers, the database and all its associated logic (coded in dBase) are fully owned by a third party, Applied Terravision Systems, because the Interior failed to consider long-term ownership and development issues.
A so-called "legacy" system in use since 1982, Predictive was able to gain "complete access" to IRMS, which tracks leases and distributes payments to account holders. Weaknesses on the BIANET allowed the firm to see every IRMS account that has ever existed.
Predictive could modify and delete user accounts, meaning it could prevent authorized Interior users from entering the system and give access to non-authorized outsiders.
Further, Predictive gained "complete control" to an IRMS server because it had a "blank" password. The firm was able to copy files and create links to sensitive data to outside networks via standard and highly vulnerable Microsoft Windows capabilities.
IRMS is coded in Cobol 74, an outmoded but pervasive language, and is composed of six databases -- including individual and tribal ownership and leasing data -- that reside on a Unisys Clearpath NX server in Reston, Virginia. Reston is the location of the BIA's Office of Information Resources Management, whose controversial move from Albuquerque, New Mexico, was temporarily halted by Lamberth.
Additionally, Predictive found numerous problems on a number of systems, most of which are not specifically named because information in the report is redacted. The firm was able to access "sensitive" information including "gigabytes" of BIA e-mail, configuration files, log reports, and all usernames and passwords on an unnamed system. Many of these systems had weak password or no password protections.
Certain Interior computers were also running web servers, file transfer programs, remote access servers and other technologies that could allow anonymous access by outsiders. Other systems were prone to well-known hacking techniques, including denial of service, buffer overflows, "Trojan Horse" programs and Microsoft Windows "scripting" attacks -- all of which are typically preventable by applying readily available "patches" to fix security holes.
All of this hacking -- which took place between June 24 and July 8 -- led Predictive to conclude in an August report that the BIA lacks "basic security" measures. "Even if every security vulnerability in this report was corrected, BIA's overall lack of a secure network perimeter would still leave BIA exposed to additional risk," the firm wrote.
Predictive recommended the BIA implement such standard protections as a firewall and intrusion devices. Along with Balaran, the firm informed BIA of the numerous problems at a meeting with Brian Bowker, then-director of OIRM.
Despite Predictive's damaging report, Bowker indicated the company was successful only because he had "turned over the keys to the store." Balaran said he felt Bowker was trying to "discount" the findings, so he again instructed Predictive to break into the system on August 30.
It was during this time that Predictive created a trust account for Balaran, whose report is not specific as to which system was accessed to perform this incredible breach. Predictive was able to create its own trust data and modify existing data on an unnamed system, leading the firm yet again to warn BIA of problems and make a number of specific recommendations to correct the deficiencies.
no surprise here (Score:3, Insightful)
Wow...that's a long story.. not about MS (Score:2, Informative)
They have a bunch of IBM mainframes, Unisys NX, AS 400 etc. They had troubles with security in 1989 - from the report by Andersen's auditors. They had troubles with ecurity, backups, procedures in 1994.
They are plain lazy fucks.
DOI's security policy (cached from google) (Score:2, Interesting)
Technical Details (Score:2, Informative)
The District Court's web site has the (redacted) Special Master's Report [uscourts.gov] (PDF) which gives the technical details.
Whoever did the redacting didn't know much about the technology; it's frequently possible to infer what's been removed from context.
After reading the report, I understand why the judge ordered the networks disconnected from the Internet. If I were in his place, I'd have ordered the systems shut down completely.
The report is a case study in gross mismanagement of information systems; this isn't about holes in any vendor's software, but about people who, it seems, simply didn't care about data security or integrity.
This District Court page [uscourts.gov] has copies of the other recent orders in the case, too.
curioser and curioser said alice... (Score:4, Insightful)
Uh Oh! (Score:3, Funny)
the AC
3l337 DoJ h@xorZ (Score:2)
Site to be removed by slashdot effect (Score:2, Funny)
And in one of the finer details of the ruling, the judge ordered Microsoft to be implicated in a story posted to the popular hacker web site Slashdot, which would ensure that the government site would quickly be taken down by a measure known in the hacker community as the Slashdot effect.
Dang, if only.. (Score:2, Funny)
"Nobody ever got fired for buying Microsoft"...
Then we could say, "Heh, not just fired. Fired, fined and put in jail for incompetence".
Oh, and noticed a link in a post:
http://www.indiantrust.org/documents.cfm
Coldfusion? Oye Veigh...someone needs some serious beatings with a clue stick.
CF is a great app for creating webforms and webDB access, but it is a security hole in its own right (IIRC from people who use it and even love it).
My favorite saying about CF is that it is an excellent benchmark...It runs slow on *everyone's* hardware (that it supports).
Cheers,
Moose.
.
Please forgive me.... (Score:5, Funny)
Can I still bash Microsoft if I really, really want to?
I just couldn't help blaming Microsoft whenever I see 'Microsoft Windows' in the news roundup. This is something like complusory-anti-microsoft something, I think I've medical clearance to back my action. People in 'Anti-Microsoft Anonymous' recommends me to post in
Norton's behavior admirable, in a weird way (Score:3, Interesting)
None of which changes the fact that her lawyer is apparently a total weenie.
college debate topic (Score:3, Interesting)
We'll see.
Not everything is down, USGS-wise (Score:2, Funny)
Some of us have our priorities.
Is it REALLY so amazing? (Score:3, Interesting)
I found that the system I was in front of was primarily used to process permits for construction and the like within that county. It was open to the Internet (I did a full, nasty, in-your-face port scan and nobody blinked) and the hard drive was shared - to the world!
I was able to connect to the HD via SAMBA, from my HOME WORKSTATION! I bitched, complained, sent letters. They paid a consultant company something in the 6 figure range to do a "security survey" - and they recommended replacing the POP3 servers with MS Exchange!
I gave up, having other profitable ventures to go for.
But, do you think this doesn't happen like ALL THE TIME?!?!?
People, this is GOVORNMENT!
Re:Should a judge (Score:3, Insightful)
Re:Should a judge (Score:4, Interesting)
*That's* what I call abuse of power. This strikes me more as steps to help ensure that the carelessness of a dimwitted government agency doesn't end up hurting anyone unnecessarily.
Re:Should a judge [OT] (Score:2, Informative)
I work without a contract every day! I prefer to let my work's value set my salary rather than rely on my ability to to obstruct business.
You have to see some truth in the statement that unions only afford more protection to the mediocre worker than they do to the above average worker.
Re:Should a judge [OT] (Score:5, Flamebait)
Re:Should a judge [OT] (Score:3, Insightful)
To get success, you have to hire just enough good people, pay them well enough that they don't have to worry about the bills, and help them build a success-centered culture. Well-paid people with practically guaranteed jobs who go on strike do not constitute such an organization.
OTOH, when I want money I ask for it, and if I don't get it I go elsewhere if the market lets me. I do not -- and would *never* -- collude with my fellows to put clients/employers in a position where they have to knuckle under to me or go out of business.If those teachers in NJ were truly not being paid enough, they could go into business for themselves and people would line up to pay them better.
I swear, this is the last I'm posting in this thread.
Re:Should a judge [OT] (Score:2, Insightful)
1) The management is united and organized and it's in their interest to pay as as little as possible while making us work as much as possible. Unless we organize and stand united we will be victims of cost cutting and abuse.
2) By organizing we can prevent management from arbitrarily firing one us to hire their sister in law.
3) By organizing we can lobby politicians to listen to us instead of them only listening to corporations.
Forming a union is self defense. It's also the absolute best way to piss of a corporation management. When ever they hear the word union veins pop out in their heads and they round up the goon squad. If you ever get pissed off at a corporation try to unionize their employees. It's fun (if a bit dangerous because they might actually try to kill you) and they will definately notice you. Much better then sending them flame email.
Re:Should a judge (Score:4, Offtopic)
This is what happens when you disobey a lawful order from a judge. Now, the teachers may still be doing the right thing, but if you want to practice civil disobedience, you might end up in the clink.
Judges do not have the luxury of ignoring the law, or just saying "oh well" when people fail to follow their lawful orders. Again, this isn't flamebait...teachers may be doing the right thing by standing up for themselves, but the judge is also doing the right thing in enforcing the law.
Re:Should a judge (Score:2, Troll)
Bullshit. Constitutional review is a power delegated to the judicial branch. When they come across a "wrong" law (an unconstitutional law), they can declare it void. Now, I don't remember the specifics of the situation (if it was a state law, probably constitutional, or a federal law, pretty much unconsititutional), so I'm not saying anything about this case, but I have to play slashdot-whore and argue with the basis of your argument.
Re:Should a judge (Score:5, Insightful)
The power of judicial review is not "ignoring the law". Judicial review is the power to say that a given law violated the terms of another, "higher" law -- in the US, that's the Constitution. A judge cannot (or at least should not) choose to ignore a law on the basis of "I just don't like it".
The power the judge is exercising in this case, is the ability for a judicial or quasi-judicial authority (ie: a congressional committee) to hold someone in contempt. When one violates the order of a judge in a given situation -- that is, a case is brought before him/her, and in the course of that proceeding orders a certain thing to be done, or not be done -- and that order is violated, they can be held until such time as they satisfy the judge that they will comply, or until suitably punished. Yes, the power of holding someone in contempt is broad, with only the barest hint of restraint (many jurisdictions only allow someone to be held on contempt for a year or less).
This says nothing of the laws themselves -- where one is charged, tried, and formally sentenced to a given term in accordance with the law violated.
Re:Should a judge (Score:2, Insightful)
Indeed, but that is not a question for the judge, it's one for the legislature
Re:Should a judge (Score:2)
Re:Should a judge (Score:2)
The link you gave didn't answer that question, only an impassioned "human interest" story. I'd need a heck of a lot more than that to make up my mind on the situation.
Re:Should a judge (Score:2, Insightful)
Re:Should a judge (Score:2, Insightful)
A judge can put a person into prison for life or sentence them to death.
Ordering the turning off of all computers that are leaking personal sensitive information (a)the right thing to do amd (b) not nearly as drastic as some other things judges can order.
Re:Should a judge (Score:2)
Re:Should a judge..Did you read the Indian Trust? (Score:5, Insightful)
it's actually well past time for the courts to hold organizations whose systems are busted by 12 year old scriddies running "canned scripts" from Toolz sites
how would you feel if this were your families' or your companie's sensitive and/or private information??? Information about your 502 or your daughter's rape, or your son's juvenille arrest for possessing underage TeleTubbie Pr0n?
"Coupled with the judge's action were criticisms from members of Congress about the security failures. "The GAO told us five years ago that the fund was in shambles," said Rep. Jim Hansen (R-Utah,) chairman of the House Resources Committee, which has jurisdiction over Indian affairs. "Now we learn that a computer security system deployed in 1999 is virtually worthless," he said."
i don't think anyone on
...isn't it about time the direct creators, distributors and managers of dangerously insecure computer systems have at least SOME small legal responsible (and limited accompanying monetary liability)????
If the facts on the Indian Trust website ARE true, DOI (and Congress) have long been aware of the problems and have been ducking the bullet on fixing it...if this were my money/info, I'd sure be upset...
McDonald's.... (Score:3, Interesting)
It was the jury that decided that McDonald's needed to get a strong signal that its ongoing indifference to the harm caused by its actions would no longer be tolerated, and that huge punitive award (which was automatically capped by law, and further reduced on appeal) was an estimate of McDonald's profit on coffee sales for two days. That is hardly a burdensome amount - enough to get your attention, but probably something like $20-$50 for us. On appeal, the award was comparable to the change we can find in our seat cushions.
As for the DoI case, the court is pissed because one of the primary responsibilities of the court and its agents (which include every member of the bar, specifically including the Secretary of the Interior and her legal team) is to preserve evidence. You might get away with hiding evidence, but the fastest way for a lawyer to get disbarred is to get caught disposing of evidence. The government has clearly deliberately destroyed pertinent records in the past, but they've been claiming that's all ancient history that no current employee was involved with. Now we see strong evidence that the government, is indifferent at best, and deliberately trying to facilitate at worst, the destruction of additional records *today* which are required to determine the correct distribution of hundreds of millions or billions of dollars in royalty payments. Of course the judge is pissed -- and if the DoI drags their feet I would expect to see some of the lawyers hauled before disciplinary boards.
Re:McDonald's....Blood Sucking Liabilty Lawyers (Score:4, Flamebait)
since you seem to be defending a legal system that perceived as rampantly irresponsible by most Americans (in poll after poll*n)...to be precise, i wasn't dismising the McDonald's lawsuit, I was ridiculing it for illustrative purposes.
The DOI/Indian Trust case is not a product/contingent liabilty civil suit, you must think that all
People who support extremely irresponsible and irrational jury decisions, such as the McDonald's case, are costing everybody in America both money and opportunity, here's why:
1."McDonald's profit on coffee sales for two days. That is hardly a burdensome amount - enough to get your attention, but probably something like $20-$50 for us..."
THE SETTLEMENT DIDN'T COST MCDONALD'S ONE NICKEL, IT WAS PAID FOR BY MCDONALD'S ***CUSTOMERS***,
2. By encouraging people like that the person that sued McD, you create a society that values litigation over common sense.
I don't WANT to be on the road with someone who doesn't grasp that "coffee is hot". Like Stella Liebeck. I hope Stella (and her blood sucking attorney) remain objects of ridicule for every day of the rest of their lives. I also don't want to be on the road with someone who can't identify and manage simple threats to their personal safety.
"Consumer" Lawyers (contingent liability bottomfeeders specifically -- there are many lawyers who contribute to society and do great work for the poor and the needy) create an environment that discourages innovation and makes everyone American intelligent enough to grasp the (scalding liquids = personal danger) equation feel like the legal system is a bad joke designed for morons and con-artists.
Liability insurance add huge dollars to the cost of ***EVERY PRODUCT WE BUY***, it adds enormous costs to every startup company that wants to produce a item for public consumption/operation. When I bought my first Honda Interceptor I was trolling through the Owner's Manual and there in 20pt "Liability Lawyer Bold" was an instruction NOT TO DRINK THE BATTERY ACID!
Bob Heinlein used to have some of his literary characters joke that the standard you should have to meet in order to be allowed to reproduce was the ability to grasp and perform rudimentary integral calculus....I wonder what Bob would think about people who had be instructed that "hot coffee is hot" or "don't drink lethal chemicals"?
BONUS ROUND: Last year/b4 in Canada, some poor kid, during finals, had been on a classic "study to you drop" push, after a particular exam (Math???), he went on a drinking binge with his friends, got good and tanked (hadn't had much sleep/food for a coupla days)...sometime, early AM, he went to get a Coke from the dorm vending machine, he didn't have any change, so he shook the machine to loosen a Coke...didn't work too well, the machine fell over and crushed him to death (suffocation)....
his parents are sueing (Coke and the College) for big $$$$, claiming that Coca-Cola hadn't met the Canadian labeling laws for "dangerous machinery", by not providing an instructional label....they parents are angry and grief stricken and some a'hole attorney is looking to collect his 40-50% on their grief...Let's see; drunk, stealing a coke, shaking a several hundred pound vending machine with no one in sight, couldn't get out of the way in time...yeah, sure sounds like Coke's fault to me
.....
Re:Should a judge (Score:3, Interesting)
This isn't about a judge not understanding technology; this is about the DOI failing to uphold its statutory obligations so egregiously that thousands of people have been harmed.
Re:uhh (Score:2, Insightful)
Re:And, with USGS unavailable... (Score:2, Insightful)
Also, those 7,000 (IIRC) real-time river-monitoring stations aren't available to emergency services managers and other officials who need the data to respond to floods and other natural hazards.
I work at the USGS ... (Score:3, Interesting)
I'm sympathetic to the Indians. That accounting system has never been fully functional. And a lot of suspicious things, like fires that have destroyed records, have occured over the years to the Indian Trust. I'm heartended to see some positive progress behing made on correcting that horrible situation. The Indians already have it bad enough without this debacle making their plight worse.
However, the judge has done more harm than good by shutting the entire Interior's network access. As you pointed out, the USGS makes available the largest and most comprehensive repositories of geospatial data in the nation, and perhaps the world. Much of this data is free. And many universities, government organizations, and companies use that data; e.g., where do you think Rand-McNally gets its data to make maps?
Though I'm not as familiar with the other DOI departments and bureaus, I know that they, too, provide valuable public services that a number of people need to do their jobs.
Another angle is the impact on DOI employees. I can tell you I witnessed a number of people standing around the halls looking mystified at the USGS' headquarters in Reston this afternoon. We all depend on network access in some capacity to get our work done. In my case, it's crucial as I work with folks at the Mid-Continent Mapping Center in Rolla, Missouri. I was logged into one of their suns debugging some errant code when the plug was pulled. Most aggrivating.
(Initially I had thought that the network was down because of the Goner virus since the USGS has a history of shutting its network down when the system gets swamped by propogating virii and worms.)
cool, get to work. (Score:2)
Now that much of your work is halted, you should have plenty of resources available to fix the indian database problems. I feel your pain, but screwing up trust funds is a big big no no. Good luck fixing it. I imagine the holes were huge and from many directions for such a big order.
Hopefully, you will get some nice new software for all your desktops, non M$ of course. I mean, how many screen savers running are actually listening for passwords? How many Windoze computers were trusted by the servers? Getting rid of that stuff will be good for you and good for the taxpayers. =:> The world is watching!
Re:I work at the USGS ... (Score:2)
Re:And, with USGS unavailable... (Score:2)
Past history seems to be that if it is just an "Indian problem", nobody gives a damn about fixing it.